Home

 News & Insights 

 Community 
 Reviews
 Online Events

Login Join

 Home 
 Best Practices 
 Best Practices

Checklist for basic computer setup

configuration
Posted by bbh on Nov 9th, 2013 at 3:42 AM

 Solved

Best Practices

Anyone have a checklist of things that should be checked off when adding a computer to the
domain?  
Things like complex local admin password, AV and Windows up to date, etc.

I know SW can check if AV is up to date, but can it check if Windows is up to date or if there is a
complex local password?

Spice (10)Reply (17)

flagReport

bbh
J AL AP EN O

Enter to win a

Contest ends Aug 31, 2022 Contest Details View all contests

checkBest Answer

Angus S-F

GeoApps is an IT service provider.

 D AT IL

Nov 13th, 2013 at 8:17 PM

bbh wrote:

Is there anything that could be run against a device to make sure it has passed all the security
checks?

If you trust anything from McAfee:

 McAfee Security Scan

http://liteapps.mcafee.com/apps/mss/1.0/affid/0/en-us/help.html
Secunia used to have an online version of this, but it has been discontinued.  It's free for home
use.  Businesses need to use the non-free version (which does have a central console):

 Free Computer Security - Personal Software Inspector (PSI) - Secunia

https://secunia.com/vulnerability_scanning/personal
Unfortunately it installs a run-all-the-time tray icon, so it's not just a check-once program.

It's not enough to check your systems once, which is why Secunia's PSI run-in-thee-tray (and the
non-free corporate CSI) make sense for many users.  Or you can use Network Access Control
(NAC), which examines the nodes on your network as they connect.  There is a decent open-
source one here:

 PacketFence: Open Source NAC (Network Access Control)

http://www.packetfence.org
View Best Answer in replies below

17 Replies

whoisROWDY
ANAHE IM
Nov 9th, 2013 at 6:34 AM
Couple things off the top of my head..

Add printers

Add AV
 Remove bloatware

Run OS updates

Setup email -> Setup signature

Point "My Docs" to network share file

Create scan folder -> Setup scanner to point to scan folder

Spice (1) flagReport
Was this post helpful?thumb_upthumb_down

Staceyjohnston
J AL AP EN O
Nov 9th, 2013 at 7:16 AM
Add  Remote Admin setup unless you have it covered by GPO.

Spice (1) flagReport
Was this post helpful?thumb_upthumb_down

ammayer
C AY EN NE
Nov 9th, 2013 at 7:54 AM
If possible configure as much as possible through group policy. This eliminates the risk of
misconfiguring the end hosts.

Spice (1) flagReport
Was this post helpful?thumb_upthumb_down

Bud G.
M AC E
Nov 9th, 2013 at 8:12 AM
Create local admin account with complex password. Use across all computers (or all laptops, or
desktops, or by model, etc.)

Use a preconfigured image for the same machines. Makes things all that much more easier.
 Before giving the computer over to the user, make sure that it is joined to the domain. All
necessary updates have been installed. AV is up to date. All programs that have been identified
as being required by the user (per management or job description, etc.) are installed.

Verify that the machine works and that you are able to get on the domain.

Make sure that any proxies are configured.

flagReport
Was this post helpful?thumb_upthumb_down

Andres719
D AT IL
Nov 9th, 2013 at 8:29 AM
whoisROWDY wrote:

Couple things off the top of my head..

Add printers

Add AV

Remove bloatware

Run OS updates

Setup email -> Setup signature

Point "My Docs" to network share file

Create scan folder -> Setup scanner to point to scan folder

Add basic software: Adobe Flash, Reader, silverlight, etc...

flagReport
Was this post helpful?thumb_upthumb_down

PaulK1437
J AL AP EN O
Nov 9th, 2013 at 10:54 AM
 add user to AD if applicable 

add profile to computer

setup AV

Setup remote software

run select windows updates to prevent update failures ( we mainly use lenovo's and this is
common) 

update drivers if required

setup shortcuts 

setup homepage for the help desk and time clock 

remove bloatware ( mostly any preinstalled av) 

