If you are doing / not doing this stuff, you should reconsider your position as a SysAdmin / IT Director
Adding public
DNS servers to domain joined systems
Not having any Windows update restrictions on workstations and just leaving auto update.
Not doing updates on servers for YEARS.
Not using GPOs
Not using MDT, or any automated deployment.
Abusing the email as a ghetto collaboration system, so that mailboxes burn 50GB in a few months
Not using VMs.
Not using ticketing.
Using excel files for password management.
Not using
DNS and just hardcoding IP addresses everywhere.
Don’t know any security, so they often get hit with ransomware because their client machines, DCs and backups are all mixed together.
RDP-ing everywhere because they never heard of RSAT.
Not documenting anything
Default passwords. Printers, cameras, specialized equipment.
Implementing flat networks without any segmentation because “VLAN's are hard”.
Loose firewall rules, not auditing firewall rules, not providing detailed comments within firewall rules.
EVERYONE GETS LOCAL ADMIN
Not implementing monitoring or syslog servers.
Not using password management. Not setting up self-service password reset