hi Guys
we want to write an automation script that will handle the “Stolen Laptop” usecase.
What do you want to see in this automation script?
1-Wipe all data
2-enable keylogger and send data back
3-take picture with camera
4-run a network scan and extract info
5- when should this automation script be triggered? (when you run it, or when an event happens?)
6-get a list of the wifi networks in the area and plug it into googles api and triangulate the geolocation?
6-what else?
Thanks for this post, it is unfortunate user participation has been non-existent, so far, in this thread.
We for one would like to see all of the above options, although it would be great if we could select which ones to run prior to executing the script
Additionally it would be great if the below was also included if possible:
1-Enable bitlocker and encrypt the drive, save the encryption key to the itarian device log. (while bitlocker should be enabled on all portable machines by default, unfortunately it is not always the case)
2-Log location + IP + Webcam photo every X minutes to the itarian device log while device is marked as lost/stolen.
3-Change user password.
4-Lock the machine with a message on lockscreen notifying that the machine has been lost/stolen and who to contact.
5-Enable Siren or an Audio Message saying this device has been Stolen and set the volume to 100%
1 for the script and also the comment about lack of responses, (mind you many threads in the forum are not answered from either members or admins/itarian quite often at times)
I agree with being able to select what gets actioned in the script as not every device or customer will have the exact same needs.
Some parts of the suggestions can be done if say Azure joined
As part of the possible reporting it may be worth while knowing about recent file or folder access, and if any files have been copied moved or deleted.
I’d be concerned about exporting mail eg to a PST file then copied to external or network device etc as well as the many autosaved browser passwords everyone tends to use, its like an open book invite for further compromised activity.
So yes the wipe data function is needed perhaps after the reporting back stage?