DEPLOYING & MANAGING WINDOWS 10 DEVICES FOR A SMALL BUSINESS (2/3)
Now we have worked out how to get a Windows image from FOG server and that our lab is ready to test, we are going to work on the customization side of the project.
3.1 Label devices
Using label has 2 main objectives for us
- Making sure devices is the property of the company and that we legally have right to get it off from the end user at any time
- Assigning device to an end user and facilitating management of it.
3.2 Flashing Dell Bios
Latest BIOS at the moment is the 1.5.1
3.3 Changing some BIOS settings
I have enable here
- USB Powershare (to provide usb charge for our mobile phone when connected on USB port)
- Advanced Battery Charge
3.4 Deploying Chrome policies
Using ADMX and group policies helped us to deploy extensions as well as automatic settings.
Download the template from the official Google website and copy to your
C:\Windows\PolicyDefinitions local folder
3.5 Windows Hello setup
Setup a pin to logon for each user was a great way to enable a quick logon even though end user still need password for connecting to OWA or remote applications.
3.6 Enrolling device to MDM (Intune)
We choose to keep end-user a standard user so they would not be able to install software and modify anything on their devices. By doing that we had to install the MDM as a local admin account and switch user as a part of the manual installation process.
After a sync this appear in your Azure dashboard
You can also use the Autopilot script below to export it to the Azure portal
GetAutoPilotD.bat
PowerShell -NoProfile -ExecutionPolicy Unrestricted -Command D:\Folder\Get-WindowsAutoPilotInfo.ps1 -ComputerName $env:computername -OutputFile D:\Folder\$env:computername.csv
Download the powershell below (copy it to the same folder as the bat file)
Get-WindowsAutoPilotInfo.ps1
Once you have exported this across your devices you can head to the Azure portal and go the Windows Autopilot devices section and click on Import
3.7 Installing Desktop Apps via Chocolatey
In order to install all software by once before we capture the image I have used Chocolatey Powershell scripting
First part is to install Choco via Powershell (run as administrator)
Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
Then I have created the two files below
setup.bat
@echo off
powershell -NoProfile -ExecutionPolicy bypass -command ".'%~dp0install.ps1'"
install.ps1
choco install boxstarter -y
choco install googlechrome -y
choco install adobereader -y
choco install teamviewer -y
choco install treesizefree -y
choco install 7zip -y
choco install dellcommandupdate -y
choco install vlc -y
choco install jre8
choco install notepadplusplus.install
3.8 Install Windows 10 Apps
Reinstall Windows 10 Store
Get-AppxPackage -AllUsers| Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Reset Windows 10 Store
wsreset
Uninstall the store
Get-AppxPackage windowsstore | Remove-AppxPackage
I had installed the camera app, Office lens, Power Bi as well as Company portal to provide a company catalog of apps.
3.9 Custom StartLayout
https://www.tenforums.com/tutorials/105001-set-default-start-layout-users-windows-10-a.html
3.10 Cosmetic touches
Stickers
Working in the fashion industry is a lot about appearance so we have decided to get some sticker branded to be put at the back of the 2 in 1 devices.
Boot loader custom image
A great & easy way to customize the boot loader is to use HackBGRT
You will have to make sure bitlocker is disable and your BIOS is UEFI type.
Copy the folder you have downloaded into a usb drive with your own picture.
You can change a couple of option in the config file and execute the setup.
Fonts
Copy any non-default Fonts that are used by the Marketing departments