Windows 8.1 Pro -- employee laptop ?

Anyway to prevent the below #2
so employee can no longer access
computer's C drive after they state
they are quitting ?

 1. I change employee's domain password
 2. remote employee can still login to
    COMPANY laptop from home using OLD
    cached domain password since they
    are NOT connected to INTERNET to
    sync and prompt for new password
finance_teacherAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
I feel like I have been asked that before - it wasn't you, was it? :-)
No, if you allow password caching, this is not possible.

One small chance would be to use encryption and setup some challenge/response method. That would mean: the laptop starts and if you don't enter some response code to a daily-new-generated challenge, it would shut down and change the encryption key to prevent further booting/mounting.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
William FulksSystems Analyst & WebmasterCommented:
How are they logging in from home? If it's using Remote Desktop, you could just remove their own account from the local Remote Desktop Users group and that should work.
Lee W, MVPTechnology and Business Process AdvisorCommented:
If you've done nothing to give you that ability, then no.  Otherwise, if you used remote management software and/or remote control software, you may have options... no such software, no such option.
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
rindiCommented:
You could use 3rd party tools for this, for example the one below:

https://www.absolute.com/en/products/dds

With it you can remotely delete the data on the laptop and lock it. It would also be a useful tool for when the laptop gets stolen. As far as I know you can also use the tool to locate the laptop.
Danny ChildIT ManagerCommented:
Hi, I don't think there's a way to guarantee this, and even if there was, it's highly likely that any disaffected employee will take whatever data they want BEFORE they quit.

So, if that's the case, the real question is how do you log what data has been sent elsewhere, or prevent this?

You can block all USB devices with software like Lumension
https://www.lumension.com/device-control-software/usb-security-protection.aspx
Some, more modern, laptops also have fairly effective USB blocks in the BIOS (which you'd need to password protect).

You'd also need to restrict internet access, blocking all file-sharing sites (dropbox, torrent, etc), and all web-based email sites (leaving only your preferred, secured, mail platform - where you keep logs of all traffic).

You'd also need to encrypt the hard drive with some biometrics or TPM-based solution, so that data couldn't be saved there, and then exported when the disk was removed and connected elsewhere.  It would probably need to be locked down with quite tight NTFS permissions as well.  I'd suggest protecting the OS areas with NTFS, and any separate file store areas with Encryption.  Encrypted OS areas tend to take a performance hit.  

Where I work, we use a secure Citrix website portal that employees have to sign in with AD credentials, and an RSA token, and then they see their files and mail.  Once there, nothing can be saved to the local machine at all.  It doesn't even see the local drives.  All the employees can do is send files via Exchange, which is fully logged.  Our proxy within Citrix blocks all fileshare/webmail/etc sites.  So, at no point is there even data on the laptop.  And, if we close down the AD account, (or the token) there's no possible log in.  Not cheap though....
Only downside from the staff's point of view is that they can't work without there being internet.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.