OIT Windows Imaging

OIT Windows Imaging

--------------------------------------------------------------------------------

This document is to outline the sequential process of imaging a windows based computer.  

Access

--------------------------------------------------------------------------------

Technician will need the following access:

• Unity ID\LAN Account
• LAN Admin Account
• .ADMIN LAN account to AD Group: OITMD-Desktop Support Admins
• .ADMIN LAN account to AD Group: OIT-All Admin Accounts
• LAN account to AD Group: OIT-Comtech-Users-LANAdmins
• InfoBlox IP registration - https://ipam.ddi.ncsu.edu

Possible needed access depending on scenario:

• .ADMIN LAN account to AD Group: OIT-Original_Media-RO

Imaging a Windows Device:

• Select an area to image the asset that is part of the 171 VLAN.
  • All desks in the OIT Managed Desktop room and Build Room have ports that are on the 171 VLAN registered for imaging. 

• Unbox and connect power to the asset. 

• If the asset does not have a built-in Ethernet adapter for connecting a wired network connection, use one of the vendor specific USB to Ethernet adapters available in the OIT MDS Build room

• Power on the computer

• Boot into the BIOS configuration screen. For Dell endpoints, repeatedly press F12 to enter the Setup menu. For Lenovo endpoints, repeatedly press ENTER to enter the Setup menu. For all other models, please wait for a prompt on screen or consult vendor documentation. Choose the BIOS configuration. 
  1. 1.  In the BIOS you will check several items
        • General – Boot Sequence – UEFI
        • General - Advanced Boot Options – Uncheck Enable Legacy Option ROMs
        • System Configuration – Integrated NIC – Check Enable UEFI Network Stack
        • System Configuration – Integrated NIC – Select Enable w/PXE  (only when ethernet port exists)
        • System Configuration - SATA Operation - Select AHCI (verify that RAID option is not selected since it is known to cause imaging issues, unless RAID is needed on that specific system)
        • Secure Boot Enable – Select Enabled
        • Power Management - AC Recovery - Last Power State (may not exist on Lenovos)
        • Power Management - Wake On LAN/WLAN - LAN or WLAN (may not exist on Lenovos)
        • Post Behavior - Fastboot - Minimal (may not exist on Lenovos)
        • Apply changes and Exit
     2. Leave all settings at DEFAULT

• Record the Serial Number & LOM MAC Address for labelling the endpoint

• The Endpoint name will be the Campus Unit Share Name/OU listed here and the last 6 characters of the LOM MAC Address. (Example: A PC belonging to the OIT Technical Shared Services Campus Unit with a MAC Address of 00:45:B2:14:08:E9 would be named OITTSS-1408E9)

• Label the Asset: https://ncsu.service-now.com/kb?id=kb_article_view&sysparm_article=KB0020235

• Prestage the asset: https://ncsu.service-now.com/kb_view.do?sysparm_article=KB0015758

• Add groups OITMD-SC-Microsoft-MBAM-Bitlocker Settings Normal & OITMD-SC-eduroam-certificate-OptIn to all laptop endpoints. 

• Reboot the asset once the asset has been prestaged and for Dell endpoints, repeatedly press F12 to enter the Setup menu. For Lenovo endpoints, repeatedly press ENTER to enter the Setup menu. For all other models, please wait for a prompt on screen or consult vendor documentation. Choose Boot Sequence IVP4

• Choose SCCM AD Integration

• Accept defaults.  

• Choose OITMD - Windows 11 Education 22H2, choose OITMD - Windows 10 Education 22H2 if Windows 11 is not supported on that specific system.

• Wait approximately 2 to 4 hours for imaging process to complete.

Validate Items before returning the endpoint to the end user

• Log into Windows with your Administrative Credentials

• Run a command window from the start menu. (Cmd) Run command gpupdate /force (admin not needed for this action)

• Validate that the asset has been encrypted. Got to Control Panel, Type Bitlocker. You should see the C:\ drive listed. This states that the drive has been encrypted. If the drive is not listed, more time may be needed before the drive is fully encrypted or the OITMD-SC-Microsoft-MBAM-Bitlocker Settings Normal was not added to the AD object earlier in the build.  

• Check Software Center and Start Menu to ensure default software installed:  Alertus, Adobe Acrobat, AnyConnect SBL, Microsoft365, Firefox, NCSU-FW-Google Chrome-Auto

• Run SCCM Update Actions. Go to Control panel. Type "Configuration" in the Search Menu. Choose Configuration Manager. Go to the "Actions" tab and run each item in the list. Once the "Run Now" button is clicked, you will see a warning saying that "The selected cycle will run and might take several minutes to finish".

• Run the corresponding Vendor Driver update tool. 

• Verify that the device connects to Eduroam. Unplug the network cable and the device should move to a wireless connection. Validate this by hovering over the wireless connection at the bottom right taskbar near the clock and make sure that it is connected to the Eduroam network.

Troubleshooting

--------------------------------------------------------------------------------

• Error: The PC is named MININT-XXXXXX: This happens when there is an issue with the pre-staging of the asset. Delete the initial pre-staged MININT-XXXXXX OU object and re-image from the beginning of these instructions.

•

•

Escalation

--------------------------------------------------------------------------------

All additional information or questions can be directed to the Team leads or Manager of the OIT_DESKTOP_SUPPORT assignment group.

Title:  OIT Windows Imaging

Service/Product: Windows Imaging

Template if applicable: New Asset Image, Reimage Loaner

Assignment Group(s): OIT_DESKTOP_SUPPORT

Document Owner: Darrick Bremner

Available Priorities: Low

Keywords: Windows Imaging, New computer, New asset, New employee computer, Image, Imaging, Install Windows