We have to follow best practices for deploying OS on a Desktop or Laptop, otherwise, later we will have many Non-compliance issues, and fixing those Non-compliance issues may take a lot of time and User dissatisfaction on newlly provided systems or re-build systems.
Pre-installation: Hardware Verification
- is BIOS updated to the latest version?
- is TPM is enabled
- is the system configuration as per requirement? like RAM, Disk, Processor
- Delete Hostname from AD if you’re joining to Domain.
Post-installation: after OS installation
You may have a Central Build option, like SCCM, MDT, or any third-party application that will help you build the system after connecting LAN. many-time all Mandory Agent and Software are part of Build. but still, we need to make sure all components are installed and running so that we can avoid Non-compliance issues.
- Verify installed all the latest patch
- Verify Disk Partition and Encryption enabled
- Verify antivirus installation and make sure all required components of AV are installed, especially Threat Prevention, Webcontrol, and Adaptive Threat Prevention.
- Verify DLP if you’re using
- Verify Proxy is configured or not if you’re using any hybrid proxy solution make sure the agent is installed and the right policy applied
- SCCM all cycles are showing in Configuration Manager.
- Verify if any Mandotry Software is installed.
- if your organization using any monitoring /user experience tool make sure it’s working and your new build system communicating to Server.
- if you’re using Azure AD services, make sure the systems AzureAdJoind: YES
This is a basic checklist to make sure new build systems are compliant with your organization’s policy. you may also have different Mandotry systems requirements based on the project or type of customer. E.g. Screenshot Disabled; Restricted storing data in Local Drive.
Write us