Place asset tag on
new laptop (contact Robbie to order more if needed)
Perform Clean install of Windows 11
ISO can be found at \\okrrk1data02\Installs\OPERATING SYSTEMS\Workstations\Windows 11\
Create local admin
account
If unable to create local account due to needing to sign in with a Microsoft account in Win11:
Open CMD in the Windows setup screen (Lenovo shortcut: Fn + Shift + F10) > type in: OOBE\BYPASSNRO
Don't connect to wifi/ethernet > Select "I don't have Internet" when prompted to connect to internet
Update Windows
Update Drivers:
support.lenovo.com
Update Microsoft Store > Get updates
Add to domain
System
> Advanced System Setup > Computer Name > change > Name via naming standard provided below* > check 'Domain' > otoemc.local > authorize with your normal
credentials (Don't restart until admins have been added in computer management (See below**)
*Naming standards:
Kansas > KSOLP1LT####
Oklahoma > OKRRK1LT####
Nevada > NVLVS1LT####
**Add admins
Go
to "Computer Management" > Local Users and Groups > Groups >
Administrators> add:
Caliber_IT_Ops;
IT
Ops Local Admins;
MECM.Client
Restart Computer and
sign in with Domain Credentials (OTOE)
Move computer to the
correct workgroup OU in AD
Install Global Protect (VPN)
\\okrrk1data02\Installs\PUBLISHED INSTALLS\Global Protect
GlobalProtect64.msi
After install, select taskbar icon to open and select "Connect"
Select computer cert > URL = caliberfs.gpcloudservice.com > Enter domain creds in browser popup (full email)
> Verify RSA prompt on phone
Install GoTo Assist
\\okrrk1data02\Installs\PUBLISHED
INSTALLS\
Go2Assist
- Unattended Support Installer.exe
Verify
you can connect and rename device to include user's name: Computername (First
Last)
Install Crowdstrike
\\okrrk1data02\Installs\PUBLISHED
INSTALLS\Crowdstrike
WindowsSensor12.2.21.exe
Install Darktrace
\\okrrk1data02\Installs\PUBLISHED INSTALLS\Darktrace
darktrace-cSensor_1.8.6.0_x86_64.msi
Install Office
https://www.office.com/?auth=2
(can
login and install with your credentials, don't open any office programs)
Update Group Policy
settings
Open
cmd > type: gpupdate > restart once finished
(If not prompted to restart, may need to restart laptop and run again)
Enable Bitlocker
Bitlocker
should auto-setup through group policy; directions are below in case it does
not.
Before setting up manually: run another gpupdate by adding /force
Open cmd > type: gpupdate /force > restart once finished > verify if bitlocker is now setup
Select
'Let BitLocker automatically unlock my drive' > 'New Encryption Mode' >
'Run BitLocker system check'
Accept
restart prompt
(Can
check progress by running 'cmd' as admin > manage-bde -status)
Once confirmed to be setup, verify with a system admin that Bitlocker key has been successfully backed up.
Install MECM
Otoemecm\ccm
setup\Client\ccmsetup
Can
check progress by opening task manager and checking for mecm.exe (32-bit)
(Process
will disappear when finished)
Check
by: Open Control Panel > select 'small icons' > 'Configuration Manager'
will be present on success
*Double check to
make sure OS has a Windows Enterprise Key*
Set Power Plan
setting for "Change what closing the lid does" to 'Never' when
plugged in
Ensure power plan settings also has "Turn off the Display" timer of at least 15 minutes
(If screen dims too quickly, may need to edit the Power Plan advanced settings to "Turn off hard disk after" to at least 15 minutes as well.)
If needing to expedite system center software installations:
Open Configuration Manager > Select the "Actions" tab at the top
> Select the following Actions and select "Run Now" and then confirm:
Application Deployment Evaluation Cycle
Machine Policy Retreival & Evaluation Cycle
Software Inventory Cycle
Wait at least 5 minutes after which the software center should start the installations.
Install User
Applications