Support Team Procedures - ITS - Admin Desktop Service
10
Support Team Procedures Procedure Category: Managed Desktop Procedure Name: Dell Build – current models A. ISO Document Revision Date Revision Last Author Change History 07/11/2013 1.0 Victor Meyer Initial Draft 04/02/2014 1.1 John Derkacz Amendment 18/02/2014 1.2 John Derkacz Amendment 27/02/2014 1.3 John Derkacz Amendment 03/03/2014 1.4 John Derkacz Amendment 25/03/2014 1.5 John Derkacz Amendment 28/03/2014 1.6 John Derkacz Amended prerequisites 2/04/2014 1.7 John Derkacz Additional amended prerequisites 4/04/2014 1.8 John Derkacz amended BIOS settings 11/04/2014 1.9 John Derkacz Amended details where to obtain the passwords from 8/05/2014 1.10 John Derkacz Amended Security settings and Boot order, and removed Additional Laptop Steps 12/05/2014 1.10 John Derkacz Amended BIOS settings : The Miscellaneous devices in the Desktop 21/05/2014 1.11 John Derkacz Amended sound settings, and additional pre-requisites 26/06/2014 1.12 John Derkacz Added the Requirement that the newly built PC is left on the network until the Anti-Virus icon is Green, and the Configuration Manager Properties is populated with at least 10 actions 07/07/2014 1.13 Ravi Matharu Line added to Prerequisites in red on how to deal with rebuilt laptops. Also file name has been updated. Page 1 of 10
Transcript of Support Team Procedures - ITS - Admin Desktop Service
Support Team Procedures
Procedure Category:
Managed DesktopProcedure Name:
Dell Build – current models
A. ISO Document Revision
Date Revision Last Author Change History
07/11/2013 1.0 Victor Meyer Initial Draft
04/02/2014 1.1 John Derkacz Amendment
18/02/2014 1.2 John Derkacz Amendment
27/02/2014 1.3 John Derkacz Amendment
03/03/2014 1.4 John Derkacz Amendment
25/03/2014 1.5 John Derkacz Amendment
28/03/2014 1.6 John Derkacz Amended prerequisites
2/04/2014 1.7 John Derkacz Additional amended prerequisites
4/04/2014 1.8 John Derkacz amended BIOS settings
11/04/2014 1.9 John Derkacz Amended details where to obtain the passwords from
8/05/2014 1.10 John Derkacz Amended Security settings and Boot order, and removed Additional Laptop Steps
12/05/2014 1.10 John Derkacz Amended BIOS settings : The Miscellaneous devices in the Desktop
21/05/2014 1.11 John Derkacz Amended sound settings, and additional pre-requisites
26/06/2014 1.12 John Derkacz Added the Requirement that the newly built PC is left on the network until the Anti-Virus icon is Green, and the Configuration Manager Properties is populated with at least 10 actions
07/07/2014 1.13 Ravi Matharu Line added to Prerequisites in red on how to deal with rebuilt laptops. Also file name has been updated.
Page 1 of 10
B. Related Documents
Document Title Revision Overview
Admin Guide to Builds 1.0 Required steps from an admin view
C. Overview and ObjectivesThis document outlines the steps required to build a new Dell machine with Windows 8 operating system, using SCCM. This document applies to all the new Dell PCs that will be deployed.
These Include: 9020 All-in-One Touchscreen 9020 All-in-One Non Touchscreen9020 Ultra Small Form Factor PCE7440 14” Non Touchscreen LaptopE7440 14” Touchscreen LaptopE7240 12” Non Touchscreen Laptop
D. Prerequisites Machine needs to be created in Active Directory, in the Organisational Unit
QM.DS.QMUL.ac.uk/Computer Accounts/Physical Desktops/Managed Staff Services
Laptops need to be a member of the group GG-GPO-All_Managed_Laptops and GG-DAS-Allowed_Computers
Computer Name and MAC address have to be registered with the DHCP server and SCCM server.
The device has been added to the [Workstation] OSD – Staff Managed Service device collection in SCCM.
Passwords for setting the BIOS and IAMT are obtained from the Applications team
If the machine has been used before, the machine accounts must be removed from SCCM and Active Directory. Then re-added after 15 minutes
E. Additional Prerequisites
PLEASE Remember, if you need to re-image the PC, and you have data on it, you must save the data before starting the re-image. It will overwrite the disc.
