[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 307
  • Last Modified:

Accessing corporate laptop after employee stops working for the company (laptop not registered in domain)

Company buys laptop for employee.

Employee uses the laptop to work on company's files

Employee stops working for the company.

Files are still copied on the company's file-servers, however the employee should not have access to the company's files after he stopped working for the company.

This laptop was bought before the domain deployment, and was used as such only in workgroup environment. laptop is not part of a domain, only has local user profile.

Given that the employee is still using the laptop for his own use, and that we can reach him over e-mail (outlook/exchange), here is the question:

1) is there any way to gain access to this laptop over the internet? ideally we should be able to see what is stored in the laptops hard drive and interact.
Any server/client "backdoor" software would work, like Radmin.

2) if 1 is not possible, what is the fastest way to do a zero-fill/low level format of the laptop hard drive?
I recall a small utility called Hard Drive Killer Pro what would somehow "kill" the hard drive not allowing access to data. was available at http://web.archive.org/web/20070312013254/www.hackology.com/programs/hdkp/ginfo.shtml

0
george82
Asked:
george82
  • 3
  • 2
2 Solutions
 
nappy_dCommented:
  1. Files are still copied on the company's file-servers, however the employee should not have access to the company's files after he stopped working for the company.
    "
    • If you have NTFS volumes on your server(which you should) deny the user permission to any of the shares
  1. "is there any way to gain access to this laptop over the internet? ideally we should be able to see what is stored in the laptops hard drive and interact.
    Any server/client "backdoor" software would work, like Radmin."
    • This is where your company may have to bite the bullet.  Since I assume the laptop is not the company's property, it is going to be difficult to have the user give you access since they are no longer with the company.
    • There really is no method for you to access to laptop as you probably have something like Team Viewer or Radmin installed.  
    • The other issue is that you do not have a public IP in which to connect to the laptop over the internet(or do you?)
0
 
george82Author Commented:
nappy_d, thanks for quick response

As i mentioned, company bought the laptop, for the employee to use, so it is company's property.

user has now been denied on the shares, but we are concerned with the files that are already saved on the laptop's hard drive.

3) we could find out the public ip when he will connect to the exchange server again, his email account is still active.
0
 
nappy_dCommented:
If you do find the public IP the computer is most likely behind a router and apps like Radmin require NAT-ing.  Now, if you could get them to install Team Viewer, then this app does not require NAT to function on devices behind routers.

Since you say also email is working, you could "trick" the user or ask the user to download and install  the necessary remote app for you to be able to access the computer.

If that doesn't work, some kind of legal action may be your best bite short of IT biting the bullet and explaining to mgmt that there is no sure fire method to previent access as the steps were not taken prior to the latop being given to the user.

There is no gaurantee you have at this point that the former user has not copied the data.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
george82Author Commented:

Yes - Company's management understands that there is no guarantee any solution will work-however they want to be sure that they do whatever is possible to minimize the chances for him to run away with the data.

I'm wondering if there is any way in Exchange server 2003, to issue a "remote-wipe" command for the laptop, similar to the one used for smartphones: http://msexchangeteam.com/archive/2005/07/07/407416.aspx
0
 
Dave HoweSoftware and Hardware EngineerCommented:
to be honest, if a laptop could be compromised that easily, hackers would already have done so - so you are forced to assume the laptop will be proof against almost any access methods you might have (short of social-engineering the user into running an exe for you that provides backdoor access; you might get away with that if you fake an email to "all-users" (but which only really goes to him) saying that access to remote drives was shut off "for security reasons" and any users needing remote access should run the attached zipped exe which will unlock access for them)

a more effective method is legal, not technological - in the uk you could claim copyright violation on the documents, and get a Anton Piller order to seize the laptop (and any storage materials) to remove your copyrighted works.
0
 
george82Author Commented:
Thank you both
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now