hello my name is jason miller founder of aspen app solutions and we're about to unlock the power service now i'd like to start off by thanking all 3 297 subscribers in over 80 countries globally if you believe in transferring knowledge those who need it most please click subscribe your user data will not be transferred to anyone outside of aspen now without your consent hey everyone how's it going just published a video yesterday on uh eight reporting features that people forget about in orlando just want to highlight it here and there's a couple other goodies that i published lately and today's topic that we're going to be discussing is 10 items to look at on your first day as an admin orlando and what prompted me to talk about this or do a youtube video on it was that recently um had a couple of clients where i had to unbox from scratch a new service now stack or set of instances with dev um in a test environment and i thought to myself you know something um this would be great to discuss um also with the current events around the world a lot more organizations are going to cloud so it looks like it's just gonna fuel that secular trend of moving things into the cloud so um i compiled at first five things and then the list just kept growing so i capped it at 10 but there's a bunch of things that if you asked experienced administrators or servicenow developers out there that they would do this was just my take on it because i was guiding a brand new set of customers through this process um and also in the past couple of years i don't know two three years i've taken over work where i didn't have a chance to interact with the previous developer so that can make things kind of interesting too and i'm sure there are a lot of developers out there that can comment on their experiences too so let's just uh let's start off with high access so if you have a brand new customer they might vaguely know what high is so high is basically where we go um to log tickets so we're having a problem with our instance it's 24 7 supports we can also go in there and look up kb articles any sort of known errors trending topics etc but the takeaway from this is you want to make sure that you and your customer have a plan for who is going to be calling hi if there's a problem you need to be listed in there i can tell you from personal experience if your name is not in there somewhere that uh you know they're gonna say hey look we need to get someone on the line perfectly valid right and uh i just logged in recently and i just took a screenshot of this is the lower left hand corner and what you'll see here is all these different lists here of you know who's the primary support contact versus technical contacts and um you know who gets the communications and notifications etc this is something you want to work out on your first uh excuse me sorry about that didn't mean to flip that slide this is something you want to work out pretty much on your first day i would say and say look you know probably your most tactically experienced individual needs to be in there and hi so that way they can talk to the people at servicenow moving on after you work that out you're going to want to define who your admins are and also your security admins and i think that the second part is worth noting because remember that you know like if you need to do stuff with acls there's some stuff where you have to elevate your role as a security admin and when you start out with that system administrator that's going to be the only secure sec admin that you're going to have in there so that sec admin uh excuse me that yes excuse me the system admin will have that sec admin role so if we take uh just a user here that we create let's just say jimi hendrix is going to be our admin one thing we're going to want to do is you know we'll click into the user's profile now how do we get to this user we're going to type in users right here we'll see it under system security or user administration i have both starred right here pull up the individual's name and then we can go into the profile and then we're going to want to give them roles so i'm going to hit edit here on the rules related list and your related list setup might be a little bit different and then um i'm going to give him admin and sec admin now you're probably going to say well didn't you forget to do something at least the more experienced people will say that and yes i did and i did that on purpose so i'm going to give him admin and now i'm going to go to security admin and now we'll click save and wait for that to come up it's going to give us a whole bunch of business rule notifications there and we're going to have a whole host of roles here and now let's scroll down and we're going to notice that sec admin is not here or security admin isn't there why isn't it there because you have to elevate your role in order to do that so i have security admin or sec admin the way i know that is that elevate roles is right here underneath my name i'm going to click on the sec admin i'll click ok now i'm going to go back over to jimmy's list here for the roles and now we'll hit edit and this happens all the time where someone will come to me and say you know i gave someone so like admin but it's not coming through or sometimes it won't show up at all and yeah you just have to elevate your role there so my apologies that the instance is taken a little bit here but as you can tell i have a couple of different tabs open so let's type in sec admin let's give them the role and we'll hit save and now we'll scroll down in our list we'll wait for this to load down here and we'll see if we can find sec admin and sure enough it is right here fantastic okay very good so now that we've given our admins what they need in terms of their roles we are going to create update sets for admins now my personal opinion on this is i don't care what environment you're on like when you first start out you're only going to have your development environment if uh you're really moving at a good pace maybe you can get through dev test and prod in terms of setting up who is going to have the admin roles and you know best practice isn't to give admin to everyone in each of the instances meaning dev test and prod i mean don't give them the keys to the entire kingdom um but i have been in operations very advanced operations where we're doing solely custom applications where we where all of us had admin um and sec admin in all three of the stack now some people would say that's nuts but you know when you're working at a in a very high paced environment with very very experienced developers you know sometimes you know that's the way it rolls right so in