When building Laptops: Please do not build them in the Docking stations
If Laptops have been protected previously using Bit-Locker, then the Computer object needs to be removed from AD and from SCCM. Check with the Applications team whether the objects have been removed and re-introduced back into AD nor before commencing.
Support Team Procedures
Procedure Category:
Managed DesktopProcedure Name:
Dell Build – current models
F. BIOS Configuration
Enter BIOS using either <F2>, or <F12>, then BIOS Setup, when you see the Dell Splash Screen
Please set the BIOS settings in the order listed
BIOS Settings Laptops DesktopsSecure Boot Change to DISABLE and click APPLY Change to DISABLE and click APPLY
General Advanced Boot Options Boot Sequence
Tick ‘Enable Legacy Option ROMs’ and click APPLY
Change to LEGACY and click APPLY
Tick ‘Enable Legacy Option ROMs’ and click APPLY
Change to LEGACY and click APPLY
Security Admin Password
Set the standard BIOS password to the one provided by Skender’s Team
Click ‘OK’ and click ‘EXIT’
Set the standard BIOS password to the one provided by Skender’s Team
Click ‘OK’ and click ‘EXIT’
o The PC will reboot o Select <F2> key at the Dell Splash screeno Click ‘UNLOCK’ and type in the new BIOS password
BIOS Settings Laptops DesktopsGeneral
Boot Sequence Un-tick all but the SSD’ and
the ‘On-board NIC’ Ensure the PC boots off the
SSD first Click APPLY
Un-tick all but the SSD’ and the ‘On-board NIC’
Ensure the PC boots off the SSD first
Click APPLYSystem Configuration
Integrated NIC Tick ‘Enable UEFI Network
Stack’ Ensure ‘Enable w/PXE’ is
selected Click APPLY
Tick ‘Enable UEFI Network Stack’
Ensure ‘Enable w/PXE’ is selected
Click APPLY
SATA Operation Ensure ‘RAID On’ is selected, if not tick ‘RAID On’
Click APPLY
Ensure ‘RAID On’ is selected, if not tick ‘RAID On’
Click APPLY
Drives Ensure all are ticked, if not tick all
Click APPLY
Ensure all are ticked, if not tick all
Click APPLY
Page 3 of 10
USB Configuration Un-tick ‘Enable Boot Support’ Click APPLY
Un-tick ‘Enable Boot Support’ Click APPLY
BIOS Settings Laptops Desktops Audio Ensure Enable Audio is ticked Ensure Enable Audio is ticked
Ensure Internal Speaker is ticked
Miscellaneous Devices Enable all devices Ensure Enable Microphone, and Enable Camera are ticked
Ensure Enable Media Card is Chosen
Click APPLY
Security TPM Security
Ensure all options are ticked Click on Activate Click on Apply
Ensure the TPM services are Deactivated
Click on ApplyChassis intrusion Not an option Ensure is it set to ‘On-Silent’Power Management
Deep Sleep Control Not an option Select ‘Disabled’
Click APPLY USB Wake Support Ensure ‘Enable USB wake
support’ is ticked Ensure ‘Enable USB wake
support’ is ticked
Wake on LAN/WLAN Select ‘LAN Only’ Click APPLY
Select ‘LAN Only’ Click APPLY
Wireless Radio Control Ensure ‘Control WLAN radio’, and ‘Control WWAN radio’ are ticked
Not an option
POST Behaviour Num-lock LED
Ensure ‘Enable Num-lock LED’ is ticked
Ensure ‘Enable Num-lock LED’ is ticked
Virtualization Support Virtualization
Ensure ‘Enable Intel Virtualization Technology’ is Un-ticked
Ensure ‘Enable Intel Virtualization Technology’ is Un-ticked
VT for Direct I/O Ensure ‘Enable VT for Direct I/O’ is Un-ticked
Ensure ‘Enable VT for Direct I/O’ is Un-ticked
Trusted Execution Ensure ‘Trusted Execution’ is Un-ticked Ensure ‘Trusted Execution’ is Un-tickedWireless
Wireless Device Enable Ensure ‘WWAN’,
‘WLAN/WiGig’ and ‘Bluetooth’ are ticked
Un-tick both ‘WLAN/WiGig’ and ‘Bluetooth’
Click Apply Click EXIT
Wireless Wireless Switch
Ensure ‘WWAN’,’WLAN’, ‘WiGig’ and ‘Bluetooth’ are ticked
Not an option
Exit the BIOS, it will reboot
At the Dell Splash screen, press the <CTRL> and <P>. This will enter a new menu screen, which is the Intel Remote Management screen , or iAMT.
