Title: Managed Desktop supported device surplus instructions

Service: SURPLUS

Template if applicable: Process Endpoint For Surplus

Assignment Group(s): OIT_DESKTOP_SUPPORT

Document Owner: Darrick Bremner

Available Priorities: Low

Keywords: Surplus, Disposal, Data security, Device removal, Asset, Retirement,

This document is intended as a guide for OIT Managed Desktop supported devices and the proper steps to surplus and dispose of assets being retired from general use.

Access

Technician will need the following access:

• LAN Admin Account
  • .ADMIN LAN account to AD Group: OIT-All Admin Accounts
  • LAN account to AD Group: OIT-Comtech-Users-LANAdmins
• InfoBlox IP registration - https://ipam.ddi.ncsu.edu
• JAMF access
• ServiceNow ITSM license
• Surplus Labels: LINK

Instructions

As is required by both the NC Department of Administration and NC State regulations, all property, capital or non-capital, acquired by an NC State University department must be disposed of through the NC State University Surplus Property Office.

When a computing device has been determined to no longer remain in service, the device must be properly retired and moved to surplus.

Multiple steps are required to retire an asset before it can be moved to a surplus pickup area.

Incident ticket

• • Verify there is a surplus incident ticket for the retirement of the asset. If there is not a surplus ticket create one using the “Process Endpoint For Surplus” template.

Remove or wipe drive.

• • OIT Managed Desktop Support has opted to remove storage drives that can be removed and destroy them for better prevention from university data loss.

• • • The drive is physically removed from the machine.
    • Any guides, rails, trays or other vendor adapters are removed from the physical storage device.
    • The storage drive will then be placed in the yellow storage bin at the front of the OIT Managed Desktop office.

• • For Apple Devices that have integrated storage and attempt will be made to wipe the drive via instructions at https://ncsu.service-now.com/kb?id=kb_article_view&sysparm_article=KB0021198

• • • If the device does not reside in JAMF for proper wiping of data, the asset will follow the non-removable storage instructions below.

• • For devices with non-removable storage such as tablets, Chromebooks and other devices that have integrated solid state storage, the entire device must be disposed via grinder with all removeable storage.
    • Follow through with surplus process(remove from CMS, AD, Infoblox, retire in ServiceNow & label) and once completed, the device will be put in the yellow bin rather than the surplus area.

• • The storage devices in the yellow storage bin at the front of the OIT Managed Desktop office. will be emptied at minimum quarterly and disposed via rules listed at https://oit.ncsu.edu/it-security/electronic-media-disposal/ Options C

Remove the host name from Computer Management System (SCCM or JAMF)

SCCM:

• • • Log into https://remoteapps.oit.ncsu.edu/ with your .ADMIN credentials.
    • Open ConfigMgr Console (DUO 2FA)

• • • Choose Devices from the left column

• • • Search for the host name of the device you are looking for.

• • • Right click on the device name and choose delete
    • 

JAMF:

• • • https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Deleting_a_Computer_from_Jamf_Pro.html

Remove the host name from AD if it is a Windows PC.

• • • Log into https://remoteapps.oit.ncsu.edu/ with your .ADMIN credentials.
    • Open ADUC (DUO 2FA)

• • • Right click on wolftech.ad.ncsu.edu in the left hand column and choose find

• • • Choose Computers from the “Find” menu.

• • • Search for the host name of the device you are looking for and click the Find Now button.

• • • Right click on the device name and choose delete.

Remove device from Apple School Manager.

• • Only 5 people have access to Apple School Manager
  • Contacts for removal:
    • Peyton Armstrong (OIT JAMF Administrator)
    • Cody Ziccolella
    • Marcel Cascasan
    • David DeFoor
    • Todd Kerstetter
•  
  • They will unassign the asset so it can later be released if necessary. 

Remove DNS entry from InfoBlox.

• • Removing the DNS entry will clear the IP address reservation and make that IP address available for an active device.
    • Log into https://ipam.ddi.ncsu.edu/
    • In the upper right corner, search for the MAC address
    • 
    • Choose linked device (in the example, it is the selection in blue text)
    • Click the IPV4 address box and click the trash icon. This will remove the IP Address assigned to the device.

• • • Click Save & close.

Mark configuration item(CI) as retired in ServiceNow.

• • • Log into ServiceNow at https://ncsu.service-now.com/. You must have an ITIL license to perform this task.
    • In the upper left corner, choose the “All” menu and type “workstations” in the filter text box.
    • Click the Workstations menu item.

• • • Choose Name in the filter box and type in the name of the device you are looking to retire.

• • • Choose the device from the list.

• • • Change installed status from Installed to Retired

• • • In the upper right corner click the “Update” button.

Wipe BIOS password (if applicable)

• • This is a rare step.
  • Attempt to go to BIOS menu on startup
    • For Dell endpoints, repeatedly press F12 to enter the Setup menu. For Lenovo endpoints, repeatedly press ENTER to enter the Setup menu. For all other models, please wait for a prompt on screen or consult vendor documentation. Choose the BIOS configuration.
  • If prompted for a password, contact the user or department for password
  • Once obtained, log into the BIOS Setup and remove the password

Label for Surplus area pickup

• • The device will not be collected from the surplus area without the tag fully filled out.

• • • Print a label for the device to be placed in the surplus area. Labels can be printed from https://procurement.ofa.ncsu.edu/files/2019/05/Data.Security-Removal-Erased-Label-Avery-5963-Label.docx
    • Fill out the information on the label.

• • • • A check on the BIOS password removal
      • A check on the Device Security if it exists
      • A check on Device management (This refers to the CMS, AD, Apple School Manager & ServiceNow)
      • A check on Storage Media
      • Record the serial number of the device.
      • Date of surplus items
      • Print Name & Signature of the tech processing the surplus of  the item.

Remove from NOMAD (if applicable)

• • To be documented

Escalation

All additional information or questions can be directed to the Team leads or Manager of the OIT_DESKTOP_SUPPORT assignment group.