Workstation Setup Guide

Setup workstations with better standardization for improved user security and productivity.

Relevance

Last Review: February 15, 2020

Product(s): Windows 10, Enterprise Mobility

Author(s): Cameron Smith

Delta

A cyberist created this article using the patented Delta Method by modernizing a typical approach.

Reference

Summary

Setup workstations with standard software to protect privacy and improve productivity. Legacy imaging is no longer cost effective or sustainable with the rapid changes in technology and security requirements.

Most settings or applications are automated with a combination of Active Directory Group Policy and Microsoft Intune software deployment. Restricted or limited use software may be installed manually on an exception basis.

Requirements

  • System Plan located in SharePoint accessed with multi-factor authentication provides the necessary credentials, software keys or cloud address, and naming conventions.
  • Domain administrator, Azure administrator, and local workstation administrator (wsadmin) credentials are required.
  • Username and role/department for the Organizational Unit (OU) are provided by management.
  • Software is available at \\Server\Setup. Software Piracy maximum penalty is a felony with 5 years in prison and a $250,000 fine.
  • Home versions of Windows or Office are not compatible or supported for business use.
  • Workstations are named by Service Tag or location and department or role with unique number.
  • IP address, subnet mask, gateway, and DNS addresses are provided by DHCP.
  • Users should never be local admins and must use WSAdmin for installation or configuration.
  • Windows Firewall and Windows Defender are always enabled (only exception is during testing).

Steps

  1. Join the workstation to the domain and name the computer as described above.
  2. Activate Windows with the Windows 10 Pro or Enterprise key listed in the System Plan.
  3. Logon to a domain controller and move the computer to the appropriate department OU.
  4. Run Windows Updates, gpupdate /force from an elevated Command prompt, and restart.

Exceptions

  • Install restricted use or legacy software with instructions in this section.

Follow-up and Testing

  1. Logon with the username and a temporary password for testing with reset for next logon.
  2. Verify applications like Office 365 ProPlus are installed.
  3. Verify drive mappings from logon scripts and verify Internet access by doing a Google search.
  4. Print a test page to each available printer.
  5. Help user for the first logon and answer questions or correct any unexpected problems.