Map Drives if applicable

setup email/signature 

review department/division for software requirements i.e install office 2000, 2007, 2010, 2013 or
365 if application 

install vlc player if applicable 

install ccleaner if applicable ( mostly older computers ) 

Verify network/wifi working 

flagReport
Was this post helpful?thumb_upthumb_down

JaredBourne
C AY EN NE
Nov 10th, 2013 at 8:57 AM
Set Local Admin

Set Owner in Registry

Join to domain

Group Policy takes care of the rest

 flagReport
Was this post helpful?thumb_upthumb_down

Pansai
Computer-Service-Göttingen is an IT service provider.
P OBL AN O
Nov 11th, 2013 at 5:48 PM
install Chrome/Firefox and remove IE from taskbar

install CCleaner

instead of Adobe Reader, go with sth. more powerful like Nitro Reader

remove preinstalled (old) Java versions and only install java if really needed

clean up AutoStart (using CCleaner)

on Win8 remove all preconfigured tiles and leave just the needed software

flagReport
Was this post helpful?thumb_upthumb_down

Brittany for Flexera

Brand Representative for Flexera
S ER RANO
Nov 11th, 2013 at 11:41 PM
Aside from the basics, I also would like to throw in a suggestion for Flexera's App Portal, which
allows users to download software off of the server using a self-service "store" and still lets you
control updates, licensing agreements, etc. Not exactly a traditional item on your checklist, but it
may allow you to have more control over your software while also giving users control over what
goes on their computer. You can see a demo and get a free trial here to test it out and see how it
works out for you. If you have any questions or concerns, let me know!

flagReport
Was this post helpful?thumb_upthumb_down

justinrdr
 P OBL AN O
Nov 12th, 2013 at 2:27 AM
Turn on wake-on-lan in the BIOS.

Set appropriate power options.

Remove all crapware.

Install AV.

Install common apps from Ninite (we install Reader, Java, and Flash)

Install Office.

Add to domain.

Install line-of-business apps and other necessary software.

flagReport
Was this post helpful?thumb_upthumb_down

FiyaFly
T HAI P EP PE R
Nov 12th, 2013 at 2:45 AM
I generally operate off of this document, save for some redaction for privacy purposes.

attach_file  Computer_Set_Up_I...ctions.doc 26.5 KB

Spice (1) flagReport
Was this post helpful?thumb_upthumb_down

Angus S-F
GeoApps is an IT service provider.
D AT IL
Nov 12th, 2013 at 8:59 AM
On Win7, set a password for the hidden-from-the-welcome-screen local Administrator account. 
Otherwise someone can boot into safe mode and use it to monkey with the system.

If you must use Adobe Reader, preconfigure it by turning off Javascript and Multimedia Trust and
Trust settings that allow AR to run embedded programs, then copy these settings to the "Default
User" profile using something like ForensIT's DefProf utility.

Put a link to your Spiceworks Helpdesk in a prominent place on the desktop ;-)
 flagReport
Was this post helpful?thumb_upthumb_down

Pansai
Computer-Service-Göttingen is an IT service provider.
P OBL AN O
Nov 12th, 2013 at 1:08 PM
Ninite sounds interesting... does anybody have an alternative for that which is a little more
'flexible'?

flagReport
Was this post helpful?thumb_upthumb_down

OPbbh
J AL AP EN O
Nov 13th, 2013 at 4:50 AM
Is there anything that could be run against a device to make sure it has passed all the security
checks?

flagReport
Was this post helpful?thumb_upthumb_down

Angus S-F
GeoApps is an IT service provider.
D AT IL
Nov 13th, 2013 at 8:17 PMcheckBest Answer
 

bbh wrote:

Is there anything that could be run against a device to make sure it has passed all the security
checks?

