Remote nuking of laptops?

[gbaughma]

I'm looking for suggestions for the ability to "remotely disable" a laptop.
Here's the situation....
I have marketing people who have laptops out there.
I want to have a solution where I can "flip a switch" if a laptop gets stolen or lost, and the next time that laptop is online, it gets wiped.

This should be a simple thing, right?

Thanks in advance for any suggestions!


Just my $.02

"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."

--Greg

 

[Andrzejek]

Wouldn't be better to locate stolen laptop with ip address and send cops to get it


---- Andy

There is a great need for a sarcasm font.

 

[LoPath]

We use Symantec Endpoint Protection on our laptops. Drives are encrypted. I think they can remote wipe them too.

LoPath
Maintain HiPath 4000 V5 & V6, OpenScape Xpert V4 & V6, OpenScape Xpressions V7, OpenScape Contact Center V8, OpenScape Voice V9

 

[Beilstwh]

At a minimum use bitlocker on the drives. If the user doesn't login with a valid username password the drive is unreadable

Bill
Lead Application Developer
New York State, USA

 

[gbaughma]

At a minimum use bitlocker on the drives. If the user doesn't login with a valid username password the drive is unreadable

While I would agree, then the marketing person will forget their password.
Right before a presentation.
In another state.

Because... you know... users.


Just my $.02

"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."

--Greg

 

[gbaughma]

So is anyone familiar with Microsoft InTune?
Will that do what I want it to?



Just my $.02

"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."

--Greg

 

[DrB0b]

Intrigued on this post as I posted a very similar question and never really found anything that wasn't really expensive. See post here which did have some suggestions:

https://www.tek-tips.com/viewthread.cfm?qid=1790952

@Beilstwh - What happens when the user is the one who steals the laptop? Bitlocker will at least keep everyone else out but we had a user get fired and run with all of our equipment. I know you weren't necessarily meaning that statement as a blanket for all situations but just wanted to throw out the situation I ran into.

Locking the BIOS and setting the HDD as the only boot device and encrypting at least make the laptop useless if stolen unless they are up for replacing the entire motherboard and HDD.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.

 

[gbaughma]

Sheesh... you think there'd be a little utility.

Just sits there, running as a windows service... checks in with a server somewhere (cloud / local / whatever).
Says "Computer XYZ checking in.... "
and if the server responds "XYZ Reported stolen / missing"...
then the program would just wipe the hard drive, self destructing.

Seems like a simple enough thing.

The chances of the thief finding the program and disabling it before connecting to the internet in some way would be really slim.

Maybe even "Wipe the hard drive, and display a message 'This computer has been reported lost/stolen. Please contact xxx-xxx-xxxx' and just lock it there.

I mean, if stupid malware can hijack your computer and lock it down with a message like that, you'd think that this would be a valid reason for doing such a thing.



Just my $.02

"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."

--Greg

 

[DrB0b]

Unless I'm missing something it doesn't seem that InTune can do any wiping or locking out of devices. You can do auditing and force certain parameters for devices connecting to your data/domain but cant do much in terms of wiping.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.

 

[DrB0b]

@gbaughma - 1000000000% agree. Simple enough in concept.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.

 

[strongm]

Yes, intune can remotely wipe devices, as can W10 built in Find My Computer feature (with certain constraints). Or Prey

 

[gbaughma]

I just stumbled on Prey.

I like it. Talking to the boss about it.

https://preyproject.com/

Just my $.02

"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."

--Greg

 

[technome]

Believe this is where RDP via a gateway server comes in. Supply cheap laptops with no company info on them for RDP access or use an RDP setup to use on their personal laptops. Easy to lock ex employees out. A cheap laptop should run an RDP quite fast.... if the cheap laptop never comes back, no great loss. Very simple management once past the initial setup.







........................................

"Computers in the future may weigh no more than 1.5 tons."
Popular Mechanics, 1949

 

[mariah1902]

I think you should use Apple to use such service with great security. Use Mac, they are great for editing and all kind of work. You can work with your music and photos. The security you want is already there in Apple devices.

Graphic Designer at background removal service

 

[xwb]

My information may be out of date. Doesn't the security only apply if you use MacOS? Encryption is native to MacOS. If you install Windows on an apple device, do you still get the built in encryption? Anyway, it is a waste of money to buy an apple device, wipe out the os and install windows.