order to set up our uh local update sets you can type in cal space update or you can do l space update and then local update sets will come up you'll see something like this you'll notice a new button when you click on new it'll bring you into a screen like this i already have it set up so that way we don't have to burn a lot of time here now i'm going to click submit and make current and now watch our update set picker right here we'll hit submit and make current and now when we make it current what will happen is it'll run this business rule and it'll change it to that update set now you're probably saying hey look jason i don't have that on my screen great point if you don't have the update set picker on your screen which you won't initially you're going to come down here to developer you're going to click on this one for the application picker but then this one for the update set picker and the difference between the two is that this one right here is your application picker and then this one here is your update set picker when you click on this page it will take you to the update set itself in your related list right here you're going to have your customer updates and whatever updates that i make will be listed here and then here is a list of all of the updates that's when i create update sets generally i'm going to put my initials and then i'm going to put the substance of what i'm doing right here so this one is going to correspond with i don't know the video topic right so 10 admin items that you should know on your first day the next thing that we'll do is we'll take a look at roll allocation now i'm going to look at role allocation if i'm taking over for someone else because there are going to be times when um you know in your career that we have to take over for someone else and you will not you know ever have communicated with them and sometimes that's just the way it is for different reasons look i'm not saying that they got fired or anything but or that you know the organization doesn't want you to have contact with them but that could certainly be a possibility and i've been in both of those situations so you're going to come right in here you'll type in e allocate or allocate whatever right here like i have filtered or if you want to do the entirety of it you can roll allocation again i made this a favorite it'll bring you into a list like this is a report right so you're going to be in this report it's out of the box it's going to tell you you probably want to focus on the admin ones and see who's got admin and then also who's got sec admin you can open up this list just by clicking on one of these little chevrons next to it and it'll tell you the names and everything and you know a lot of times i'll ask you like um hey who's got uh which roles right so this is where you would find that information out of the box pretty handy report i'm good to review every once in a while probably the next thing you'll want to do and maybe even before that role allocation report will be to go into your instant security dashboard while you're where you will perform what is called instance hardening so if you haven't been through instance hardening um sorry about that extra tab there um when oh you know what i know i had that tab there and let me move this over here um instance hardening is just making sure that your instance is secure you want to make sure you don't have a low score like this the 78 right here in order to get to the instance uh or the security dashboard so security i type in ce sec and it says here right here um instant security center and it'll bring up that dashboard and then what you'll do is click on this number right here kind of looks like a performance analytics setup doesn't it and that's pretty much what it is you're going to see here my list is kind of messed up i have like these breakdowns here or whatever by day i think i think i was messing around with something you probably won't have that what you'll have is at the very bottom here you're going to see what's compliant and you're going to see what's not compliant one thing you're going to want to kind of be careful of is like you see how i scroll here if you scroll here it will change this number throughout the the timeline so i just i'm going to click on the five right here it's gonna bring up the list of the five um it'll probably bring up the additional ones but you see right here today four plus one that would be our five i can click on the number four and then it's gonna bring me into uh this analytics hub layout and then we're gonna see our four appear um after we click give me one second here and my apologies for it being a little bit slow i tried to set a lot of this stuff up so that way wouldn't have to sit here and muddle through it but if i click on show records we'll see here are our four items now one of the great things about this is that if we click into one of them it's going to tell us the steps and everything that needs to occur this one like disable entity expansion it's going to tell us what to do so even if you're not a hardcore developer or this is your first time all you really have to do is click on configure and come in here well i'm getting record not found for whatever reason for that one but i could i could probably um try another one here we'll see if it does the same thing click on configure now if i can't find it what i can do is i can go to the sys property list see sysunderscore properties i can look it up by the name and then i can do whatever it is that you're that it's telling me to do so i think for this one it wants me just to change this to true and we'll hit update then i can go back to the lists right here we'll see if it updates and i'll update or excuse me i'll refresh the page and then i'm going to come down to our little performance analytic analytics indicator and then sometimes at least what i experienced uh past couple of months when i was doing this setup was that it didn't change the score immediately i had to hit refresh and we'll see if it does that if not no big deal we can we can move on but basically your goal is going to be to make sure that all the mandatory ones are knocked out so if we take a look at that list again it'll break it out into three and we'll just give it one second here to refresh this thing okay so it doesn't look like it's moving the number up based on that we'll see if the same number is there and we'll come into hardening again and i'm going to scroll all the way down to the bottom [Music] all right so let's take a look here so it looks like i only have four non-compliant that's wonderful and again you know click on and see how when i moved it back a couple