Landmark Information Systems

PURPOSE 

This procedure outlines preparing a computer for Landmark user. This may include a new hire or replacement machine for an existing user.

BACKGROUND 

This procedure should be followed for computers prepared for new hires, system replacements, temporary / loaner systems, and all situations where a computer is prepared for a user.

PROCEDURE(S)

INITIAL SYSTEM SETUP 

• Select an appropriate system according to the user role or scenario. Consult the Software and Hardware Matrix for examples. Consult another member of the Information Systems team for guidance as needed.
  
  
• Perform a clean install of the Windows OS using a recent version of Windows installation media.
  
  
• Create a temporary local administrator account and notate the username/password in the ticket. (Note will be deleted later)
  
  
• Update System BIOS to the latest version from manufacturer website.
  
  
• Install all OEM driver updates for computer.  
  
  
• Rename the computer to the appropriate host name and join the machine to "landmark.local" domain. See the naming guide as needed.
  
  
• Change computer power settings to “Never Sleep” while connected to power.
  
  
• Move the Computer object to the appropriate Organizational Unit in Active Directory based on the deployed location for the computer
  • All end user assigned laptops and workstations should be moved to the "1. Landmark Computers" OU.
  • All Decatur Shop Floor Kiosk machines should be moved into the "M1 SFE Computers" sub-OU.
    
    
• After 30 minutes a notification will appear to authenticate the work or school account, This will verify the UPN then join the computer to Intune and Microsoft Defender for Endpoint
  
  
• Freshdesk, Screenconnect, and Jabra will all be installed automatically from Intune

SYSTEM PREPARATION

1. Install appropriate software according to the Software and Hardware Matrix.
2. Install all operating system and application updates.
   
   
3. Correct local machine Users and Security Groups
   1. Assigned user should be member of Users and Power Users local groups.
      
      
   2. The "Landmark\Domain Users" group should be removed from the local Users group.
      
      
   3. The local Administrators group should only contain the "Landmark\Workstation Administrator" group and the local Administrator user. Nothing else.
      
      
   4. The assigned user should only be a member of local Administrators group if authorized / approved and listed on the list of Approved Local Administrators.
      
      
4. Enable local Administrator user, change password, and log into LastPass.
   
   
5. Delete the temporary user account created during windows installation / welcome experience.

USER PROFILE PREPARATION

1. Log into the system as the assigned user.
   
   
2. Create the users outlook profile.
   
   
3. Configure the standard email signature with appropriate information, based on the template. You can copy the template file form the software share into the user profile\appdata\roaming\Microsoft\signatures folder.
   
   
4. Configure Bria as needed.
   
   
5. Set default Apps
   1. Mail = Outlook
      
      
   2. PDF = Whichever PDF application is installed.
   3. Video = Windows Media Player or VLC
      
      
6. Disable PDF opening in IE browser (Adobe, FoxIt).
   
   
7. Migrate all user content according to the User Migration / Swap Guide procedure if appropriate..
   
   
8. Verify all applications are active and licensed correctly while logged in as the assigned user.

FINAL SYSTEM CHECKS

1. Physically clean machine.
   
   
2. Run Windows Update
   
   
3. Provision workspace and test all equipment.
   
   
4. Update inventory and all logs.