Very true, and a very good point

Assuming you didn't leave out VoIP or Video Conf equipment:

1. As above, take a CCNA course or find the materials. That will give you a good basis.

2. Read everything you can in regards to VLANs and how they work/best practices/management by hardware OS

3. Read everything you can about switch port management (i.e., access port vs. trunk port, again relies heavily on the chosen hardware OS)

4. Choose your hardware: If money is no object, Cisco is reliable but more upfront and much more for yearly support. HP ProCurve is a very good economical option.

a. Either way, use two stacked Layer 3 switches for core routing with Layer 2 switches for access layer.

b. For Cisco products, I'd recommend a pair of stacked 3750X's, with 2960 for access layer switches.

c. Save yourself pain later - have each access switch trunk to the core stack with an aggregated trunk, one port to each half of the core stack. (if half your core stack goes down, most of your network stays up. If one line/port of the trunk goes down, whole network stays up but speed may be affected depending upon bandwidth used)

5. Use one VLAN for infrastructure (i.e., switches, servers, printers, appliances), use one VLAN for workstations, use one VLAN for wireless if necessary.

a. Avoid using VTP, even if it seems like a good idea to you

b. Do all routing between VLANs on the core stack, access switch trunks should carry all VLANs however

c. Test the hell out of your config in a lab if you have time, lot less pressure telling them that the project is delayed by testing than telling them all work is delayed because you can't find the problem on the prod network

d. Thank god you get a test network

4. Once everything's built, configured, and running well - BACK ALL OF THE CONFIGS UP, and repeat whenever a config change is made.

Good luck, and you'd really better love troubleshooting problems with very little info to go on...

See, and that's the problem - the users know we monitor internet access via proxy (most don't understand what that means except for the 'Big Brother' boogeyman) but they still go to stupid sites and do stupid things. No matter how much we try to explain Smiley's and free screensavers and their dangers, we still get at least one request a month if not more because someone's too lazy to go to google.com to search (or yahoo, or whatever).

We monitor inbound/outbound traffic for viruses, spyware, malware and all that - it's not in the offices that we worry so much, it's when they're at home or sitting in a Starbucks or (god forbid) an internet cafe.

No amount of IT policies will stop users from doing something stupid that they've been explicitly trained not to do, it just gives the company a legal recourse to take if it chooses.

It has nothing with feeling important, it has to do with the fact we have much bigger projects and initiatives to spend our time on. It's absolutely useless to waste manpower on virus hunts and spyware/malware infections needlessly. Work smarter, not harder is a motto to live by in IT - and this benefits the users whether they know it or not, as they have generally zippier machines (as much as XP will allow anyway) and less downtime for stupid issues that can be very easily avoided by a little proactive configuration.

This IT dept is basically brand new as of four years ago - we've not only been supporting the global business, but had to redo practically all IT infrastructure in all offices as the previous 'department' was several college dropouts on helpdesk and network admin, with a sys admin who spent more time running his side business than being in the office. I can't speak to the previous helpdesk personnel, but the network admin and sys admin were oxygen thieves and just collecting a pay check while keeping the seats warm. As an example, four years ago when we came in there had been no backups of the main global file server in over six months, and no one had a clue there was an issue - they were just swapping tapes and continuing on with surfing YouTube all day. It was right in the backup software logs that nothing was being written to tape, we didn't even need a test restore to find out...

Don't worry, if you think every user needs admin rights on their machine in a non-IT industry, we don't want you

We have two Redhat admins that manage our few Linux servers (web and SAP) at the OS level - application level is handled by contractors or managed services providers.

For all intents and purposes, we have no internal programming staff. If we need something modified from it's 'off the shelf' install, we'll bring in contractors.

You got me, I should have said *nix under the hood :)

I agree there are some things Apple got right, but only due to Linux being under the pretty hood - however, unless/until Linux/Apple have the equivalent of AD+GPOs, enterprise management will be a nightmare.

Network Admin at a $1B company - all users locked down to User rights only, including the 3 private owners and their various family members employed by the company.

It's not whether your company is an 'actual business environment' or a smaller strip-mall style office, it's whether the owners/CxO's/BoD can be made to understand the detrimental effects of giving users unrestricted access to their systems, as well has having an IT Manager/CTO that can explain the dangers to them in non-IT terms.

It helps as well to have a base image for job types: Most workers get the base XP SP3 with Office 2k7, then we install SAP if they need it for their specific job. For the Engineers/QA, we have another image that also includes Visio among others, then install any specific apps they may need like Solidworks or CAD. We also have a large contingent of Mac users, and that's a whole 'nother kettle of fish, but we're working on very stringent standards on those non-enterprise nightmares (at least in a primarily Windows business environment).

And I agree with you, WP7 desperately needs to enlarge its App library - MS should probably seriously reconsider the $100 dev fee (or so I've heard). They need Joe Blow to be designing apps on their spare time a la Android Market, else WP7's App selection will look a lot like WM6's...

I'm a WP7 user, and very happy with my decision. I've used iOS, WM6, and Android - hated iOS and it's page after page of little icons, hated WM6 until HTC Sense (would have stayed with that on my HD2 if apps were coming out), and loved Android (HD2 and a Desire) except it began to feel like iOS+.

Metro is such a clean, fast interface, lets me see just what I want to see exactly when I want to see it. There's very little hunting/searching for something, as if I use it more than once per day I just pin it to the front page. It just fits extremely well how I want to use a phone.

Although I do have to say, if I couldn't have test-driven it on an HD2 I probably wouldn't have taken the leap to full fledged WP7 hardware. Kudos to MS for not legalbomb XDA from orbit when DFT released the ROM into the wild. If they continue to be smart, they'll let the mod community flourish they way they did with WM6 - that's the only thing that made the platform stay as relevant as it did, for as long as it did.

That is EXACTLY how my company is handling it - most users have been given BBs, but most of the artsy-fartsy graphic designers want iPhones. Since the smarter ones could figure out how to connect their ActiveSync we gave in and 'allowed' them on the server with personal phones, but they have to sign a waiver stating that they understand they must notify IT immediately if the phone is lost/stolen - additionally, they are signing that they understand that we have the ability and right to remote wipe the phone in the case of termination/quitting/lost/stolen.