Remotely log off a fired staff member and delete their access from a work laptop at their home.

Fired Staff - Their work labtop is at home and offline.  I'm lookin for a mechanism to log off the user and delete their local account permissions as soon as their labtop comes online..

I have access to Labtech device management tools, and a server 2008 r2 active directory synced with Office 365.
Jack MurphyOwnerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
If the computer already has the labtech agent installed then theoretically you could create an automatic task to do this. I am not a connectwise expert though so I can't say specifically how that'd look...and it wasn't really what it was designed for.

If you don't already have a tool in place  you probably won't be able to accomplish this. This has been the realm of MDM solutions for years,  but you have to already have it in place to initiate a remote wipe.
0
Jack MurphyOwnerAuthor Commented:
Any thoughts ideas on a script that I could send from labtech once it sees laptop online and tell it to log off the user and lock the account?

My client feels confident they will get the laptop back but want to lock out the user if they attempt to log back in.  I don't think the user is smart enough to make sure they are offline when / if they attempt to log into the machine before they return it.
0
Cliff GaliherCommented:
Is the machine domain joined and does the user log in with a domain account or local account?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Jack MurphyOwnerAuthor Commented:
They log in with a domain account.  

Am I correct that if they log in at their home, they will still be successful because the laptop will use its cached domain credentials and not be able to communicate with the server to know the password has changed?
0
Cliff GaliherCommented:
Correct. And windows doesn't offer an API to clear cached credentials.  Assuming no group policy overrides it, you could set the local security policy (via registry) to not cache credentials, and that'd effectively clear existing credentials.  BUT it requires a reboot to kick in.  And the user can log in...and chances are they won't be rebooting if they are up to no good.  They may not be smart enough to disconnect from the network, but they probably won't intentionally do things like turn on a laptop and reboot without logging in either.

Issues like this are really tough "after the fact."  Without a tool already in place, I don't have a good solution for you.
0
Jack MurphyOwnerAuthor Commented:
Thank you for the insight.  Do you have any recommendations on how to put this type of precaution in place?
0
Cliff GaliherCommented:
Win10 has MDM support built in.  You just need to pick an MDM provider.  Many exist.   AirWatch, Meraki, ...I think MobileIron is still around....Microsft Intune.  All have a "remote wipe" feature that basically does what it sounds like.  It triggers a reset of the device back to factory default.  Not much different than what iPhones and Androids have had for a few years.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jack MurphyOwnerAuthor Commented:
Appreciate the advice, i will investigate further.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.