Follow the directions below to ensure correct settings
iAMT Settings
Enter the Intel MEBx default password
Change the default password to the one provided by Skender’s team
Select Intel(R) AMT Configuration and hit <ENTER>
Support Team Procedures
Procedure Category:
Managed DesktopProcedure Name:
Dell Build – current models
Select Manageability Feature Selection.
o Ensure it is ENABLED to enable Intel(R) AMT
o Press <ESC> to exit
Select SOL/IDE-R/KVM
o Enable all of these features
o Press<ESC> to exit
Select User Consent
o Set User Opt-in to NONE
o Set Opt-in Configurable from Remote IT to Enabled
o Press <ESC> to exit
Enter Activate Network Access to enable Intel AMT.
o Press <Y> key
Press <ESC> to exit to the Main Menu
Select MEBx Exit to continue booting your system.
o Press <Y> key to confirm
The Build Procedure
Boot the PC, and hit <F12>, and choose the On Board NIC Option, when you see the DELL BIOS screen
Page 5 of 10
Ensure the PC gets an IP address, if it does not get an IP address then check network connectivity, and check whether the MAC address and Asset Number has been registered with the DHCP server
Once it receives its IP address, you will get the following screen, Hit <F12> to begin build, within a few seconds
Support Team Procedures
Procedure Category:
Managed DesktopProcedure Name:
Dell Build – current models
If you get a similar screen to the one below then either you have missed the time to hit the <F12> in time, or more likely, the PC has not been imported into the SCCM server. Ask the Project Support team to investigate.
It begins loading files, and finally it stops at the Task Sequence Wizard.Click on the Next button
You will be faced with a choice of images you may deploy
Choose the (x64) windows 8 Enterprise – Staff Image – ZTI) option, the click on the Next button
Page 7 of 10
At this point it will begin downloading the image.
Once completed, approximately 30 minutes later, you will get the grey QMUL screen,
Support Team Procedures
Procedure Category:
Managed DesktopProcedure Name:
Dell Build – current models
Hit any key you will be prompted to login Log in Bring up a CMD box type in gpupdate /force, hit <ENTER>,
This will update the policies. When prompted “do you wish to log off” Y/N Type <Y>
Log out, and back in, Run another GPupdate /force from a command prompt.
Reboot the PC, you will see the Disclaimer
Log in one more time Bring up command box, Type in gpupdate /force and hit <ENTER>, this will update the policies again. When prompted “do you wish to log off Y/N” Type <N> Type in control smscfgrc and hit <ENTER>
You will see the following screen
Check that the Client certificate is PKI, if it is set to None, close the Configuration Manager, then wait 5 minutes, and re-run the command control smscfgrc.
If it is still set to None, reboot the PC, and re-run the command control smscfgrc.
SCCM will not communicate with the PC until there is a Client Certificate.
Page 9 of 10
Whilst in the Configuration Manager Properties screen, click on the Actions Tab.
Ensure that the available actions are populated with more than 10 actions. If they are not, then leave the PC on the network until the Actions total at least 10 actions.
Failure to do so will mean that SCCM agents are not running, and that the deployed applications will not be available to install.
Finally, check that PC protected icon is Green. If not leave on the network until it is Green.Once it has the correct Client Certificate, the Actions are fully populated, and the PC is protected
Bring up a CMD box, and type in gpupdate /force and hit <ENTER>, this will update the policies again.
When prompted “do you wish to log off Y/N” Type <N>
Type in ipconfig /release and hit <ENTER>
This will release the IP address assigned to that PC
You have finished the re-imaging of and done some basic checks, if all is correct then the PC is ready for shipment
Shut Down the PC, and re-box
Please note: do not pile laptops on top of each other, make surethey are in their protective sleeve, and in their boxes. This willprevent marking the cases.
