<div>
If the PC's are HP etc and you have a recovery partition then you should be able to restore the PC to factory image and then just turn off so its as new. F11 on startup for HP
</div>


<div>
PC's are all Dell Optiplex.
</div>


<div>
Ok<br />
<br />
<a href="http://www.dell.com/support/article/us/en/04/SLN117599#Restore-the-computer-software-to-original-condition" rel="ugc nofollow">http://www.dell.com/support/article/us/en/04/SLN117599#Restore-the-computer-software-to-original-condition</a>
</div>


<div>
The best approach I see is to use a remote wipe where when the device connects to the internet it reports in and if not on the domain then a wipe command is sent to wipe the drive.<br />
<br />
You can use &nbsp;software like Remote Wipe : <a href="https://diskagent.com/products/remote_wipe.php" rel="ugc">https://diskagent.com/products/remote_wipe.php</a><br />
<br />
Just do an internet search on &quot;remote wipe a stolen pc&quot; for other ways to do it.
</div>


<div>
I am not sure if i understand your answer. Can you explain how would i achieve what i am asking?<br />
I know about this option but how would that run automatically if domain network is not available?
</div>


<div>
Thank you West Miller. That is kind of what i was looking. Thanks.
</div>


<div>
Ok and i thing it would work but what if i can't contact this PC at all? This link that you sent is only if the PC is still on the network or some way you can still get in touch with it to send this destroy command.<br />
If it's stolen, many times you cant get to it to issue the command therefore remote wipe is useless, right?
</div>


<div>
Having the condition of a format because the network is not available is a bad idea. I say that because then if you ever have network issues in your office, get ready to be busy rebuilding every machine. I would use a product like <a href="http://lojack.absolute.com/en/products/absolute-data-protect" rel="ugc">LoJack from Absolute</a>. It has remote wipe capabilities as well as location technology and remote lock capabilities.
</div>


<div>
just to verify what you are talking about:<br />
<br />
you want to format the harddrive if the deivce thinks its not on your site anymore?<br />
<br />
1. formatting or deleting partitions is nothing, 15 minutes will be needed to restore it if someone have physical access to the device - you need to overwrite every sector except you have ssd then maybe you can have a much shorter/less effort way<br />
<br />
2. Imagine network cable is off or broken so device is not online and then? Its offline and will delete itself.<br />
<br />
3. do you want to feel good or do you want to have a security concept?<br />
<br />
4. So much is depending on how you are working (thinking about thin clients where no sensitive informations can be stored on but then you need terminalserver access companywide)<br />
<br />
and so on
</div>


<div>
Thanks Zac, but this will happen only on a reboot. So even if we have issue with network it's fine unless we have it in the middle of the night when all the PC's reboot and network is unavailable. This doesn't happen. Even if it happens, we have a build process in place where we can build from network in 20 minuets.
</div>


<div>
What about just locking down the machines so that no data can be stored locally. &nbsp;Have all of your data on the server (that's where it should be anyways). &nbsp;That way if a machine walks, just remove the machine account and your data is safe.
</div>


<div>
Saschao,<br />
yes i know and stated that format would be sufficient for our environment. I know it is not as secure as low level format but at least it's something. <br />
Also thin clients would work however we are not on the level yet. Need to upgrade some infrastructure for that. <br />
As far as individual PC that are not able to talk on the network due to broken cable or whatever reason, then i don't want them out there. Because they often don't get any updates nor domain policies due to that issue, so it would ideally be like no network/domain=no boot. <br />
And as i stated, i can easily redeploy image via network in 20 minutes. That is with as many PC's as i like as it is image over network. &nbsp;So 1 or 100 still will take 20 minutes to get it going again.
</div>


<div>
This can be done with GPOs and you can also disable USB ports so that nothing can be stored to portable drives.<br />
<br />
Basically turn them into thin clients.
</div>


<div>
ScottCha, yes we already have this in place, however this is not pleasing my head of IT department and some auditors. <br />
So again if anyone knows any way to do this, ever write a program/script &nbsp;that will run on a boot, if domain not available, just issue format C.
</div>


