Loading...

Knowledge Center

/
centrexIT
Knowledge Center

KP Environmental Windows Endpoint Provisioning

KB00002753
Cory Walton Work Instruction 1 min
PublishedCory Waltonv1.0
Published May 13, 2025Expires Jan 9, 2027

Client End-Point Details:

Section titled “Client End-Point Details:”

  • Client name: KP Environmental

  • Standard Make & Model: There is no Hardware Standard currently.

  • The client is purchasing all hardware from Dell currently.

  • Alternate Make & Model: HPs

  • Default naming schema: KPE-[Serial_Number]

  • Minimum Windows OS Version: Windows Pro 11

  • Domain: The client is full Azure.

  • N-Central Specifications N-Central Agent link:

  • KPE Corporate: e6161965-9e42-b246-1781-69321a102e6b

  • GIS Devices: 938229ea-da34-5ffb-b938-3e1b518bf413

Software

Section titled “Software”

  • Office x64 bit

  • Google Chrome (set as Default)

  • Cisco Umbrella

  • MS Teams

  • N-Able (Windows Agent)

  • IMPORTANT DO NOT add user to the local admin group. (kpe is no longer doing this!)

  • Remove Cortana task view buttons

  • Remove Windows/vendor Add\Bloatware

  • IMPORTANT: for HP systems please make sure to remove HP Wolf Security

  • Pin the following apps to the Taskbar:

  • Word

  • Outlook

  • Excel

  • MS Teams

  • Make sure mic and audio works

  • Adobe Acrobat (If Requested)

  • Chrome

  • Cleanup start menu to show only production applications

  • Example:

Specific End-Point Provisioning Instructions:

Section titled “Specific End-Point Provisioning Instructions:”

Computer configuration: Work with Rebecca to gain access to the end-point through Screen Connect

  1. Schedule time with the employee to gain remote access to the computer.
  2. Create an account “localuser”, and add it to the Local Administrators Group
  3. Set the password to the standard in 1Password for the client.
  4. Login to the end-point as “Localuser”
  5. Rename the end-point using standard: KPE-Serial Number
  6. Reboot the computer
  7. Log back in to the computer using localuser
  8. AzureADJoin the Laptop using the users creds.
  9. See KB00002749 for Joining end-points to AzureAD.
  10. IMPORTANT: Make sure you mark the user as the Primary User of the device in Intune!
  11. Verify compliance within Microsft Entra for the newly added device-
  1. Make sure that the BitLocker key is backed up to the AzureAD account
  2. Configure the Intune Properties so that the device is listed as corporate-owned and assigned to the user.
  1. Assign the device group/category per the request form