of days it went back to five this is what i was talking about so um just make sure if you're presenting it to someone that you're not doing that they're like whoa we're still non-compliant um you know you have four right here so just remember that you're going to have three here mandatory three i guess tranches if you will you're going to be mandatory recommended and optional my goal has always been to have this 100 this uh you know 95 and probably this around 90 95 but it's just gonna depend on your customers preferences so uh just keep that in mind then the next thing is you know you're going to want to set up your update sources and i call it retrieval for short but basically if we go in here and we type in esources if you haven't done this before uh you know this might uh be new to you i know there's a lot of developers that like to move their update sets um just by exporting into xml i'll be frank with you i like setting up retrieval because i don't want to have a lot of xml crap on my machine because it makes it run really slow over time so if i were to click in this test instance this will show you how to set one of these up basically so if you click new uh let's just back up one second if i click new it'll bring up a screen like this you'll type in the name of the instance you're going to tell it like it's a development test or production you'll put in the url and then you wanted the username or password to this one here not the one that you're currently in but to this one on the url and let me tell you something you're probably going to want to do this with someone else on a screen share when you're setting it up the reason why is because if for some reason the password doesn't take it's going to lock you out of this instance right here and that's happened to me before also um another coup a couple other things about this screen again this is your import from update set from xml a lot of developers they like to just import it manually i don't really agree with that i like to just do the retrieval because then you can run the preview automatically and it will bring everybody's update set in at one time but you know just it's your organizational preference right um here's where you run the retrieval if i try to do it now it's going to give me an error because that url doesn't exist anymore and also i added a couple numbers in there um so that way we had a fake host basically then later on down the line you might get asked by management say something like you know like our configurations are off um we need to see what's going on between the two instances because you want to achieve some sort of data sync just remember that there's a difference between you know configuration and data right configurations are things like you know when you do a business rule client script whatever something's captured in an update set and then pure data is stuff like you know user profiles or records that are created in the incident table things of that nature so you can run this compared to local instance and i think i had an extra slide or two um somewhere maybe it was back here that can show us yeah let's see if i have a supporting slide i do so when you run the compare to local instance you're going to see something like this happening where it says process blah blah blah versions and then you're going to be brought into a screen and then the header there's going to be the information for the instance and then down here it's going to tell you a number of on the remote not local and then on local and not a remote so kind of handy you know because sometimes they'll ask you that stuff and it'll catch you off guard and you'll be like well i don't know really how to get that number that's how you would do it so you'd go to like your production instance because generally they're going to want to know what's going on in prod versus the other environments but if you think about it let's say you create something that the customer wanted like a client script then later on they say they don't want it i can tell if i worked on something for a while i'm not going to delete it i'm just going to mark it in active i'm not going to carry it up the update set i'll probably or up the stack via update set i might put in the default profile but if there hasn't been a downstream clone to go ahead and nuke that thing then you know it's it's going to be sitting there there will be a difference between the stacks so if you didn't catch all that don't worry about it just ignore that part we'll move on to the sysid data sync now one thing i like to check is whether the especially the users and the groups are the same from between dev test and production now i'll note again some customers they don't want production data down and dev or test for whatever reason however i will say this like your testing gets infinitely harder because you're constantly using test users you're going to have to impersonate them there's just a whole host of issues that can happen so one thing i like to do is like we we have our jimi hendrix profile here i'm gonna be in the instance uh the lower subproduction instance like that ever test i'm going to right click right here on our user i'm going to copy the cis id then i'm going to go over to test or prod or another instance i'm going to find the same user first thing i'm going to do is take the one that i cut and pasted excuse me cut from dev i'm going to paste it right here on prod and i'm just gonna take a look at like the last four or five like 1996 right here then when i go into prod and i find the same user i'm going to right click and copy the sys id then i'm going to paste it paste it in another field and just spot check that's all it is you don't do it for every user but i'm going to pick out a couple of users in a couple of groups and just make sure when you're creating data right like users and groups you're going to want to do it you know either in dev or prod depends on how your organization works but if you think about ldap right i always go back to ldap if you're going to do an active directory integration with servicenow where does that reside generally it's going to reside in production so that's where you're going to create your user so you just want to make sure that um your users have sent like there there's data sync between the environments if you can help it if your customer doesn't want it you know you don't need to fight them on it but this is one thing to look at to make sure that you have data sync you don't want to go in there create a user here hit new create jimi hendrix and then go into your production instance and then create another one if you're trying to achieve data sync i hope all that