Device Setup Guide
1. Purpose
Section titled “1. Purpose”Guide new employees through automated device setup to meet Meridian Seven’s BYOD endpoint security requirements. The setup script handles software installation, security configuration, and posture verification.
2. Prerequisites
Section titled “2. Prerequisites”- Admin (sudo) access on your device
- 1Password team invitation accepted (check your email)
- Internet connection
- macOS 14 (Sonoma)+ or Windows 11 22H2+
3. Quick Start
Section titled “3. Quick Start”The device setup scripts are delivered as download links in the welcome email sent during onboarding. Download the appropriate script and save it to your Desktop, then follow the steps below.
- Click the Download device-setup-macos.sh link in the welcome email and save to your Desktop
- Open Terminal and run:
Windows
Section titled “Windows”- Click the Download device-setup-windows.ps1 link in the welcome email and save to your Desktop
- Open PowerShell as Administrator and run:
Alternative (for employees with GitHub access): Clone the repo and run the script directly:
4. What the Script Does
Section titled “4. What the Script Does”The script automates the following steps in order:
| Step | Action | Manual Input Required |
|---|---|---|
| 1 | Verify OS version meets minimum requirements | No |
| 2 | Install Homebrew (macOS) or verify winget (Windows) | No |
| 3 | Install 1Password app | No |
| 4 | Install 1Password CLI | No |
| 5 | Download and install CrowdStrike Falcon sensor (via falcon-installer) | No (sudo required) |
| 6 | Check 1Password account sign-in | Yes — open 1Password app and sign in |
| 7 | Verify or enable disk encryption (FileVault/BitLocker) | No (sudo required) |
| 8 | Check screen lock timeout | No |
| 9 | Verify or enable firewall | No (sudo required) |
The only interactive step is signing in to 1Password (step 6, for your own account). CrowdStrike installs automatically using a 1Password Service Account — no interaction required.
5. Post-Setup Verification
Section titled “5. Post-Setup Verification”After running the script:
- Re-run the script — all checks should show ✓ (pass)
- Confirm CrowdStrike — verify your device appears in the Falcon Console (ask the CTO if unsure)
- Confirm 1Password CLI — run
op whoamito verify CLI access - Confirm FileVault/BitLocker — run
fdesetup status(macOS) or check Settings > Privacy & Security > Device encryption (Windows)
6. Troubleshooting
Section titled “6. Troubleshooting”FileVault requires restart
Section titled “FileVault requires restart”FileVault encryption begins after a restart. The script enables it, but you must restart your Mac to begin encryption. Save your recovery key in 1Password.
CrowdStrike needs reboot
Section titled “CrowdStrike needs reboot”On some systems, CrowdStrike Falcon requires a reboot to fully initialize. If the script warns about sensor status, restart and re-run.
1Password CLI not on PATH
Section titled “1Password CLI not on PATH”If op is not found after installation:
- macOS: Close and reopen your terminal, or run
eval "$(/opt/homebrew/bin/brew shellenv)" - Windows: Close and reopen PowerShell
op signin errors
Section titled “op signin errors”- Ensure you’ve accepted the 1Password team invitation
- Ensure biometric unlock for CLI is enabled in 1Password Settings > Developer
- Try
op account addifop signinfails
CrowdStrike credentials not found in 1Password
Section titled “CrowdStrike credentials not found in 1Password”If the script says “Could not read CrowdStrike credentials from 1Password”, the CTO needs to create the CrowdStrike Sensor Install item in the Security vault. Contact the CTO.
Script fails on older OS
Section titled “Script fails on older OS”macOS 13 (Ventura) and Windows 10 are not supported. Update your OS before running the script.
7. Related Documents
Section titled “7. Related Documents”Meridian Seven — Confidential