Hopefully this won't get closed as too vague or too duplicative but here goes anyway...
I recently started work with a small company (25~ people). First up front is I am a developer and brought in to really start providing them with strategic business applications / website development. Obviously being the first nonfreelance developer to be included with this company I am also given the generic IT/sysadmin roles also.
Currently there are only 2 servers in the office 1 being a file server / dns server / domain controller and the 2nd being a VPN server. Our website and databases are hosted by 3rd parties. Eventually on my list will be moving to a dedicated server since it seems that it wouldn't be worth the cost of routing to have any big bandwidth to this building (besides there no real server room in our offices anyway.) Also on the list will be the addition of a couple more servers to provide development, testing and staging environments as the software evolves that it's needed.
There is already atleast the basis of disaster recovery implemented with automated backups and a DAT storage system for archiving backups. All of the desktop machines are wired into the primary server with active directory however all machines still use local storage and various random software across the machines.
I assume the best starting point is to work on creating network profiles so in the event of a client machine failure there is no data loss. My other thoughts are on creating a system image that has WinXP Sp3, Office, etc all sliced and fully upgraded in it so machine provisioning can be done much easier. I'm not sure how licensing/CD keys come into play with that route though.
What type of tools or knowledge sources would offer me alot of aid in these directions or what other ideas do you all have?
I would start off first with figuring out what business objectives you hope to achieve.
The example of disaster recovery is a good one. What happens if a user is storing files locally that aren't backed up? There is probably a cost there...if it is a document that took them weeks to make, there is a clear cost to the company.
So come up with a list of those...things that will either save cost, manage risk, or increase revenue (those might be harder).
Then set up a plan for wanting to have those resolved by, and get stakeholder buyin if necessary.
That way the focus of your efforts is easily tied to a business case so people won't feel you're making changes just to change things, and of course then also your activities directly benefit the bottom line.
Once you have your list of goals, you can investigate each of those in turn with more narrow questions here or through other research.
A note on licensing, since you brought it up. Don't bother trying to sysprep and deploy an image with an OEM license, if that's what's been used. Sysprep is not supported for OEM licensed copies (of XP, at least). Tho if someone's found a way around this (other than fudging it with MSDN license keys), I'd be happy to know. ;)
Here's what I'd do:
Test the backups. Find out about a few things that would be disastrous for certain people (your boss is a good start) to lose, and then demonstrate (to yourself, at least) that you can restore them.
Get that virtual server asap so you can bring a second DC online (or dcpromo the VPN server). There are few things (lack of retrievable backups is one) sadder than a network with a crashed DC. A lone DC is a house of cards.
Test the backups.
Get a monitoring app. This will promote your hero status when things go down and you have them fixed before anyone realizes, and greatly aids in troubleshooting (e.g. you realize you can't reach a server by hostname just as the monitoring software sends a text to your phone letting you know the DNS service has stopped)
3rd time's the charm
Dig into security a bit. You haven't mentioned a router/firewall keeping your network safe from the outside world...
Read. A lot. There's a 'beginner' tag here on SF that may give you some digestible chunks to start with. I've been doing this 10 years and I learn a ton of new stuff every day, monitor a couple tags at a time and get absorbing.
Considering the limited number of users, I would forget immediately about automatic provisioning, network profiles and all the rest - you don't need these, so don't start with them. Start with simple things and work your way up. If you ever do need these kind of things, you'll know it. Until then, save your time and energy for more important things.
So.. you have 25 users, backup is in place - on the clients as well? Put some kind of client-backup solution in place, either continuous backup or a synchronised folder of data (if you don't have unlimited storage, you won't want to store a full disk image of everyone's PC).
For development work, which version control system do you have? If none - get one, if you do have one, make sure that's being used well, is maintained and looked after.
Then, for staging, dev and test servers, I don't think you need new ones - you need a virtualisation solution (eg vmware and lab manager or similar). At this point, you'll be finding out how much server capacity you have and how much more you need. I'd ensure you don't try to figure out how much you need if you can expand at will. You'll always need more than you think.
All in all, just tidy things up, make sure everything gets put in its place so you know where all the work being done by your company is, make sure its backed up (and that you can restore it!). Then you will find more to do - as you need to do it.
First thing I would do here is deal with the local storage issue. Even with that small number of users it's still a risk, and is probably a leftover from an older workgroup environment. Get all the data onto the server.
You don't mention email, so I'm wondering if the users are using POP3 accounts from an ISP. It may be an option to look at implementing some kind of internal email, as at the very least you won't be reliant on the ISP being available. If the users are also using email as document storage (which it's reasonable to suspect) you would be also bringing that from local to server (and into your own backups), and taking the ISP out of the loop so far as transmission of confidential or sensitive docs between users is concerned. I'd also consider switching to SBS if doing so, as going the whole hog of a dedicated Exchange server in this environment doesn't make much sense. It still remains an option which you may decide you don't want the overhead of implementing, though.
Overall though, from your description, things seem to be ticking over reasonably well. There's no real potential howlers lurking there, and what you've got is typical enough for a reasonably well run shop of that size.