Laptop General Setup

This guide outlines the steps for preparing a laptop for general ICS use.

UEFI/BIOS Notes

General things to check and set…

For most Dell based systems, it's usually F2 on Dell systems (remember to use the fn key, if needed, on laptops!)

  1. Secure Boot enabled
  2. Storage > SMART Reporting > Enable (turn it on)
  3. Integrated NIC (in Network Controller Configuration) > set to Enabled only (as in disable PXE). Normally don't want PXE booting for security reasons outside of an already deployed system.
  4. Set Admin Password for UEFI/BIOS. See fellow Computing Support member for current password.
  5. System Management > Asset Tag > if campus purchased/owned, set to and double check spelling: University of California Irvine
  6. Wake on LAN > set to LAN Only
  7. Pre-boot behavior > Fastboot > set to Auto

Windows 10 OOBE (Out of Box Experience) First Time Boot and Setup

DO NOT CONNECT TO THE INTERNET until after completing the entire OOBE process! This is so that you're able to create a local account. Otherwise, connect to the internet if setting up a Microsoft account for login use to the system.

  1. set name/username to: sgroup
  2. password: (refer to LastPass, group password manager, or ask a fellow administrator) …input and double check the password carefully!
  3. For the security questions, I usually do UCI themed answers. So, for example…
    1. What's the name of the first school you attended?
      1. UCI
    2. What's the name of the city where you were born?
      1. Irvine
    3. What was your childhood nickname?
      1. Peter
        1. (for Peter the Anteater)
  4. Privacy settings preferences
    1. I usually disable all but leave “Location” and “Find my device” enabled
  5. Skip Cortana setup, unless specifically asked to use it
  6. Support and Protection (usually Dell laptops) > can leave blank and press Next. Then uncheck “Use my information to register my security subscription, …”

After Windows 10 OOBE and finally finished loading to the desktop screen

General things to check and set…

  1. change volume to 25 or any low value so that things are not too loud :-)
  2. open appwiz.cpl from the Start menu or from a Run command.
  3. Uninstall Microsoft 365 (en-us, es-es, and fr-fr) if planning to install campus licensed Office. Might need to wait a bit between removals for each language.
  4. open elevated CMD prompt, then type in the following to check drive encryption status (wait until Percentage Encrypted reaches 100% if encryption is running. This may take around 20-30 minutes, depending on the system):
     manage-bde -status 
  5. copy ICS folder from Peera onto local drive
  6. connect to the internet
  7. Restart the system (to clear any residuals from the uninstall of Microsoft 365)
  8. after returning from the restart, in an elevated CMD prompt (search for CMD in the Start menu and right click, then Run as administrator) to check that Windows is properly activated, enter in:
     slmgr /dlv 
  9. in the same elevated CMD prompt, cd into the ICS folder that was copied over:
     cd\ICS 
  10. inside C:\ICS run:
     All_installer.cmd 
  11. Restart the system after the first phase so that it's renamed
  12. install Adobe Acrobat DC if needed
  13. install Cisco AnyConnect campus VPN if needed
  14. in an elevated CMD prompt, cd into the ICS folder again and run:
     Phase2_installer.cmd 
  15. optional: to disable auto-start of Microsoft Teams, look for the Teams icon in the taskbar tray, right click it and look for a way to uncheck the auto-start it in the Settings
  16. open group policy by searching in the start menu for Edit group policy
  17. go to:
     Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business 
      - open Select when Preview Builds and Feature Updates are received and set to Enabled
      - set readiness level for updates to:  Semi-Annual Channel
      - set to 365 days  so that major updates are minimized as much as possible for users and less chance of things breaking from Windows updates.
  18. open Select when Quality Updates are received (in the same area of Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business) and…
     set to Enabled 
      - set to defer to either 3 or 4 or 5 days  so that security related updates are deferred. It's usually a good idea to wait a few days after updates are released for any issues that might be discovered in the tech community. 
  19. go to:
     Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Logon Options
       - open Sign-in and lock last interactive user automatically after a restart 
       - set to Disabled  (this is for security reasons and to prevent the previous user from being pre-logged in after a restart) 
  20. optional/recommended:
    1. check for driver updates from manufacturer's website or run tools like Dell Command but try to make it so that it doesn't automatically check (assuming users have non-admin access)
  21. Restart

BitLocker

  1. from the Start menu, search for BitLocker or Manage BitLocker
  2. select Turn on BitLocker
  3. select Save to a file
  4. save to a USB drive, if needed, but usually prefix what's already in the file name with the computer name (or hopefully the computer name has the serial number or service tag)
  5. after successfully saving, select Next, and Activate BitLocker
  6. Upload a copy to the SharePoint location:
     https://ucirvine.sharepoint.com/:f:/r/sites/ICS-Computing-Team/Shared%20Documents/BitLocker?csf=1&web=1&e=AdQtSB 

Create Local Account for User

As of October 2021, create local user account for the intended user. More details on whether getting users to use their ICS AD account to login are pending from OIT as it currently doesn't work.

laptop_setups.txt · Last modified: 2021/10/21 12:54 by pnimsomb
CC Attribution-Noncommercial-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0