Automating New Device Setup with NinjaOne

New Device Setup with NinjaOne Blog Banner

This article is based on a webinar conducted by NinjaOne and is intended as a companion piece to help our users follow along. You can watch the full webinar here.

Onboarding new endpoints can be a particularly time-intensive task. Fortunately, the steps taken to configure, secure, and set up a new device or endpoint can often be standardized and automated to dramatically decrease the time investment required. With the right tools, you can even automate customized device setup at scale.

This article provides a framework for setting up NinjaOne automation and five step-by-step examples you can implement right away.

The new device setup framework

We’ve broken the new device setup automation process into five steps:

  • Cleanup the device
  • Configure the endpoint
  • Install required applications
  • Deploy security resources, and
  • Validate

For the first and last step the order matters, but for the middle three steps you will likely move back and forth between the steps as befits your needs.

Cleanup the device

This step will be incredibly relevant if you are recycling a previously-used device. It’s important to remove any data from that previous user and to reset the device to a baseline so the new user has the best possible experience. For new endpoints, some cleanup may still be required to (for example) remove bloatware.

Example cleanup steps include:

  • Run windows update repair
  • Remove unused users; admin accounts
  • Remove pre-installed software
  • Remove older versions of software and reinstalling
  • Remove unused and pre-installed printers
  • Clear temp folders, remove user data

Configure the endpoint

There are thousands of potential configurations changes you may make to an endpoint prior to an end-user taking control of their device. These changes are usually to improve security or improve the end-user experience.

Example configuration changes:

  • Disable Fastboot
  • Add wi-fi SSID profile
  • Set power plans
  • Set computer name
  • Map network drives
  • Set registry keys
  • Enable and configure restore points
  • Disable Windows 11 upgrading
  • Setting local account expirations
  • Configure end-user settings (language, time, regions, keyboard layout, set default apps)

Install applications

One of the easiest, and likely most common, use cases for automating device setup is deploying applications.

Example applications and application categories

  • Security software (AV, NGAV, EDR, etc)
  • Productivity applications (Office 365, Slack, Zoom)
  • Backup software (Ninja Data Protection, Acronis)
  • VPN (with server and domain configured)
  • Line of business applications
  • SSO

Deploy security resources

Whether it’s deploying security applications, hardening an endpoint through configuration changes, or getting an endpoint fully updated prior to hand-off, potentially the most important part of new device setup is securing the endpoint.

Example security configurations

  • Create local administrator
  • Setup password rotation for local admin
  • Enable Bitlocker
  • Enable firewall and ensure profile is turned on
  • Get OS to latest patch
  • Run OEM firmware and BIOS updates

Validation

The validation step is the last and most critical step in the automated device setup process. Automation is an amazing timesaver, but lacks the oversight a more hands-on approach provides. By also automating validation, you can ensure the new device is setup to specification (and take action if it’s not) before the end-user starts using their new device.

Automating new device setup in NinjaOne (Examples)

The five examples below follow the framework defined above, with one example per step. These examples are meant to be generic enough to be easily applied in any environment, broad enough to be applicable to many, and easily replicable. Each of these five examples would go into one policy to which new devices would be added in order to automate the setup.

You should be able to easily reuse these steps to build your own automated device setup process.

Example 1 – Cleanup – Run Windows Update repair

When reprovisioning a used device for a new user, you want to make sure that Windows Update will work as intended. To do so, you can run a Windows Update repair script before deploying any patching workflows.

How to setup your Windows Update repair automation

  1. Navigate to the scheduled scripts section of your device policy
  2. Create a new scheduled script
  3. Fill in the name and description
  4. Set the schedule to Run Once Immediately (this script will trigger only once, upon first check-in)
  5. Add your Windows Update Repair Script (Ninja users can see the scripts we used here).

Example 2 – Configuration – Disable Fastboot

With Fastboot enabled, end-users may think they are restarting their computer when they are just putting it to sleep. This can cause some patches not to be installed, leaving endpoints vulnerable.

In this example, we are using a condition to continuously check whether Fastboot is enabled and disable it. If disabling Fastboot fails, we’ll send a notification and create a ticket as manual intervention is likely required.

