Microsoft 1 manual Security, Software Control and Distribution, Documentation

Chapter 3: Change and Configuration Management 43

the user in the appropriate Windows 2000 groups and create the Exchange 2000 mailbox with the appropriate settings for that user.

Over time, your team will build a set of custom tools that are used frequently to administer standard changes. Those tools and others will likely be used for implementing larger changes. Treating these tools and procedures as configuration items and managing their evolution over time is another example of the close relationship of change management and configuration management.

Security

A very important part of effective change management is your security infrastructure. If you do not carefully control who is capable of making which change, you can end up with undocumented and unauthorized change occurring in your organization. You should always ensure that your administrators only have rights to perform tasks that they have been specifically pre-authorized to perform. In Exchange 2000 Server, administrators require View Only Administrator rights over the Exchange 2000 organization if they are to create and modify user accounts.

Software Control and Distribution

Updating software represents significant change. It can have a major impact on users, and as such it should be planned very carefully to ensure that the update has minimal impact on users. (Occasionally such a change may be urgent, and under those circumstances you will not have time for thorough planning, but you should still plan as much as possible).

In a multi-national company with distributed administration, one of the challenges can be to ensure that software updates are distributed as smoothly as possible. One solution to this is Microsoft Systems Management Server, while another is to use the software assign- ing and publishing functionality of Windows 2000.

Documentation

Linking all of the change management process together is the very strong need for up-to- date, complete, and accurate documentation. Without thorough documentation, many of the benefits of change management will be lost for your organization.

Thorough documentation is invaluable when implementing recurring changes. One of the main benefits of thorough documentation is that it can turn major or significant change into minor or standard change. Many changes are major or significant simply because you have never made them before. But if you have, and you have documented standard proce- dures that allow you to avoid downtime and periods of poor performance for users, it may allow your IT executive committee or change advisory board to pre-authorize that change for the future, significantly reducing the number of steps required to make the change the next time.

You should ensure that entire process of change is properly documented in the change management log. The log contains information about the change, including RFC status,