In this blog, we will dive into workstation management which will include three sections to cover the on-boarding of workstations, managing, maintenance and motoring of these workstations and then decommissioning or off-boarding of these workstations.
Firstly, of course, we will need a checklist when it comes to onboarding new work stations. Checklists should be used with all I.T processes but even more so when it comes to workstation management and on-boarding workstations. By using a checklist you will ensure consistency across your organisation which will result in easier support and troubleshooting by your team. The first step that should be on your onboarding checklist is obviously procuring the workstation for your user, whether it’s from a supplier or maybe you have a BYOD policy in your network. Preferably I am all for standardising the platform that you are rolling out for ease of management and support and typically would steer clear from a BYOD environment. Limiting your fleet to a limited number of hardware platforms will mean easier software and driver roll-outs and you can also create a stand SOE image that can be easily rolled out rather than the nightmare of installing each business app fresh on each workstation that comes through the organisation. Having a standard vendor will also sometimes mean better pricing or support. When it comes to choosing a vendor or machine model from a reputable manufacturer like Dell or HP it can be a confusing and tedious task to choose one over another with similar specs and pricing. In the end, I would recommend choosing the one that comes with the best support and service level agreement and also choose based on the sales team you deal with and how quickly you can source equipment from them. Ultimately whichever supplier you go with you want to ensure that if you do have an issue you will be able to have it resolved fast or if you need to procure a device fast you can get it without issues.
Once you have chosen a vendor you will then choose at least three models that you will roll out to cater for different roles at your organisation. Choosing three different models would be the maximum to cater for your low, medium and high specced workstations for the different tasks that your users perform daily.
The next step once you have procured your workstations is to ensure that you have a solid inventory system or Asset register in place. Not only is this important to track who has what asset but you can also keep a record of purchasing details along with warranty and support details for each asset.
Now it’s time to unbox the asset and create a solid standard image that you will use on all of your machines. Once you have an image most hardware vendors might be able to do this imaging for you so if you find you image a lot of machines, for a small price it may be worth looking into to save your team some time. If you decide to do this yourself then there are plenty of options out there such as Symantec Ghost, Acronis and Clone deploy.
After you image the machine, one of the first steps will be to change the workstation name and add the workstation to the domain. By default when you add a machine to the domain the machine defaults to the Computers OU within AD. One step that is often forgotten is once you have added the machine to the domain, make sure that you go to the active directory and move the machine from the default Computers OU and move it to your more specific workstation OU. This ensures that you keep things organised and if you have created specific group policy objects then they will get the automated settings applied correctly. Once the machine is all ready to go with the correct software it’s a good idea to ensure that your machine is protected via endpoint protection and has the most up to date virus definitions.
Lastly when the machine is complete and ready for deployment you can start setting up the workstation for the user and make sure things such as shared drives are mapped, printers are installed and the applications they will be using are installed and working.
Tasks involved with workstation and desktop management will range from monitoring the workstation to changing specific settings on these workstations when required by using tools such as group policy. Using group policy is a convenient way to apply a bulk change to a number of PCs in one hit to save time visiting each PC one by one and manually making those changes. These changes can include a simple desktop background setting, password policy settings, Google Chrome settings and even the deployment of an application through an .MSI file. I would also use group policy to manage user settings such as deploying mapped drives and install printers simply because it is more reliable and consistent than trying to use scripting of some sort.
It is an expectation that most organisations have protected their network in some way and have implemented a firewall or a security appliance on the edge of their network to protect the machines and once this is in place often the local windows firewall is often neglected. Even if you have a solid firewall or security appliance in place it is important to still manage local firewall rules to ensure that your workstation stays protected from incoming and outgoing traffic. If your machine for some reason becomes infected by a virus or a mail-bot of some sort it is important that your machine doesn’t talk outwards or externally providing sensitive information to the originator of the virus.
Along with the Windows firewall, machines will also come with Windows Defender built-in. Windows defender is a pretty good means of virus protection but if you use your own vendor then it is often best to turn this off. It may be worth even switching to windows defender and getting rid of your typical endpoint protection because not only is it a very good solution, a lot of the settings can be managed via group policy so when looking at an endpoint protection solution it can be definitely worth the look. But if you are happy for now then ensure that this is turned off.
Microsoft office is used by default at most organisations these days. Whether it is on-premise or 365, you can benefit from using group policy to manage each of these installs and settings.
Examples of some office group policy settings that I recommend that you should look at changing are –
- Autosave and auto recover locations – change to the home directory
- Search deleted items – allows your search result to include your deleted item. By default, it does not.
- Speed up search turn off – By speeding up search a heap of results will be omitted. It’s a good idea to turn this off
Once your machines are running like clockwork, your job is not complete. Workstation management also involves Maintaining and monitoring them to ensure they are running efficiently. It’s hard to monitor machines that are remote so there is a number of agents out there you can install to allow you to both manage and monitor machines both inside and outside your network.
Lastly, keep our computers clean. Dust is the mortal enemy of all things electronic and could be the reason your computer is running slow. Dust causes your computer to overheat so ensure that your computer is dust free and kept in a well-ventilated area.
Off boarding Workstations
The hardest part of workstation management is keeping your Asset Database up to date. When off-boarding a workstation, the first task will always be to update your inventory or asset register. If the workstation is being replaced or upgraded with a new one but the machine is still sufficient for use by another user and can be deployed out again then mark it as spare and look to clean it up and re-image it. If it is not good enough for re-circulation then you can start the process to retire the asset. This will include marking the asset as retired in the asset register and follow the steps to archive the data and wipe the hard drive ready for the trash or recycling. If the machine will end up as trash make sure you strip the machine of the parts that can be reused as spares.