How to set the Fastboot monitor and disable automation

  1. Import the ‘Disable-WindowsFastBoot’ script from the NinjaOne script template library
  2. Navigate to the conditions section of your device policy
  3. Create a new condition script of type Script Result Condition
  4. Set the Evaluation script to ‘Disable-WindowsFastBoot’ and With Output Contains ‘Fail’
  5. Fill in the name and description
  6. Add a notification and/or ticketing rule to ensure proper follow up

Example 3 – Install Applications

One of the most common steps in setting up a new device is deploying the required applications. Often you’ll have to deploy several applications to get the device ready.

How to deploy applications

  1. Navigate to the scheduled scripts section of your device policy
  2. Create a new scheduled script
  3. Fill in the name and description
  4. Set the schedule to Run Once Immediately
  5. Click ‘Add Script’ and select any application installation scripts you want to deploy
    1. You can use the built-in Install Application script to deploy most MSI / EXE / DMG / PKG packages
  6. Arrange the applications in the order you want them to install

Example 4 – Security – Local Administrator

Many MSPs and IT teams use a local administrator account on endpoints to ensure they have a vehicle to take privileged actions on managed endpoints. Creating this local administrator account during setup helps ensure other actions during setup are more likely to succeed.

How to create a local administrator account

  1. Navigate to the scheduled scripts section of your device policy
  2. Create a new scheduled script
  3. Fill in the name and description
  4. Set the schedule to Run Once Immediately
  5. Add your Create Local Administrator Script (Ninja users can see the scripts we used here)

You’ll likely want to rotate the administrator password regularly to ensure better security.

How to rotate the administrator password

  • Navigate to Global Custom Fields
  • Create a new custom field with type equal ‘secure’
    • In the linked script, the field name is ‘domainadminpassword’
  • Navigate to the scheduled scripts section of your device policy
  • Create a new scheduled script
  • Fill in the name and description
  • Set the schedule to run on an appropriate schedule (weekly, for example)
  • Add your password rotation script (Ninja users can see the scripts we used here)

Example 5 – Validation

The final step, validation, ensure you are aware of any problems that arise during the automated new device setup process.

How to setup validation

  • Navigate to Global Custom Fields
  • Create a new custom field with type text for each step in your onboarding workflow
  • Build error-checking code into each script in your onboarding process that writes success or failure outputs to the associated custom field.
  • Create a new condition with type equal to custom field
  • Check each custom field for a failure message
  • Create a notification or ticket if a failure is detected

The validation step creates a ticket on failure as at this point the automation has identified a problem and manual intervention is likely required.

Image-based versus agent-based device setup automation

Traditionally, new devices were set up by deploying a golden image to the endpoint. This golden image would have all the requisite configurations and applications already deployed. The process above uses an agent-based approach. There are benefits and drawbacks to either approach which are outlined below:

Image-Based Agent-Based (NinjaOne)
Ideal for
  • Highly standardized environments
  • In-office environments
  • Remote and distributed environments
  • Endpoints that need customization
Benefits
  • Standardized device setup
  • Wipes device (data privacy)
  • No validation step
  • Automated setup at end-user location
  • Customization at scale
  • Easier to setup
  • Can be preinstalled on a golden image
Drawbacks
  • Double shipping for remote employees
  • Time intensive
  • No customization

 

  • More points of failure

 

 

If you’re managing remote and distributed endpoints and if you require customization at scale when setting up new endpoints, an agent-based approach is a much better fit.

Ready to automate new device setup?

While the examples in this article are generic and relatively simple, they should provide a great starting point for building out your own new device setup automation. If you’re ready to start automating device setup, sign up for a free trial of NinjaOne.

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about NinjaOne Endpoint Management, check out a live tour, or start your free trial of the NinjaOne platform.

You might also like

Ready to become an IT Ninja?

Learn how NinjaOne can help you simplify IT operations.

Watch Demo×
×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

Start a Free Trial of the
#1 Endpoint Management Software on G2

No credit card required, full access to all features

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).