<div>
Again i know all the risk of this, however i am willing to try it. <br />
So script/program runs on the boot and checks for domain. If available proceed to boot if not wipe the drive. <br />
Is there any other creative way?
</div>


<div>
In addition, if you get someone who knows just a little about how things work, all they'd have to do is pull the HD from the computer, slave it off of another machine and then the drive won't get formatted, they'll be able to read any of the data.<br />
<br />
Or they could boot with a 'nix disk and access the data, again with no formatting taking place. &nbsp;That's 2 ways to get around this &quot;solution&quot; that I thought up in about 2 minutes.<br />
<br />
If this idea makes the head of your IT department feel safer.....wow....just wow......
</div>


<div>
I understand ScottCha but at this point lets assume none of the data is on the HDD, and we just want another process in place that will wipe the drive as well. <br />
I need solutions on question that i asked, not suggestions on different problem.<br />
We already took all the measures to make sure that data is not stored, however this is not good enough and my &nbsp;manager wants me to figure this process and put it in place. Any suggestions on how to achieve this?
</div>


<div>
Please people,<br />
i am willing to explain everything to make it easier for you to give me a suggestion on my problem but don't answer the question with, &quot;this is bad idea&quot;, or &quot;why don't you do this instead..&quot;<br />
I am willing to take in considerations any suggestion but there is a reason why i asked the specific question that i need solution/suggestion on. Suggestion on how to achieve the requested.
</div>


<div>
I am not asking here what my options are, well kind of. You are welcome to suggest any options but only to a specific questions. If some ask you for directions to Walmart to you reply: Why don't you go to Target instead? No. <br />
And this is what i am trying to say to people who are trying to be &quot;smart&quot; with their answers.<br />
There is a reason why i asked the specific question and i need a suggestion or an answer on how to achieve this. Again i am not being ignorant to people who are trying to help, but keep in mind i have access to google as well, and have been google my problem, and was thinking about it before i came to this forum. <br />
And I do appreciate all your answers.
</div>


<div>
then you should do it in another way.<br />
<br />
clean the localharddrive and plug it off and boot a windows installation over pxe, i have no personal experience with that but it should be possible:<br />
<br />
<a href="http://etherboot.org/wiki/index.php" rel="ugc">http://etherboot.org/wiki/index.php</a><br />
<br />
no local system and no local data<br />
<br />
german article for using that:<br />
<br />
<a href="http://www.heise.de/netze/artikel/gPXE-223910.html" rel="ugc">http://www.heise.de/netze/artikel/gPXE-223910.html</a><br />
<br />
otherwise i have no clue how to manage your wishes...
</div>


<div>
You could use encryption and a credential login that changes daily.<br />
<br />
So if the Pc is booted up with no network it will refuse the user to login to the system.<br />
<br />
Encrypted if they swap it to another PC it still won't be accessible unless the have an encryption key for that PC which changes every few minutes.<br />
USB dongles are typically used in software licensing schemes to unlock software capabilities,[48] but they can also be seen as a way to prevent unauthorized access to a computer or other device's software. The dongle, or key, essentially creates a secure encrypted tunnel between the software application and the key. The principle is that an encryption scheme on the dongle, such as Advanced Encryption Standard (AES) provides a stronger measure of security, since it is harder to hack and replicate the dongle than to simply copy the native software to another machine and use it. Another security application for dongles is to use them for accessing web-based content such as cloud software or Virtual Private Networks (VPNs).[49] In addition, a USB dongle can be configured to lock or unlock a computer.[<br />
<br />
Per: <a href="https://en.wikipedia.org/wiki/Computer_security#Computer_protection_.28countermeasures.29" rel="ugc">https://en.wikipedia.org/wiki/Computer_security#Computer_protection_.28countermeasures.29</a>
</div>


<div>
Thank you Saschao, this is essentially thin client, and eventually we will get to that. Just don't have it in place now.<br />
I was thinking that it might be any other way to achieve this that i can't think of. <br />
Thank you for your suggestions.
</div>