makes sense um i don't know i had the sla definitions up here i think it was to prove that if we were oh that oh how cis ids work with like groups and stuff and basically the key is like if if you want to make sure just show your customer how society works um one thing you can do is go into you know like an sla definition or something like that that's it do let's do it in like human resources maybe that'll be a good one well i'm already in this one looks like it's underpinning contract but what i like to do is just go in here put in the start condition oh see like assignment group is whatever here it is empty but maybe we can put um an assignment group in there and let me see if i can find like an aspen group there we go and now i want to save this right now what i'm going to do is i'm going to change my scope because i think that's in global i'm just going to pick a random scope like change management because this one i believe i don't think i have the app scope up here but i'm going to reload the form now watch what happens down here to condition builder so condition builder is going to tell us a whole bunch of stuff that's going on but typically what will happen is we'll see some sort of like sys id action going on down here and you can show them that like hey look it's using the sys id so that's one thing to consider there but sys id and data sync that's very important uh con that's a very important concept to understand there okay email properties so this is one that can uh really make you look bad if you don't know what you're doing so you'll find email properties you just type in email scroll all the way to the bottom you'll see here system properties here's where email properties reside you're going to see here email sending enabled email receiving enabled this is where we turn on the functionality for the instance to send and receive email now just remember that and i want to show you in a second another one of my slides coming up here is going to show us how we can prevent our prevent us from hurting ourselves one thing i wanted to note though before we move on from that is our email accounts link right here so if you bring this if you click on this it's going to take you to a screen like this this is where you can set your email account up i put in your aspended solutions you can put the from right here whatever it is that you want the organization um wants set up in terms of their user label etc before you hit save remember if you take away nothing from today take this away before you check this box especially the sending part you want to do one thing and that is you want to check the out box i can tell you this is many moons ago someone just hit the checkbox and they hit save wonderful they didn't know what was going on well i can tell you they didn't check the outbox because in the outbox there was fifty thousand email messages that were marked ready so that's what you want to do is you want to type in outbox here and click on this link you're going to find you're going to filter for all the ones that are ready now if you're in a sub production environment you just want to get rid of all that crap a lot of times you'll change it to a different status um i think there's like ignore something like that yeah ignored that we can put it into i generally get rid of them because it's all test data anyway and i don't want it mucking things up but anyway they were impersonating the cio and using that as the email person and then they opened up the outbox you know it's just continuing on that story many moons ago and uh yeah there were like 50 000 emails that got sent out just killed that server you know the outlook server so uh just remember check that that out box right and then you know if you're coming into and this isn't day one stuff necessarily this is day one if you're taking over for someone else go check those updates at some prod and what i mean by that is you want to go to local update sets you want to find all the ones that are complete that are not a default set right so the default set is obviously the one that um that's the main uh update set that's out there out of the box you know i also refer to it as kind of like the trash bin if there are any updates that i want to bring up the stack i'm going to go ahead and throw those updates in there so i have here the application global these are all the update sets that i've moved into the instance from a remote instance and they are marked completed and what i'm going to do is market ignore now this is only for the ones that are in production remember we have to be in the production environment we have to commit it it's going to be more complete and then at that point um it will market ignore so remember it's after you commit it in production um and you know write that on the chalkboard 10 times or however you want to remember that and then you want to market ignore the reason why is because later on when you're doing cloning or downstream clones from your production instance down to the subproduction instances it's going to make a difference a huge impact in terms of the amount of time it takes to clone that instance basically you don't want all that garbage coming back down at you is the gist of it um you don't believe me on that one go take a look at the servicenow documentation i can tell you it's the third bullet point from the bottom on the update sets page in the servicenow documentation pretty helpful little tip there so let's just review today what we went over high access who's going to get what and high or listed there so that way you can contact servicenow support who are going to be our admins or security admins set up our update sets for admins especially for the people that don't have any experience want to make sure that we capture all the configuration changes especially if they don't know what they're doing if they create something by accident that's detrimental we can go that update set and then you know go take action on it um i don't know i had this twice here role allocation uh was the report that we wanted to look at the instant security dashboard we want to take a look at setting up retrieval our email properties we want to check the out box and then lastly when we finally get stuff into production or if we take over an operation for someone else want to take a gander a prod mark everything that was completed to ignore so that way when we do our downstream clone later on it doesn't come back at us know that a lot of you are probably experienced admins watching this but if you did learn something please click like my name is jason miller founder of ask for now solutions and we just unlocked the power of servicenow [Music]