Solved

Accessing corporate laptop after employee stops working for the company (laptop not registered in domain)

Posted on 2008-10-27
6
293 Views
Last Modified: 2013-12-04
Company buys laptop for employee.

Employee uses the laptop to work on company's files

Employee stops working for the company.

Files are still copied on the company's file-servers, however the employee should not have access to the company's files after he stopped working for the company.

This laptop was bought before the domain deployment, and was used as such only in workgroup environment. laptop is not part of a domain, only has local user profile.

Given that the employee is still using the laptop for his own use, and that we can reach him over e-mail (outlook/exchange), here is the question:

1) is there any way to gain access to this laptop over the internet? ideally we should be able to see what is stored in the laptops hard drive and interact.
Any server/client "backdoor" software would work, like Radmin.

2) if 1 is not possible, what is the fastest way to do a zero-fill/low level format of the laptop hard drive?
I recall a small utility called Hard Drive Killer Pro what would somehow "kill" the hard drive not allowing access to data. was available at http://web.archive.org/web/20070312013254/www.hackology.com/programs/hdkp/ginfo.shtml

0
Comment
Question by:george82
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 32

Expert Comment

by:nappy_d
ID: 22811724
  1. Files are still copied on the company's file-servers, however the employee should not have access to the company's files after he stopped working for the company.
    "
    • If you have NTFS volumes on your server(which you should) deny the user permission to any of the shares
  1. "is there any way to gain access to this laptop over the internet? ideally we should be able to see what is stored in the laptops hard drive and interact.
    Any server/client "backdoor" software would work, like Radmin."
    • This is where your company may have to bite the bullet.  Since I assume the laptop is not the company's property, it is going to be difficult to have the user give you access since they are no longer with the company.
    • There really is no method for you to access to laptop as you probably have something like Team Viewer or Radmin installed.  
    • The other issue is that you do not have a public IP in which to connect to the laptop over the internet(or do you?)
0
 

Author Comment

by:george82
ID: 22811812
nappy_d, thanks for quick response

As i mentioned, company bought the laptop, for the employee to use, so it is company's property.

user has now been denied on the shares, but we are concerned with the files that are already saved on the laptop's hard drive.

3) we could find out the public ip when he will connect to the exchange server again, his email account is still active.
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 200 total points
ID: 22811887
If you do find the public IP the computer is most likely behind a router and apps like Radmin require NAT-ing.  Now, if you could get them to install Team Viewer, then this app does not require NAT to function on devices behind routers.

Since you say also email is working, you could "trick" the user or ask the user to download and install  the necessary remote app for you to be able to access the computer.

If that doesn't work, some kind of legal action may be your best bite short of IT biting the bullet and explaining to mgmt that there is no sure fire method to previent access as the steps were not taken prior to the latop being given to the user.

There is no gaurantee you have at this point that the former user has not copied the data.
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 

Author Comment

by:george82
ID: 22811971

Yes - Company's management understands that there is no guarantee any solution will work-however they want to be sure that they do whatever is possible to minimize the chances for him to run away with the data.

I'm wondering if there is any way in Exchange server 2003, to issue a "remote-wipe" command for the laptop, similar to the one used for smartphones: http://msexchangeteam.com/archive/2005/07/07/407416.aspx
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 200 total points
ID: 22815589
to be honest, if a laptop could be compromised that easily, hackers would already have done so - so you are forced to assume the laptop will be proof against almost any access methods you might have (short of social-engineering the user into running an exe for you that provides backdoor access; you might get away with that if you fake an email to "all-users" (but which only really goes to him) saying that access to remote drives was shut off "for security reasons" and any users needing remote access should run the attached zipped exe which will unlock access for them)

a more effective method is legal, not technological - in the uk you could claim copyright violation on the documents, and get a Anton Piller order to seize the laptop (and any storage materials) to remove your copyrighted works.
0
 

Author Closing Comment

by:george82
ID: 31510252
Thank you both
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PCI compliance 16 73
SSD mSata 250GB 37 134
How to mitigate against SHA256 hashes if our devices can't support it 8 86
URL to download SMB1 update for Server 2012 R2 3 26
This article is an update and follow-up of my previous article:   Storage 101: common concepts in the IT enterprise storage This time, I expand on more frequently used storage concepts.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question