<div>
Thank you Wes MIller i will explore more of the encryption part and how to implement it in our environment. <br />
We tried to do this once but due to hing cost of encryption programs (license per PC) we didn't go for it.
</div>


<div>
I believe this is probably what you are looking for:<br />
<a href="http://www.safenet-inc.com/multi-factor-authentication/security-applications/etoken-network-logon/" rel="ugc">http://www.safenet-inc.com/multi-factor-authentication/security-applications/etoken-network-logon/</a><br />
<br />
I attached a Document on what Safe net has to offer.<br />
<a href="https://filedb.experts-exchange.com/incoming/2016/02_w07/1080500/Authentication-Network-Logon-PB--EN-.pdf" target="_blank" class="file-inline" title="Safenet Authentication Overview (389 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>Authentication-Network-Logon-PB--EN-.pdf</a>
</div>


Authentication-Network-Logon-PB--EN-.pdf

<div>
Why don't you also physically lock the computer to the desk and facility, so they can't be easily stolen in the first place. &nbsp;You should also implement cameras and secure cardkey locks to track the users that come into the building and into the rooms that the computers reside. &nbsp;These are probably the 1st few steps of your security process. &nbsp;The remote wipe is after the fact.<br />
<br />
<a href="http://www.noblelocks.com/category/desk.html" rel="ugc">http://www.noblelocks.com/category/desk.html</a><br />
<a href="http://www.pc-safe.co.uk/shop/computer-security-cages/desktop-pc-security/enclosed-desktop-pc-server-security-cage" rel="ugc">http://www.pc-safe.co.uk/shop/computer-security-cages/desktop-pc-security/enclosed-desktop-pc-server-security-cage</a><br />
<br />
You should still add disk encryption even if you do a remote wipe. &nbsp;The disk encryption makes a remote wipe simpler and quicker to do. &nbsp;If you don't encrypt the disk, the remote wipe needs to go over the entire disk to securely wipe the data and that takes time.
</div>


<div>
BitLocker is included in the Pro editions of 8 &amp;&nbsp;10, or Ultimate editions of Windows 7, or Enterprise editions of any (aka volume licensed editions).<br />
<br />
Enact full-drive encryption, and mandate strong passwords, so if a PC is stolen the drive contents can't be accessed:<br />
<a href="https://technet.microsoft.com/en-us/library/dd835565(v=ws.10).aspx" rel="ugc">https://technet.microsoft.com/en-us/library/dd835565(v=ws.10).aspx</a>
</div>


<div>
Maybe Thin Client is the way to go. With PXE boot and no HDD in existing PC's? Therfore if you still a PC it's not good as there is no HDD.
</div>


<div>
We do have all that in place already Serialband. Thanks for suggestions.
</div>


<div>
What I was trying to point out was that even if you have a system in place you don't have a guarantee of the drive being formatted if the computer is booted from a stand along cd/DVD.<br />
<br />
And removing the hard drives does not make a computer useless. &nbsp;A new HDD can be purchased for $60 or less.<br />
<br />
I think the reason your not getting the answer you are looking for is that the answer you are hoping to get just doesn't exist. Sometimes &quot;there has to be a way&quot; just isn't true.
</div>


<div>
Not looking to spend $60K on licensing for Thin Clients but it looks like thats the way to go.
</div>


<div>
You don't have to spend $60k. &nbsp;You can still have disks on the local desktop client systems. &nbsp;You just use Remote Desktop for the critical server applications and block the clients from accessing data and storing data locally.
</div>


<div>
Hi.<br />
<br />
Came across this old question by chance today.<br />
The question says:<br />

<blockquote>
I was thinking like some kind of network authentication, since we are on a domain. If domain is not available, format the drive. There, if someone stills the PC or brings it outside the network it will format the drive. Also in the boot process it will make sure domain is available before it boots all the way to the Windows log on. 
</blockquote>
Apart from the formatting capabilities, this is exactly what a bitlocker feature called &quot;network unlock&quot; can do. If the domain is available, the system boots, else, it does not. However, you would need Windows 8.1 or windows 10 for it - but maybe you plan to upgrade someday in the near future.
</div>


