An updated version is also viewable from the IT repository by clicking here or visiting the Training folder of the IT repository.
Table of Contents
Standard Setup and Configuration
Other Standard System Configurations
Standard Microsoft 365 Entra/Azure/Intune Setup (Cloud-Managed)
Standard Software Applications
Standard Setup and Configuration
Minimum Hardware Requirements
All PCs deployed to users must meet Windows 11’s minimum system requirements. PCs that do not meet these requirements are to be assessed for sale then scrapped if they do not qualify for sale.
Asset Tags and Inventory
The following information is combined to create a unique asset ID:
· Begins with GW (to identify the number as an asset ID)
· Last two digits of the year of purchase
· Two digits representing the month of purchase
· One digit representing the duration in years of the manufacturer warranty
· Three digits representing the order in which the asset(s) were unboxed this month
For example, a laptop...
· Purchased in 2024
· Purchased in September (09)
· Manufacturer warranty lasts 03 years
· Was the 43rd asset purchased this month
Would receive the following asset ID:
GW24090343
BIOS/UEFI Settings
Category | Name | Value | Description |
Power | Runtime Power Management | TRUE |
|
Power | Extended Idle Power States | FALSE |
|
Power | Power Control | TRUE |
|
Network | Extend DHCP Timeout | TRUE |
|
Built-In Device Options | LAN/WAN Auto Switching | TRUE |
|
System Options | Hyperthreading | TRUE |
|
System Options | Virtualization Technology for Directed I/O (VTd) | TRUE |
|
System Options | Virtualization Technology (VTx) | TRUE |
|
System Options | All other VT Options... | TRUE |
|
Boot Options | Startup Delay | 5 Seconds | Allow time for techs to enter boot menu on fast SSDs |
Boot Options | Network (Pxe) Boot | TRUE | Allow network booting (for FOG) |
Boot Options | Audio Alerts for Boot | FALSE | Disable obnoxious continuous beeping for boot errors. |
Boot Options | Num. Lock on Boot | TRUE | Allow techs to use numpad in BIOS/preboot. |
Security Settings | Secure Boot | FALSE | Reduce errors with FOG etc. |
Security Settings | TPM Activation Policy | No Prompt |
|
Security Settings | TPM Spec Version | 2.0 |
|
Other Standard System Configurations
Name | Description | How to Change |
Computer Name | Changes display name for Entra and other applications | >WMIC ComputerSystem where Caption=”%computername%” rename “[New Name]” |
Workgroup | Ensures there is no conflict with the network domain name | >wmic computersystem where name="%computername%" call joindomainorworkgroup name="MSHOME" |
Desktop Shortcuts
WIP…
User Accounts
Licensing
Microsoft 365
Name | User Base | Description |
Enterprise Mobility +Security E3 | All users receiving a laptop | 365 licensing for desktop and web applications |
Microsoft Power Automate Free | All Users | Allows various scripts to function…? |
Office 365 E1 | All users not receiving a laptop | 365 licensing for web applications only |
Office 365 E3 | All users receiving a laptop | 365 licensing for desktop and web applications |
Other Licenses
Name | User Base | Description |
Adobe Suite | Marketing, Advertising | Standard Adobe enterprise video/photo editing and illustration software |
Account Setup
Standard Microsoft 365 Entra/Azure/Intune Setup (Cloud-Managed)
New Users
To configure a laptop for a new user:
1. Collect new user information from their supervisor…
1. Send this web form link or this document to the requesting supervisor.
2. Create a new 365 account using the 365 Admin Portal…
1. Select Users > Active Users > Add a user
2. Complete the “Add a user” form…
- First Name
- Last Name
- Username (for Avery M. Lentine: alentine or amlentine if the first is unavailable)
- Password: Temporary (uncheck [Require password change])
- Assign licenses (see Licenses section above…)
- Optional Settings > Expand Profile Info…
- Fill in all fields from the info provided by the user’s supervisor except Office and Department
- Department: User department (IT, Retail, NFP, etc.)
- Office: User location name (Granger
Retail, Western Admin, etc.)
3. Sign in and enroll the device in Entra with the new account…
1. Windows Settings > Accounts > Access work or school > Connect > Join this device to Microsoft Entra ID
2. Enter the new user’s credentials
3. Sign out of helpdesk then sign in with the new user’s credentials
4. Continue with software installation…
1. See Standard Applications…
Existing Users
Starting from step 3, follow the same procedure for new users excepting the existing user must enter their current credentials for Entra enrollment and software setup, or the existing user may consent to having their password to be changed temporarily until laptop setup is complete.
