Looking into revamping our laptop provisioning as a whole for a fully remote company, just want suggestions on what you all do
Posted by andrewsmd87@reddit | sysadmin | View on Reddit | 28 comments
So I am taking over laptop provisioning which was previously done by a long time person who isn't here anymore. Our previous process was having the laptop imaged by dell with all of our things, then shipping to his house, him keeping a few on hand, then shipping to new employees via fedex as they came on. Also, sending pre paid shipping labels to people as they leave or need new ones.
First, after taking this over, fedex is insanely expensive, and I'm wondering if I can save money using a service and possibly switching to UPS or something. Wondering if anyone has used something like Shippo or ParcelPath.
Second, I can't ship directly from dell because we've had issues in the past where we can't get the machine we wanted (we buy higher end ones for employees) for a month or two and the person was left starting without a laptop. So we need to keep the, it stays with someone and they ship as new people come in thing.
Third, UPS is more convenient for me personally, but I'm open to whatever if we can save some money. It is costing us 130 roughly to ship a single laptop right now which seems asinine.
Just wondering what you all do.
apathetic_admin@reddit
I doubt the laptops being stored in someone's home are going to end up covered by their home owners insurance.
The best process I've found involves establishing a relationship with a VAR. You work with Dell / your VAR to get Autopilot and Intune setup so that machines get their hardware IDs and group tag configured at the point of purchase. Your VAR can even boot these up and run through the white glove auto provisioning process to have all of the applications preinstalled, and then reseal. The VAR would store these for you in their own warehouse (at a small fee) and handle the shipping process for you. You and the VAR have reporting to keep track of your inventory so that you know far enough ahead of time that it's time to put in another order.
andrewsmd87@reddit (OP)
They aren't, one of the many reasons I'm looking for a better solution. Someone else mentioned dell storing these so I will look into that thanks
ohioleprechaun@reddit
depending on how long it takes to get a depot service turned up, I would recommend having your employer pay for whatever rider is needed to insure their storage at your house.
bjc1960@reddit
IT is all remote, so we are "all remote". We ship direct from Dell to user, with autopilot. But now, given we have a bit of an internal supply due to separations or ordering delays, we ship from our home via Fedex, with insurance, for $60-90 with insurance.
QuantumRiff@reddit
we have a similar process for our fully remote company. The two admins live on either side of the US, and each have a 'spare' laptop in the box. We use Intune for provisioning (which ended up working really well).
So for a new employees, we'll have a new laptop (and Monitors, dock, etc) shipped directly to them, they unbox and sign in with their new credentials. For broken laptops, we ship from whichever of us is 'closer' to save on shipping, and have another laptop sent to us.
We do have a small office outside the US, and customs is a royal pain, so we keep 4 new laptops, and another 6 or so 'used, but still decent' laptops setup there as their spare pool.
There are some other cool services that will handle distribution and imaging for you, and will handle sending out (and retrieving) equipment. but for our company with a few hires a year, it doesn't make sense. But we did like https://growrk.com/
andrewsmd87@reddit (OP)
Hm that is interesting but I think we're in the same boat as you. If we did 5 new hires in a year that would be a lot. I bet our average is 2 to 3
QuantumRiff@reddit
So shipping costs do add up for us, but really, we are talking a few times a year. and its like $100 to overnight a laptop. Most of our laptops are just shipped via CDW directly to the new hire's house, but sometimes they are temporarily out of stock, or, much more likely, someone forgot to tell us and they start on monday, and we ship them a spare 3 day or something.... (and then have the new one shipped to us).
It used to be a pain, but no longer having an 'image' to lay down is very nice. I just leave the laptops sitting in their boxes, ready to go. Autopilot and Intune are kind of nice...
theoreoman@reddit
What's actually wrong with the current system? Are you being asked to change it? Are you being asked to save some money? Are you shipping overnight Express?
If your doing this on your own initiative Just remember that no one will really care if you save a few bucks but they'll sure be mad at you if you break the system.
Personally I wouldn't switch to anything that makes more work for me.
Just remember in the grand scheme of things saving $50 is a rounding error when compared to the cost of hiring, onboarding, and training.
The_NorthernLight@reddit
If you have to ship internationally, stay with fedex. UPS is terrible outside of the US. Fedex enforces signature requirements much more strictly, and has a better insurance recovery if needed. Honestly sounds like you need to re-create the previous guys setup. Without a central office, its pretty tough to manage inventory.
andrewsmd87@reddit (OP)
We don't have to go outside the US
Frothyleet@reddit
Who is your VAR? A number of VARs will let you purchase inventory that they warehouse on your behalf and ship out at your direction.
