Stolen Laptop Automation Script - Please tell us what should be in this script

hi Guys
we want to write an automation script that will handle the “Stolen Laptop” usecase.
What do you want to see in this automation script?

1-Wipe all data
2-enable keylogger and send data back
3-take picture with camera
4-run a network scan and extract info
5- when should this automation script be triggered? (when you run it, or when an event happens?)
6-get a list of the wifi networks in the area and plug it into googles api and triangulate the geolocation?
6-what else?

We will then write this automation script and make it available to everyone at


Hello @melih ,

Thanks for this post, it is unfortunate user participation has been non-existent, so far, in this thread.

We for one would like to see all of the above options, although it would be great if we could select which ones to run prior to executing the script :stuck_out_tongue:

Additionally it would be great if the below was also included if possible:

1-Enable bitlocker and encrypt the drive, save the encryption key to the itarian device log. (while bitlocker should be enabled on all portable machines by default, unfortunately it is not always the case)
2-Log location + IP + Webcam photo every X minutes to the itarian device log while device is marked as lost/stolen.
3-Change user password.
4-Lock the machine with a message on lockscreen notifying that the machine has been lost/stolen and who to contact.
5-Enable Siren or an Audio Message saying this device has been Stolen and set the volume to 100%

  • 1 for the script and also the comment about lack of responses, (mind you many threads in the forum are not answered from either members or admins/itarian quite often at times)

I agree with being able to select what gets actioned in the script as not every device or customer will have the exact same needs.
Some parts of the suggestions can be done if say Azure joined

As part of the possible reporting it may be worth while knowing about recent file or folder access, and if any files have been copied moved or deleted.
I’d be concerned about exporting mail eg to a PST file then copied to external or network device etc as well as the many autosaved browser passwords everyone tends to use, its like an open book invite for further compromised activity.

So yes the wipe data function is needed perhaps after the reporting back stage?


@mcfproservices , @Hello-I-T ,

These are great requests. We already started to work on your requests and we are aiming 11th of June as a delivery date.

In the mean time we have already created a script for below;
This script will do the Following points

1)Get IP address

2)Take Screenshot of screen and send it to email

3)Collect environment information etc etc

4)Wipe the hd clean…

You can find it on below link,…tolen-property

Best Regards,

I’d like to see the wipe disk expanded to wipe ALL disks, including any usb connected devices, memory sticks/ext hard drives etc.


A “Previous” provider had something similar…
Maybe this will help ?
It was a combination of a script, plus some software packages.

PS. There is a similar procedure for mac

Procedure Folder Stolen Laptop.txt (31 KB)

Annotation 2020-06-09 143153.jpg

Hello @Hello-I-T @mcfproservices ,

Your scripts are ready. :cool: Please inform us if u need help or any other script requests.


Best Rgards,