Solved

Accessing corporate laptop after employee stops working for the company (laptop not registered in domain)

Posted on 2008-10-27
6
287 Views
Last Modified: 2013-12-04
Company buys laptop for employee.

Employee uses the laptop to work on company's files

Employee stops working for the company.

Files are still copied on the company's file-servers, however the employee should not have access to the company's files after he stopped working for the company.

This laptop was bought before the domain deployment, and was used as such only in workgroup environment. laptop is not part of a domain, only has local user profile.

Given that the employee is still using the laptop for his own use, and that we can reach him over e-mail (outlook/exchange), here is the question:

1) is there any way to gain access to this laptop over the internet? ideally we should be able to see what is stored in the laptops hard drive and interact.
Any server/client "backdoor" software would work, like Radmin.

2) if 1 is not possible, what is the fastest way to do a zero-fill/low level format of the laptop hard drive?
I recall a small utility called Hard Drive Killer Pro what would somehow "kill" the hard drive not allowing access to data. was available at http://web.archive.org/web/20070312013254/www.hackology.com/programs/hdkp/ginfo.shtml

0
Comment
Question by:george82
  • 3
  • 2
6 Comments
 
LVL 32

Expert Comment

by:nappy_d
ID: 22811724
  1. Files are still copied on the company's file-servers, however the employee should not have access to the company's files after he stopped working for the company.
    "
    • If you have NTFS volumes on your server(which you should) deny the user permission to any of the shares
  1. "is there any way to gain access to this laptop over the internet? ideally we should be able to see what is stored in the laptops hard drive and interact.
    Any server/client "backdoor" software would work, like Radmin."
    • This is where your company may have to bite the bullet.  Since I assume the laptop is not the company's property, it is going to be difficult to have the user give you access since they are no longer with the company.
    • There really is no method for you to access to laptop as you probably have something like Team Viewer or Radmin installed.  
    • The other issue is that you do not have a public IP in which to connect to the laptop over the internet(or do you?)
0
 

Author Comment

by:george82
ID: 22811812
nappy_d, thanks for quick response

As i mentioned, company bought the laptop, for the employee to use, so it is company's property.

user has now been denied on the shares, but we are concerned with the files that are already saved on the laptop's hard drive.

3) we could find out the public ip when he will connect to the exchange server again, his email account is still active.
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 200 total points
ID: 22811887
If you do find the public IP the computer is most likely behind a router and apps like Radmin require NAT-ing.  Now, if you could get them to install Team Viewer, then this app does not require NAT to function on devices behind routers.

Since you say also email is working, you could "trick" the user or ask the user to download and install  the necessary remote app for you to be able to access the computer.

If that doesn't work, some kind of legal action may be your best bite short of IT biting the bullet and explaining to mgmt that there is no sure fire method to previent access as the steps were not taken prior to the latop being given to the user.

There is no gaurantee you have at this point that the former user has not copied the data.
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 

Author Comment

by:george82
ID: 22811971

Yes - Company's management understands that there is no guarantee any solution will work-however they want to be sure that they do whatever is possible to minimize the chances for him to run away with the data.

I'm wondering if there is any way in Exchange server 2003, to issue a "remote-wipe" command for the laptop, similar to the one used for smartphones: http://msexchangeteam.com/archive/2005/07/07/407416.aspx
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 200 total points
ID: 22815589
to be honest, if a laptop could be compromised that easily, hackers would already have done so - so you are forced to assume the laptop will be proof against almost any access methods you might have (short of social-engineering the user into running an exe for you that provides backdoor access; you might get away with that if you fake an email to "all-users" (but which only really goes to him) saying that access to remote drives was shut off "for security reasons" and any users needing remote access should run the attached zipped exe which will unlock access for them)

a more effective method is legal, not technological - in the uk you could claim copyright violation on the documents, and get a Anton Piller order to seize the laptop (and any storage materials) to remove your copyrighted works.
0
 

Author Closing Comment

by:george82
ID: 31510252
Thank you both
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now