Teach me to be a small-time Windows sysadmin

10 users seems like at the break even point between the time spent in getting remote management working and the time spent just fixing problems as they come along. Do you have access to the domain / active directory server? Your best bet is to store the user profiles remotely on a server and make sure you image with ghost every night. The best option, if you can swing it, is run a http://www.ltsp.org/ live disk and Windows Terminal Server, or if you're really feeling pioneering VMWare View 4 (formerly VDI). All of which is super-cheap with educational licenses.

I'm a primarily a linux/unix sysadmin, so I'm kibitzing, but you're leaving out any sort of backup strategy from your list. Have on-site and off-site backups, preferably automated. Have a retention policy, so you and everyone else will know what can be recovered and how far back you can recover them. Test your backups, so you won't be unpleasantly surprised one day. Remember that the backup is also one of your tools for any sort of virus infection -- it'll save time and effort to nuke the machine and move on. Windows Updates: google for WSUS. How well you can use it probably depends on whether you have a Windows Server box lying around, and whether your 10 workstations are in a domain (with the corollary that these machines are "Professional" rather than "Home"). Similarly for managing group policy across all your boxes: I believe you will need a domain controller. You may want a Knoppix or Ubuntu boot CD in your toolbox. It's handy to be able to boot into something that's Not Windows in order to see if the problem is with Windows or with hardware, and to do certain tasks that are harder to do in Windows, etc.

You're a student, probably with ample free time and working for peanuts. The most expensive part of automating this stuff is learning how it works. Take this as an opportunity to manage 10 computers from your batcave, to further your own professional development; think of it as paid training. If they didn't want things to fuck up on occasion they'd hire salaried employees. The basic Microsoft tool to install and manage computers is Active Directory; if you're asking this question you probably don't have one set up yet. You have one server set up as a Domain Controller, make both computer and user objects, and set the other computers connect to it. From there, you can write "GPOs" to distribute changes to computers. gpedit lets you create group policy objects (terrible name), but doesn't handle distributing them. For that, connect to (remote desktop or the admin tool) the Domain Controller, where Active Directory Users and Computers will let you drag and drop GPOs into management units, ie the folder that holds a bunch of Desktop computer accounts. When the computers connect to AD, they'll see the new policies and apply them. Personally, I manage servers (Windows & Linux), so I'm not familiar with desktop aspects. I believe that you can use GPOs to install 3rd party software, and I know you can use WSUS to update Microsoft patches. On the server side, I like having Process Explorer installed, since default tools are junk. Maybe figure out how to install Adblock Plus or other plugins systemwide? About system images: a friend of mine is a university IT tech, and they Ghost new images pretty often in the process of diagnosing problems. I'm sure their employees hate it as their local personal data disappears. The admins maintain a clean image to copy over, and every so often command the army of student workers to reimage the building. They just keep one golden image around and try to make sure nobody's too far off the curve. You can see the problem with that; you never know what's on a given computer reliably. Which is why larger installations manage computers via AD or novell etc. The good news is that Microsoft pretty much gives this shit away to universities. Ask your boss to requisition a copy of Windows Server 2003 or Server 2008 and they should be able to find a site license.

Use https://secure.logmein.com/welcome/get_logmein_free/signup.asp to administer the machines from one box.

Great answers so far; thank you! With regards to pwnguin's quite helpful and in-depth response, the problem with such a setup, as I understand it, is that it would reduce the number of usable computers by 1, since one of them would need to be a domain controller that only I touch. Given our small number of computers, I'm not sure that'd be worth it. In combination with chengjih's answer, though, it does look like an AD/Directory Server/domain setup is the way to go... hmm.

Can you give us a bit more information about the computers you are expected to manage - things like: Who will be using them, what applications will they use, are the users expected to install things, etc.

Computers are cheap. Dirt cheap. For a ten computer / account AD server, you can probably run the damn thing on a netbook (cheap, and built in battery backup!). Except I wouldn't rule out Microsoft software refusing to run. You work for a college; there's invariably surplus you can hit up. Find some old dilapidated spare and you're fine until your boss finds the budget for something that won't fail.

TravellingDen: about 100 students are the potential users, although in practice most people use their own computers. They are fairly recent (1--3 years old). The idea is to install all the software ahead of time, so things like Firefox, Microsoft Office, LaTeX, Mathematica, Adobe Acrobat, some codec pack or probably just VLC player, etc. Typical uses include watching TV shows, browsing the internet, and doing homework. Users should save their files to either the network file-share or to their own personal USB sticks. Think that covers it?

Stop trying to figure out the whole thing if you don't know what you're doing yet. For the first 3 months go through this workflow: 1) Boss/Coworker asks for help on something 2) Research what you need to do 3) Do it. If you've done it twice, document how to do it. Have someone more experienced look at the doc to see if you're doing it wrong or inefficiently. Learn to document clearly and in idiot-proof steps. Take a technical writing course. Make sure someone on day 1 can read your docs and get stuff done. 4) Repeat While you're going through this, learn how to script stuff. Seriously, scripts are force multipliers and sanity savers. Scripts are the surest thing to move you out of the beginner phase. Your workflow now becomes: 1) Boss/Coworker asks for help on something 2) Research what you need to do 3) Do it. If you've done it twice, document how to do it. Have someone more experienced look at the doc to see if you're doing it wrong or inefficiently. If you've done it three times, script it. Have someone look at your scripts to see if you're doing it wrong or inefficiently. Update your docs to reflect using the script. Leave in the manual way in case your script breaks. 4) Repeat After another 3 months of this it's time to start looking at process improvement and doing things beyond your job requirements. Make sure you a) justify any changes to the status quo with data, b) note your reservations once and professionally if your boss shoots you down on it for any reason then let it go, and c) clear every last one of these with your boss. I realize this is a bit more general take on how to be a good admin, but doing the things here gets the silly stuff documented so you aren't researching all the time, giving you more time to script. Scripting gets rid of the time investment in fixing known problems so you get more time to figure out the hard stuff. This lets you learn. Also, see if you can score an MCSE or MCSA. Like most paper, they're utterly worthless after you have experience, but it can jump start the newb to having starting points on new problems by forcing you to imbibe knowledge. As always, remember your first job is to fit in. Your second job is to have your boss's back. After that, it's all gravy.