I like to create a standard procedure(s) to build different “things” in my work and home environment. Thus have a document of a bunch of tick to follow to ensure I have all the basics done to an operating system, whether it is a desktop, server or IoT device. For that matter also for applications.
It makes my life easier, ensure all my devices are all the same. There might be other procedures that work for you, but for me it is the following.
More specific, what I do for a standard Windows OS workstation (notebook or desktop) build.
- Install the basic Windows OS,
- During the install decide if you want one or multiple drives. For instance some prefer an OS labeled drive and a data drive for their documents. Thus a C drive just dedicated for the OS and its updates, and a D drive for files .e.g. documents , etc.
- Computer name for the workstation. For me, I use the default names provide by windows as it obfuscates the purpose of the workstation. For example, in the past we used to us an abbreviation of our site names for the computer name, but that then gives away where this machine is located. In the name of security, I opted to use the default naming convention.
- Disable Windows bloatware options like Maximum as compared to minimum Error feedback, Advertising ID, etc.
- Connect to a wired or wireless network,
- Once the basic OS is loaded and it has rebooted, the first thing I do is to get Windows registered and updated.
- Encrypt the drives. For myself, I do full disk encryption and I save my encryption key in a safe place,
- Install a relevant Anti-Virus application & update it,
- Install any required drivers and firmware,
- Install any security based applications & update it,
- Install your favorite email client and configure it,
- Install any asset and/or patch management agents and update it,
- If you use an VPN, install that,
- Install all relevant applications and update them,
- Install the needed printer drivers and test it works,
- If you backup your workstation, then setup and schedule your backup job for the workstation,