How to take control of a stolen remote laptop, i have command line access and more

We have an employee who left the company, and failed to return the company-owned laptop.  The former employee says over and over that she sent it back to us by UPS, although the UPS tracking number was never used.

Anyway, i have ESET Remote Administrator version 6 installed on that laptop (all company computers), which allows an amazing amount of remote control.  Basically, command line access, batch file processing, software package installs, etc.  We also have ammyy ( installed as a service, but didnt note down the ammyy id number (which never changes)

What is a simple way i can use eset remote administrator (essentially sending a batch file to be executed) to do something like:
1. get the ammyy id number sent back to me
2. get some kind of screen control (install something that accepts connections behind a nat firewall)
3. get its outside ip address (eset fails to report this, only reports the internal ip address)

Otherwise i'll just send commands to it so it constantly pops up stolen laptop blah blah... and i'll change all the local windows passwords i guess.
LVL 24
B HAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dr. KlahnPrincipal Software EngineerCommented:
Easier solution:  Call the police and tell them that under the employee's contract for termination of employment, the laptop was not returned and that you consider it stolen.  It should be back in your hands within a day or so.
B HAuthor Commented:
I agree but I'd like to at least have the outside ip address (provable to the employees house i guess) - i mean if the police ask her where it is and she says "i sent it to them" without further proof they couldnt just go in and get it for us
Dean ChafeeIT/InfoSec ManagerCommented:
You can use this to get the public IP:


Open in new window

Don't know how you could get #1 and #2 without GUI.

Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Dean ChafeeIT/InfoSec ManagerCommented:
You could also kill her ability to logon to the machine, assuming she is using a local account, with the Net User command:

C:\temp>net user /?
The syntax of this command is:

[username [password | *] [options]] [/DOMAIN]
         username {password | *} /ADD [options] [/DOMAIN]
         username [/DELETE] [/DOMAIN]
         username [/TIMES:{times | ALL}]
         username [/ACTIVE: {YES | NO}]

You could change the password or delete the account.

Have fun !
Tapan PattanaikSenior EngineerCommented:
As per knowledge Microsoft doesn’t offer an integrated way to track lost Windows PCs and tablets. You’ll need a third-party computer tracking solution — such as Prey — for this.
B HAuthor Commented:
Good suggestions - how would i get the output from that nslookup command returned back to me though - the extent of my access is to send commands to it or tell it to install a software package.  Trying to think of a command-line way to get the output of that sent back to me by any means

changing the passwords will be easy, though if she keeps logging into it i would have more access to it eventually as the antivirus would still check in for commands to run
David Johnson, CD, MVPOwnerCommented:
even better way since you have a cmd prompt
run syskey and enter a random password.. this will prevent local logons unless they know the password. (used by a lot of scammer tech support sites)
Your question, "How would I get the output ..."; can you take a screenshot of the output?

Some other thoughts:
1. Run trace route and screenshot the results
2. If the FTP commands are available, you could redirect the output of any command line to a file (example: ipconfig /all >> %temp%\ipconfig.txt) then upload to an FTP site for review (this also assumes you have access to an FTP site).
Adding to others, run tracert see the first public ip will be their wan ip.

Alternatively run FTP
It will register the connection and the source ip.

Depending on what is on the system generating an email. I a. Stolen and thus my wan ip .... But this will require access to ....

Disable the user's logon.
Net user username /active:no
Or it could be /enabled:no

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
B HAuthor Commented:
Ok so i was looking for a way to do this in one command line with no possibility that i can see the output in real time

What i ended up doing was having the machine issue a single command which would log the access on our ftp server:

echo open our.server.ftp >> ftp &echo user track-this stolen-laptop >> ftp &echo binary >> ftp &echo bye >> ftp &ftp -n -v -s:ftp &del ftp

for bonus points i also set it to pop up a warning message mentioning it was stolen, return to avoid prosecution, etc
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.