Standard Software Applications
Name | User Base | Description | Web Link |
7-Zip | All Users | Free open-source file compression/decompression | MAIN PAGE |
Adobe Acrobat Reader | All Users | Powerful PDF viewer and editor | MAIN PAGE |
HP Mac Address Manager | All Users | Fixes MAC addressing for HP docking stations? | NOT AVAILABLE |
File Shredder | All Users | Securely deletes sensitive data | MAIN PAGE |
HP Software Framework | All Users | Fixes various compatibility issues with HP hardware? | MAIN PAGE |
Media Player Classic | All Users | Free open-source port legacy Windows Media Player port for Windows 10+ | MAIN PAGE |
Google Chrome | All Users | Popular web browser | MAIN PAGE |
Microsoft 365 Enterprise Apps | All Users | Standard Microsoft enterprise productivity suite | MAIN PAGE |
Microsoft Teams for Business | All Users | Microsoft enterprise communication software | MAIN PAGE |
KnowBe4 Phish Alert Button | All Users | Outlook plugin for adding a phishing email reporting button | |
PrinterLogic | All Users | Printer management software | MAIN PAGE |
LogMeIn | All Users | Remote desktop management software | MAIN PAGE |
Cynet | All Users | Antivirus and security software (must be installed after other applications to avoid security conflicts) | MAIN PAGE |
Adobe Creative Cloud | Marketing | Standard Adobe enterprise video/photo editing and illustration software | MAIN PAGE ADMIN |
Laptop Setup Procedures
Laptop Return Procedure
Immediately document the following when a laptop is returned to the IT department on a note attached to the laptop:
1. The individual dropping off the laptop’s first and last name, their department, role and contact information
2. The previous user’s first and last name, their department, role and contact information as reported by the individual dropping off the laptop
Update the inventory assignment log to reflect that the laptop has been dropped off. Place the laptop on the “User Data Retention” shelf in the IT department and follow the user data retention procedure unless instructed otherwise by a supervisor.
User Data Retention Procedure
Do not delete data from returned laptops until at least one month after the laptop has been returned to the IT department unless otherwise specified by the supervisor dropping off the laptop or the IT Director. Laptops on hold for data retention purposes are to remain on the “User Data Retention” shelf with a note attached detailing the user’s first and last name and the retention expiration date.
Periodically check the User Data Retention shelf for laptops past their retention expiration date. Place those laptops on the Hardware Return shelf to prepare for deployment and update the inventory assignment log to reflect this change.
Preparing for Deployment
To prepare laptops on the Hardware Return shelf for deployment:
1. Check the firmware settings and erase data on the drive…
a. Ensure the firmware settings are set to the standard configuration for Goodwill (See Firmware Settings)
b. For HP laptops, select Secure Erase from the firmware settings UI to erase all data from the drive, or for other laptop manufacturers run the diskpart command clean all from Windows bootable media
2. Install Windows 11 using installation media…
a. If you need help with this step, report to your supervisor.
OR
Install Windows 11 using FOG…
a. Connect the device using an ethernet cable to the nwigw.goodwill-ni.org network
b. Select IPv4 PXE boot from the boot menu
c. If the message “Host is NOT registered” appears, continue to step d. Otherwise, report to your supervisor.
d. Select Perform Full Host Registration and Inventory and enter the following information:
- Enter hostname: Asset tag ID
- Enter image to associate with this computer: ?, then enter the number of the image that corresponds to the device being imaged
- Associate this host with groups? N
- Associate this host with snapins? N
- Associate this product key to this host? N
- Join this host to a domain? N
- Primary user for this computer? helpdesk
- Other Tag#1? leave blank
- Other Tag#2? leave blank
- Would you like to deploy image to this computer? Y
- Username: helpdesk
- Password: [helpdesk password]
3. Initial OS configuration…
a. Shift + F10 to open the command prompt, then enter the command OOBE\BYPASSNRO to disable the Microsoft account requirement (the device will reboot)
b. Create local user account hepdesk with no password to bypass account recovery questions
c. Disable all optional tracking and data collection features
d. Set miscellaneous OS configuration settings (see Other Standard System Configurations)
4. Place the laptop on the Laptop Reserve shelf and update the inventory assignment log to match…
a. If you need help with this step, report to your supervisor
Laptop Deployment Procedure
1. Receive approval to deploy the laptop…
a. Roles authorized to approve laptop deployment include:
- District managers
- Store managers
- IT Director
All other employees must report to their supervisor to request approval.
2. Create and/or assign the user’s account to the laptop…
a. See User Account Setup for detailed instructions
3. Install applications and configure for deployment…
a. Run Windows and HP Support Assistant updates then uninstall HP Support Assistant
b. Install the appropriate software applications for the user based on their role (see Standard Applications)
c. Install and test any auxiliary hardware for the
device including but not limited to:
- Printer(s) (Use PrinterLogic)
- Keyboard and mouse
- Monitors (Configure extended display settings)
- USB Dock
d. Ensure the local administrator helpdesk account password is set correctly