It does depend on both the need and what you have available.
We upgraded virtually all our desktops and backend equipment to new stuff 5 years ago. To get that done, I did a combination of contracting with a local IT company and getting a couple of guys in the church who had the specific expertise of setting up the desktops.
I am a one man shop, too. Sometimes I contract some of the work out to ChurchNetwork peeps or sponsors and sometimes I get help locally. I also seek volunteer help from members but many are not available during the hours I need help. In summer, I pay for a high school student, 20 hours a week for a few weeks out of my budget to recycle old machines and run cables. One of the things that made my job easier was to upgrade all the PCs to better grade PCs. I also did some training on clicking links or opening attachment on email. Not everyone gets it but it saved me a ton of work trying to fix stuff. Also upgrade to a better mail filter.
Though not free, there a few firms like ours that can help. The benefit is that you’re basically expanding staff on an as-needed basis, and you’re doing so while also tapping into the wisdom and knowledge we’ve gained by working on a large number of church and ministry networks.
We are MBS, but there’s also BEMA and Enable.
IMO there is no substitute for individually recruiting and involving people
in ministry. In this case, a couple of these folks had volunteered or
worked in the audio/video ministry and I built a relationship involving
myself in what they were doing as well as on other levels (one played on
the softball team I captained). I actually formed a Technology Task Force
to help me make the strategic decisions on what met the church’s needs
best, given the requirements and options available. So, most of them were
motivated to help with the implementation, because they were involved in
the decision making and implementation planning process.
Automation, automation, automation. Config management, staff training, and standardization also go a long way as strategies to reduce the load. Spending on software that allows for automated resolution of issues or requires less maintenance is usually cheaper than staffing and will typically scale the best. That being said, sometimes you just need extra hands for something so hitting up an IT company for a project makes sense.
I do a lot of automation and config management to slash problems (kind of have to in order to get the benefits of scale). For example, pushing out Wazuh helped automate a lot of manual scanning to comply with PCI DSS. We also were able to notice certain metrics and leverage our salt master to push configs out to address issues (like seeing things we could do in the application filters to cut down on website shenanigans)… largely automated, just flop a state down in yaml and apply the state to systems. Veeam is another example where it provides automation of checking that the backups will restore.
On the workstation level we automate anything that is repetitious or could be resolved based on a monitored trigger. A critical service you need stops running: backup, remote login, print spooler, or whatever else is important in your desktop environment then let the RMM restart it. New computer added? Automate OOBE (or an image if your environment warrants it), bootstrap to the RMM, and let it start standardizing config with AV and all the standard programs. Use OneDrive auto save? Have the RMM deploy a script to configure the registry settings for storage sense to keep things from being stored on the device forever. The best way to start is to just look at trends of where you end up doing the same process or encountering the same issue repeatedly and see if you can powershell that problem away.
There’s all kinds of little pain points that can be minimized via automation like that. Before you know it, you’ll find yourself with a lot of time on your hands… but it does take quite a bit of front-loading work for a little while.
A lot of the problems I had to deal with on a daily basis at the School I was able to solve with standardization - but the only practical way to roll that out was through a consistent imaging and deployment system. We went with SystemCenter because it was effectively “free” for us, but pretty much any competent solution will do.
Rather than running around to chase folks down to get their machine and install software, we had a self-service software library. Since all the machines were the same and used redirected desktop/documents, when a device failed rather than having an emergency repair or reload all I had to do was check out a machine from my spares pool to the user and their old machine would get checked in for repair.
Then, frankly, the other way I managed my workload was by saying No a lot. People would commonly ask IT to do labor intensive work to save a couple dollars vs. buying a proper solution that would both be more appropriate and long-term supportable. Rather than spending hours refurbishing old, outdated projectors when they failed we’d just buy new or run the broken unit over to the warranty center. We didn’t support user printers except where privacy required it (principals, finance, etc.) and only supported quality hardware.
tl;dr: not spending money isn’t the same as saving money. Spending money on quality hardware means less time spent doing end-user repairs, and less time they can’t work. Spending time/money on automation means less time coordinating and performing menial tasks. Spending time/money on training means less end user support. Etc.
When transitioning to standardization, how did you pick the computers to build that standard around? Did you talk to the manufactures or VAR to find models that wouldn’t be phased out in the next 6 months?
I haven’t found the variance between generations of a model to be hugely important as much as getting consistent builds out in the field. If you want machines that will be consistent through the entire refresh, those are also available but you often pay a bit of a premium - for example the Dell XE Series.
To follow up on the automation theme - if you aren’t familiar with End User Computing (EUC) it’s a strategy to treat PCs more as appliances. With mobile devices you have a ready analog to relate to. Deploy lightweight images, dynamically provision apps as needed, store all user data in the cloud or at least centrally. PCs are disposable appliances. Need to deploy/replace/repair a new one? Can be done from bare metal in minutes.
VMWare has an excellent suite that provides a very turnkey solution but you can do a lot of what they automate yourself if you are so inclined or have more time than $$$.
I’ve been following Brian Madden for years - he took a sabbatical a year or so ago and came back and decided to lead VMWare’s EUC efforts - a good catch for them. Here’s an excellent video of him talking about EUC:
Something I’ve been doing with various amounts of success here and there but now it has a name at least