<div>
Ok thanks. We are going down that path. Thank you.
</div>


<div>
Be aware that in order to use it, you'd have to meet certain requirements. All listed here: <a href="https://technet.microsoft.com/en-us/library/jj574173(v=ws.11).aspx" rel="ugc">https://technet.microsoft.com/en-us/library/jj574173(v=ws.11).aspx</a>
</div>


<div>
<div class="content wysiwyg-content">
Is there anything out there or does anyone have any idea of how would i achieve next:<br />
We have a lot of PC's in the company. Windows 7 64 bit all. Is there any way that if someone take the PC out of the building and tries to start it, it automatically delete/format HDD?<br />
Reason is sensitive information stored so we want to make sure if someone stills a PC it wont be useful. Now i understand that everything is retrievable including the formatted drive but at least we will feel better if someone takes it and is not that tech savvy. &nbsp;<br />
Encryption of the drive is not an option because you would have to share password among users that potently will be the one stilling a PC. <br />
<br />
I was thinking like some kind of network authentication, since we are on a domain. If domain is not available, format the drive. There, if someone stills the PC or brings it outside the network it will format the drive. Also in the boot process it will make sure domain is available before it boots all the way to the Windows log on. <br />
<br />
If anyone has any other idea, please let me know and also how to achieve this. As of now i do not know of any program that exists that will do this.
</div>
</div>


Is there anything out there or does anyone have any idea of how would i achieve next:
We have a lot of PC's in the company. Windows 7 64 bit all. Is there any way that if someone take the PC out of the building and tries to start it, it automatically delete/format HDD?
Reason is sensitive information stored so we want to make sure if someone stills a PC it wont be useful. Now i understand that everything is retrievable including the formatted drive but at least we will feel better if someone takes it and is not that tech savvy.  
Encryption of the drive is not an option because you would have to share password among users that potently will be the one stilling a PC. 

I was thinking like some kind of network authentication, since we are on a domain. If domain is not available, format the drive. There, if someone stills the PC or brings it outside the network it will format the drive. Also in the boot process it will make sure domain is available before it boots all the way to the Windows log on. 

If anyone has any other idea, please let me know and also how to achieve this. As of now i do not know of any program that exists that will do this.

Format the drive if domain is not available maybe?

Storage devices include any device used for storing and retrieving digital information. Hard disk drives (HDDs) use one or more rigid ("hard") rapidly rotating disks (platters) coated with magnetic material. Data is accessed in a random-access manner, meaning that individual blocks of data can be stored or retrieved in any order and not only sequentially. The primary competing technology for secondary storage is flash memory in the form of solid-state drives (SSDs), but HDDs remain the dominant medium for secondary storage due to advantages in price per bit and per-device recording capacity. CD-RW (Compact Disc-ReWritable) is a digital optical disc storage format that allows information to be stored outside the mechanical HDD.

Storage Hardware

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

The Windows operating systems have distinct methodologies for designing and implementing networks, and have specific systems to accomplish various networking processes, such as Exchange for email, Sharepoint for shared files and programs, and IIS for delivery of web pages. Microsoft also produces server technologies for networked database use, security and virtualization.

Windows Networking

A desktop computer is a personal computer designed for use at a single location due to its size and power requirements, usually by one person. The most common configuration has a case that houses the power supply, motherboard, disk storage (usually one or more hard disk drives and optical disc drives); a keyboard and mouse for input; and computer monitor and printer for output. The case may be oriented horizontally and placed atop a desk or vertically and placed underneath or beside a desk.

Desktops

Hardware includes cell phones and other digital living devices, tablets, computers, servers, peripherals and components, printers and scanners, gaming consoles, networking hardware such as routers, hubs, switches and modems, storage devices and security equipment such as firewalls and other appliances.