I'm stepping in as the 'IT guy' for a small business, and honestly, I'm still learning the ropes of system administration and security. We just purchased a few Windows 11 Pro laptops (which I had to push for over the Home version) but now I've got to manage the setup for employees. We're working with a very limited budget, only what's already been spent, and we have an external IT company that set up our web domain and Office 365 Business Standard accounts, but there's no Intune.
I need to configure several things on these new laptops:
- Restrict users from installing applications while ensuring I can install or modify them as an administrator.
- Enforce a minimum password rule (8-4) for user accounts, along with the ability to reset them if needed.
- Ideally, I want a way to easily clone this setup for each new laptop.
- Ensure automatic updates for all software.
- And I need to be able to remote into their machines when required.
Any advice on how to efficiently set this all up?
7 Answers
I feel your pain! Intune would really make this easier, but it sounds like you're managing fine with what’s available. I've been using EMS E3 along with Intune for managing a larger setup, and it works well for provisioning and access management. If you get the chance in the future to push for better tools, definitely go for it!
Since you don't have Group Policy Objects (GPO) available, you might want to consider scripting some local policies. This could be done with PowerShell and rolled out using Action1 to make things easier. As for setting up the user accounts from scratch, I'm sure there's a way you could automate part of that too! Let me know if you want more details on the script I was thinking about.
Absolutely, I’d appreciate any examples or scripts you could share!
Just to chime in, I've been using Action1 with a similar setup in my job, and it handles the tasks you mentioned pretty well. You might not need AD as long as you have Action1 to manage deployments and policies efficiently. Just be sure to keep your scripts handy!
If you already have a domain, think about setting up Active Directory (AD). It’s not as modern as Intune, but it can do most of what you need. You'll spend some time tweaking the group policy, but it should cover user restrictions and password complexities. Just ensure you research remote access solutions like RustDesk to save costs. It can work well if set up correctly!
Action1 has given me the same capabilities you're after, especially in a setup like yours with M365 Business Standard. If you don’t have AD, you can still manage things like local accounts through Action1. Implementing PowerShell scripts for password policies and software installations can definitely streamline your setup process even without a huge budget. Just get creative with what tools you've got!
I've been in a similar position. Document everything! Create an asset list for all your devices, and make sure you control any hardware acquisitions to keep things consistent. You won't be able to automate everything yet, but an onboarding checklist can make future setups much smoother. Once there's a budget, you can dive into more specialized management tools!
That’s a solid idea. I'll definitely start keeping track of everything now!
Honestly, getting Intune would be the simplest solution, but I get that you can't swing that in your budget. If your external IT company is any good, they should have templates they can duplicate for you. It might seem like a basic ask, but setting it up properly can save a lot of headaches down the line!
Yeah, I really wish we could go that route. We're pretty much locked into what we have!
I wish! But it's all about working with what we have for now.