Home > IT Answers > Security > Disable a remote laptop that connects to us o...
Help

Question

  Asked: Jul 11 2008   7:04 PM GMT
  Asked by: KarlG

Disable a remote laptop that connects to us over a VPN and to our domain.


User access, Laptops, Remote access, VPN, Windows XP

We have a few remote sales staff, one of whom is going to be fired. They have XP laptops and work out of their homes.

My boss wants to be able to lock them out of the machine once we let them go. I don't think he's too concerned about the hardware, but he doesn't want them getting to the data.
I can disable their network account, but is it possible to deny someone access to a machine they are a local admin on and have physical access to?

They connect over a VPN so I can probably connect to the machine remotely if needed to install something, but that's not guaranteed.

Thanks.

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
+1
Click to Vote:
  •   1
  •  0
Last Answered: Jul 11 2008  10:26 PM GMT  by Mrdenny


Latest Contributors: Tpinky


Hello,

There should be an IP address associated with the laptop, you could disable the IP from coming in, You could change the Admin password also to ensure they don't come in with the main account. Disable their VPN account also.

Best of luck,
TPinky

-----------

You can remove them from the Admin group, or better yet setup something to run on the machine the next time it's booted up after the date in question which grants his login into the deny logon locally privilege. Also disable is Windows login and VPN access at time of termination.

If he really wants to get to the data on the laptop he could simply pull out the hard drive and get the data off it via another machine, or reinstall windows.

Another less conventional approach which you could use would be to use software called Laptop Cop and install it on the machine. After he's let go, you can contact the customer support department and let them know that you need to delete all the data on the remove laptop. They will be able to turn on this functionally as if the laptop was stolen and you can then delete all the data from the laptop.

(Note that I work for the company which makes Laptop Cop.)
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Security, Microsoft Windows and Networking.

Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

Robert Stewart  |   Jul 14 2008  3:13PM GMT

You can also change his password for the vpn, disable his account in the active directory, disable the computer from the active directory. There are many ways to keep the user out. With this said if the user is a local admin on the local machine, then he will have access to all files on the local machine after you deny his access to the network.

 

PowerGirl  |   Jul 16 2008  2:55AM GMT

I will have to agree that the easiest way to handle the situation is to install software onto the laptop that will allow you to kill access to anything you want.

I don’t have any experience with Laptop Cop but their site is damn interesting.

I have used a product called SONAR which allows you to monitor and or control everything that the ex-employee does on the company computer.

It comes in handy every time we either terminate someone or if they turn in their resignation.

The software is discussed here:

<a href="http://www.awarenesstechnologies.com" rel="nofollow">www.awarenesstechnologies.com</a>

 

Robert Stewart  |   Jul 16 2008  3:46PM GMT

If this user owns the laptop he is working from I don’t see you legally being able to not allow him into any data that is stored on it. Does the company you work for own the laptop? If so have the user return it, if not how will you get into the laptop in order to download the software other users are saying to use in their posts, even if you get into the laptop and can run the software if this laptop is owned by the end user who is going to be fired you might get yourself into some legal issues, if he owns the laptop you have no right to deny him access to his local harddrive. I hope your policy for workers at home is that the laptops they use are paid for and provided by your company, if not you need to change this policy for this very reason.