Disable a remote laptop that connects to us over a VPN and to our domain.

9860 pts.
Tags:
Laptops
Microsoft Windows XP
Remote access
User access
VPN
We have a few remote sales staff, one of whom is going to be fired. They have XP laptops and work out of their homes. My boss wants to be able to lock them out of the machine once we let them go. I don't think he's too concerned about the hardware, but he doesn't want them getting to the data. I can disable their network account, but is it possible to deny someone access to a machine they are a local admin on and have physical access to? They connect over a VPN so I can probably connect to the machine remotely if needed to install something, but that's not guaranteed. Thanks.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hello,

There should be an IP address associated with the laptop, you could disable the IP from coming in, You could change the Admin password also to ensure they don’t come in with the main account. Disable their VPN account also.

Best of luck,
TPinky

———–

You can remove them from the Admin group, or better yet setup something to run on the machine the next time it’s booted up after the date in question which grants his login into the deny logon locally privilege. Also disable is Windows login and VPN access at time of termination.

If he really wants to get to the data on the laptop he could simply pull out the hard drive and get the data off it via another machine, or reinstall windows.

Another less conventional approach which you could use would be to use software called Laptop Cop and install it on the machine. After he’s let go, you can contact the customer support department and let them know that you need to delete all the data on the remove laptop. They will be able to turn on this functionally as if the laptop was stolen and you can then delete all the data from the laptop.

(Note that I work for the company which makes Laptop Cop.)

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Robert Stewart
    You can also change his password for the vpn, disable his account in the active directory, disable the computer from the active directory. There are many ways to keep the user out. With this said if the user is a local admin on the local machine, then he will have access to all files on the local machine after you deny his access to the network.
    1,810 pointsBadges:
    report
  • PowerGirl
    I will have to agree that the easiest way to handle the situation is to install software onto the laptop that will allow you to kill access to anything you want. I don't have any experience with Laptop Cop but their site is damn interesting. I have used a product called SONAR which allows you to monitor and or control everything that the ex-employee does on the company computer. It comes in handy every time we either terminate someone or if they turn in their resignation. The software is discussed here: www.awarenesstechnologies.com
    20 pointsBadges:
    report
  • Robert Stewart
    If this user owns the laptop he is working from I don't see you legally being able to not allow him into any data that is stored on it. Does the company you work for own the laptop? If so have the user return it, if not how will you get into the laptop in order to download the software other users are saying to use in their posts, even if you get into the laptop and can run the software if this laptop is owned by the end user who is going to be fired you might get yourself into some legal issues, if he owns the laptop you have no right to deny him access to his local harddrive. I hope your policy for workers at home is that the laptops they use are paid for and provided by your company, if not you need to change this policy for this very reason.
    1,810 pointsBadges:
    report
  • Genderhayes
    Added the ip and server name to /windows/system32/tect/host file the remote connection checks this files host before DNS conversion
    7,565 pointsBadges:
    report
  • bhannah
    Does your firewall control access to your network through the VPN tunnel?  If it does, then just disable the account on the firewall level.  That would prevent access to your network through the Firewall VPN Tunnel and hence access to the network.
    1,405 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following