It's not going to be the cheapest option, but for a decentralized org it is the right operational option.
andrewsmd87@reddit (OP)
Dell, someone else mentioned they have a depot service I'm going to look into
bitslammer@reddit
I"ll take the counterpoint here and say I've had zero issues with UPS, Fedex on the other hand "lost" 2 laptops, both after reaching the local depot.
cmorgasm@reddit
Dell does offer a depot service that may hit your timeline headache -- basically, buy the machines in bulk and Dell holds them for when they're needed, but they're in a "Ready to ship" state. CDW can also offer this, if needed. We've found UPS more reliable than FedEx, but that does change when going international, oddly enough.
FedEx can offer you something better than sending a return label, and so can UPS but I never figured out how to do it right, where you can have them go to a FedEx and provide your account number and they'll ship it back to you with that. All the shipping fees, and any packaging supplies needed, would get billed direct to your account, too.
andrewsmd87@reddit (OP)
We don't have international but this is the first I'm hearing about the dell thing, I will check that out thanks
CountyMorgue@reddit
WE have sinilar issue and order them to site location. We use MDT to deploy image and a script during deployment to create and upload the autopilot hash. Then a script to sysprep the device and reboot to the autopilot join screen. We then ship UPS.
andrewsmd87@reddit (OP)
Yea that's sort of what we do right now, we just have 0 site locations, so that is technically my house. Trying to find better options
TechMonkey605@reddit
We handle this very differently.
We do use UPS, create a biz account online, gives about 20 savings (actual mileage may vary) do not do dell images, it’s an expensive add-on. Instead invest in a USB brand it or whatever you wanna do, but can use it as a marketing expense, do a pre provision packaging and the employee plugs it in during OOBE and you’re done. This is my favorite method.
https://youtu.be/ES9hYiimNeI?si=NVKADf3UCFQ4e4Hi
Also since you’re buying direct (and assuming you’re using the whole Microsoft business premium at least you can also use autopilot and have Dell just give you the hash
Arudinne@reddit
If you're using USB you might want to look at https://github.com/rbalsleyMSFT/FFU
andrewsmd87@reddit (OP)
I will look into that thank you!
TechMonkey605@reddit
Anytime, hope it helps. If you are managing it via intune ppkg can enroll both domain and intune and package expiration is like 30 days, so can just plug it in later, but it’s a simple delete, we have a script that formats the USB and encrypts it with bit locker when provision is complete
andrewsmd87@reddit (OP)
Yea we're using intune for all of that so this feels like it makes a lot of sense for us at first glance. My main guy is on vacation so I'm going to wait for him to get back to go over it with me
Arudinne@reddit
We have a central office so our current method uses MDT, but I'm working on moderning our setup using a combination of FFU Builder, Autopilot and NinjaRMM.
The FFU is really only needed if the desire is to wipe the device entirely, and I've modified it so that it will call an azure runbook to register the device in Autopilot if it isn't already registered.
From there it goes to OOBE autopilot login prompt. Only the company portal and the RMM client are installed by Autopilot.
User needs to log in and then Autopilot does it's thing. Once that's done - Ninja does the rest of the heavy lifting.
For shipping labels I wrote an "app" that sites inside our helpdesk platform and calls the FedEx API directly.
Mister_Brevity@reddit
We use Macs, and order a dep/mdm enrolled machine for shipping direct to the user. They turn it on and connect it to wifi, select their language and location and it configures itself. When they’re done, if they need anything that requires windows, their vpn is configured and they can log into a terminal server. Least stressful hardware onboarding I’ve ever done.
TechMonkey605@reddit
This is exactly how we do our Mac’s as well (Apple business with intune)
Mister_Brevity@reddit
We use Apple edu and jamf. When you use mdm for windows and for Macs you can definitely tell Apple had a head start, and the benefits of them only having to account for one os/vendor/etc is undeniable.
TechMonkey605@reddit
Yeah, really like the take over function on EDU, you can tell they thought ahead on the federation.. Microsoft should take notice
die_2_self@reddit
Buy from dell, use intune auto pilot, new devices from dell have their hardware IDs automatically input into the Microsoft tenant for autopilot, the OOBE prompts the employee to sign in with their Microsoft account with your company logo on the sign in screen. Can have it shipped to them directly from dell or use any shipping process that is preferred. Use intune to auto install everything., or just install your RMM, and have your RMM do the new device setup process and configuration.
If the device ever needs to be reset or even a fresh OS install, autopilot and/or your RMM does the rest.