How to take control of a stolen remote laptop, i have command line access and more

We have an employee who left the company, and failed to return the company-owned laptop.  The former employee says over and over that she sent it back to us by UPS, although the UPS tracking number was never used.

Anyway, i have ESET Remote Administrator version 6 installed on that laptop (all company computers), which allows an amazing amount of remote control.  Basically, command line access, batch file processing, software package installs, etc.  We also have ammyy (ammyy.com) installed as a service, but didnt note down the ammyy id number (which never changes)

What is a simple way i can use eset remote administrator (essentially sending a batch file to be executed) to do something like:
1. get the ammyy id number sent back to me
2. get some kind of screen control (install something that accepts connections behind a nat firewall)
3. get its outside ip address (eset fails to report this, only reports the internal ip address)

Otherwise i'll just send commands to it so it constantly pops up stolen laptop blah blah... and i'll change all the local windows passwords i guess.
LVL 24
B HAsked:
Who is Participating?
 
arnoldCommented:
Adding to others, run tracert 8.8.8.8 see the first public ip will be their wan ip.

Alternatively run FTP FTP.yourdomain.com
It will register the connection and the source ip.

Depending on what is on the system generating an email. I a. Stolen and thus my wan ip .... But this will require access to ....

Disable the user's logon.
Net user username /active:no
Or it could be /enabled:no
...
0
 
Dr. KlahnPrincipal Software EngineerCommented:
Easier solution:  Call the police and tell them that under the employee's contract for termination of employment, the laptop was not returned and that you consider it stolen.  It should be back in your hands within a day or so.
1
 
B HAuthor Commented:
I agree but I'd like to at least have the outside ip address (provable to the employees house i guess) - i mean if the police ask her where it is and she says "i sent it to them" without further proof they couldnt just go in and get it for us
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Dean ChafeeIT/InfoSec ManagerCommented:
You can use this to get the public IP:

nslookup myip.opendns.com. resolver1.opendns.com

Open in new window


Don't know how you could get #1 and #2 without GUI.

Regards
0
 
Dean ChafeeIT/InfoSec ManagerCommented:
You could also kill her ability to logon to the machine, assuming she is using a local account, with the Net User command:

C:\temp>net user /?
The syntax of this command is:

NET USER
[username [password | *] [options]] [/DOMAIN]
         username {password | *} /ADD [options] [/DOMAIN]
         username [/DELETE] [/DOMAIN]
         username [/TIMES:{times | ALL}]
         username [/ACTIVE: {YES | NO}]

You could change the password or delete the account.

Have fun !
0
 
Tapan PattanaikSenior EngineerCommented:
As per knowledge Microsoft doesn’t offer an integrated way to track lost Windows PCs and tablets. You’ll need a third-party computer tracking solution — such as Prey — for this.
0
 
B HAuthor Commented:
Good suggestions - how would i get the output from that nslookup command returned back to me though - the extent of my access is to send commands to it or tell it to install a software package.  Trying to think of a command-line way to get the output of that sent back to me by any means

changing the passwords will be easy, though if she keeps logging into it i would have more access to it eventually as the antivirus would still check in for commands to run
0
 
David Johnson, CD, MVPOwnerCommented:
even better way since you have a cmd prompt
run syskey and enter a random password.. this will prevent local logons unless they know the password. (used by a lot of scammer tech support sites)
0
 
David GipeCommented:
Your question, "How would I get the output ..."; can you take a screenshot of the output?

Some other thoughts:
1. Run trace route and screenshot the results
2. If the FTP commands are available, you could redirect the output of any command line to a file (example: ipconfig /all >> %temp%\ipconfig.txt) then upload to an FTP site for review (this also assumes you have access to an FTP site).
0
 
B HAuthor Commented:
Ok so i was looking for a way to do this in one command line with no possibility that i can see the output in real time

What i ended up doing was having the machine issue a single command which would log the access on our ftp server:

echo open our.server.ftp >> ftp &echo user track-this stolen-laptop >> ftp &echo binary >> ftp &echo bye >> ftp &ftp -n -v -s:ftp &del ftp

for bonus points i also set it to pop up a warning message mentioning it was stolen, return to avoid prosecution, etc
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.