If you trust anything from McAfee:

 McAfee Security Scan

http://liteapps.mcafee.com/apps/mss/1.0/affid/0/en-us/help.html
 Secunia used to have an online version of this, but it has been discontinued.  It's free for home
use.  Businesses need to use the non-free version (which does have a central console):

 Free Computer Security - Personal Software Inspector (PSI) - Secunia

https://secunia.com/vulnerability_scanning/personal

Unfortunately it installs a run-all-the-time tray icon, so it's not just a check-once program.

It's not enough to check your systems once, which is why Secunia's PSI run-in-thee-tray (and the
non-free corporate CSI) make sense for many users.  Or you can use Network Access Control
(NAC), which examines the nodes on your network as they connect.  There is a decent open-
source one here:

 PacketFence: Open Source NAC (Network Access Control)

http://www.packetfence.org

flagReport
Was this post helpful?thumb_upthumb_down

Cody Wian
S ONO RA
Nov 13th, 2013 at 11:42 PM
We use a infopath form ( see attached)

Once you click the submit button it sends to our helpdesk account for tracking purposes. 

attach_file  PCform.xsn 10.8 KB

flagReport
Was this post helpful?thumb_upthumb_down

Angus S-F
GeoApps is an IT service provider.
D AT IL
Nov 14th, 2013 at 11:11 PM
bbh wrote:

Is there anything that could be run against a device to make sure it has passed all the security
checks?
You should also run this program to make sure everything is patched:

 Microsoft Baseline Security Analyzer 2.3 (for IT Professionals)

http://www.microsoft.com/en-us/download/details.aspx?
id=7558&WT.mc_id=rss_alldownloads_all

There is a description of the latest version here:

 Microsoft Baseline Security Analyzer 2.3 Adds Support for Windows 8, Windows 8.1,
Windows Server 2012, and Windows Server 2012 R2 | Security content from Windows IT
Pro
http://windowsitpro.com/security/microsoft-baseline-security-analyzer-23-adds-support-
windows-8-windows-81-windows-server-20

flagReport
Was this post helpful?thumb_upthumb_down

lock

This topic has been locked by an administrator and is no longer open for commenting.

To continue this discussion, please ask a new question.

 Read these next...

Corporate Wi-Fi that roams without interruption

Networking

Hi, allI have Meraki deployed in my environment and I think its roaming stinks. When you are
associated with an AP, you need to drop off when the connection gets weak before another AP
picks you up. For active calls on Zoom, Teams, etc, it's unacceptable....



Snap! DDoS attack, Safari JWST's JavaScript, space-based solar

power, One D&D
Spiceworks Originals

Your daily dose of tech news, in brief. We made it to Friday! And while it was actually a Thursday,
if we roll back the clock to August 19, 2004, it was definitely a good day for internet search giant
Google (now known as Alphabet) as it had its in...


Cisco switch mystery problem.

Networking

I have a Cisco switch that I have to deal with - I have no control over it's configuration and at my
facility, there isn't even anyone to ask ( a long story ).  There is a new issue that the ports will
close down if another switchis plugged in to it.  The...


Spark! Pro Series - 8-19-2022

Water Cooler

On this day in 1887 Dmitri Mendeleev will ascend in a balloon solo to 3.5 Km above the earth to
view an eclipse. The solo part of this adventure came about when it was discovered that the
balloon did not have enoug...


Few days into new job- I feel so out of place

IT & Tech Careers

I previously posted here about getting offered a Jr net admin position and how nervous I was.
Well I’ve started and am 3 days in and I feel so out of place. When I get to work I’m not even sure
what I’m supposed to be doing. So I ask. Told to do something...
 About
 Contact
 Support
 Press / Media
 Careers
 SpiceWorld
 Blog


o
o
o
o

 Sitemap
  Privacy Policy
  Terms of Use
  Guidelines
  Accessibility Statement
  Do Not Sell My Personal Information
 © Copyright 2006 - 2022 Spiceworks Inc.
If you consent, we and our partners can store and access personal information on your device to provide a more
personalised browsing experience. This is accomplished through processing personal data collected from browsing
data stored in cookies. You can provide/withdraw consent at any time by clicking on the ‘Manage Preferences’ button.
Accept All Cookies
Cookies Settings