Preparing standard Microsoft Windows laptops and tablets
When you receive a standard Microsoft Windows laptop or tablet, you should follow these steps before lending the device to a child, family or young person.
This guidance is written with reference to standard Windows devices provided through the Get help with technology programme. It also applies to any new or refurbished devices a school or college has received through donations. Further information on erasing data from donated devices is available from the National Cyber Security Centre.
Re-image or factory reset the device
When you get a device, you need to prepare it to ensure it’s safely set up for users. It’s important to get your device into a ‘known state’ so that you are familiar with the software and settings and can confidently support users.
The following methods can be used to do this.
Use a pre-prepared Windows 10 Image
This is the recommended route as it will bring the device in line with other devices within your school or college network.
Install a clean version of Windows 10
Standard Windows devices come with Windows 10 already installed. If it does need to be reinstalled in future and you don’t have a pre-prepared image, Windows 10 can be installed via:
- USB - If installing from a USB, the USB stick should be wiped and formatted before loading the Windows 10 installer onto it to confirm the USB stick is clean. Find out how to install Windows 10 and boot from a USB.
- DVD - Find out how to install Windows 10 and boot from a DVD.
Perform a factory reset
If you don’t have your own image or a USB or DVD to boot from, you should reset the device to factory settings.
You’ll need to do this for each device individually.
- Log in to the Support Portal
- Click on the ‘How do I?’ section
- Select ‘How to reset your Microsoft Windows device to default factory settings’ and follow the instructions to use local admin and BIOS passwords to reset your devices
Confirm anti-virus and other security settings are in place
Open the Windows Security settings:
- Press 'Windows Key+r' then type 'windowsdefender' and click 'OK' or press enter, or
- Press 'Windows Key', click the 'Settings' icon then 'Update & Security' and 'Windows Security'
You will see an overview of the main security features available in Windows 10 and an alert if any actions are required.
Windows Security settings include:
Virus and threat protection
Virus and threat protection contains Virus scanning, Real-time protection and Tamper protection. Some of the Ransomware protection might show as disabled due to requiring OneDrive. We recommend that you:
- confirm Virus scanning and Real-time protection is on as a minimum
If Account protection contains Windows Hello, we recommend that you:
- advise or assist users to set up a Windows Hello PIN or facial recognition login (depending on hardware) when they receive the device
App and browser control
App and Browser control contains Reputation-based protection such as SmartScreen, and Exploit protection which helps protect against attacks. We recommend that you:
- turn Reputation Base protection on
- use SmartScreen for Edge (if used as the web browser) to help prevent the device from accessing malicious sites
Device security contains elements that may not be enabled depending on the hardware of the device. We recommend that you:
- turn on Core isolation and Secure boot if possible
Create local user accounts
We strongly advise creating a local user account to be used by the person you’re providing the device to. This will prevent users from having access to the Admin account.
Enrol into Mobile Device Management
If your school already has device management in place with remote connectivity, we recommend adding each device to the network to enhance the security of both devices and users.
If your school does not already have device management in place, we would not recommend setting this up due to the associated costs and resources involved.
Set up content filtering
You are responsible for setting up management and safeguarding measures before you distribute the devices to avoid risks to the children and young people in your care.