Start Free TrialLog in
Avatar of Pau Lo
Pau Lo

asked on 

unused computer devices - administrator approach.

What is your general approach to end user devices (Windows Laptops) that have not logged into your private network for a significant period of time? For as long as they are offline, they are obviously falling behind on updates/AV signatures etc, and therefore I presume there becomes a period of time whereby action needs to be taken by an administrator.  
I recall when our devices were joined to on-premises AD, the admins would disable the devices after a pre-defined number of days of no login activity, in the same way they would stale accounts. Now the devices are in InTune/Endpoint Manager, I am not so sure if that system naturally manages unused devices (and how), or if there is still an onus on an administrator to take some form of remedial or preventative action – hence querying – what is your approach?

Windows OSLaptops NotebooksNetwork ManagementWindows 10
Avatar of undefined
Last Comment
William Fulks
ASKER CERTIFIED SOLUTION
Avatar of William Fulks
William Fulks
Flag of United States of America image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Pau Lo
Pau Lo

ASKER

Sounds like a sensible approach. I take it you aren't using InTune? I was wondering if that system may automatically handle such scenarios, e.g. auto-disable no recently 'checked in' devices.
Avatar of William Fulks
William Fulks
Flag of United States of America image
I know you can set device cleanup rules in InTune to do this. Just choose what kind of interval you want to set.
Avatar of Pau Lo
Pau Lo

ASKER

Do you think there is much risk in not disabling them from a security/vulnerability management perspective. Granted, its poor practice from an asset management perspective (and could even point to lost/stolen equipment), but in your view do your update & patching systems take effect fairly quickly as soon as devices login even after a window of inactivity?
Avatar of William Fulks
William Fulks
Flag of United States of America image
The risks include missing patches and program updates, AV definitions updates, policy updates, etc. Also, if someone stole the device and were still able to get into the system using an old cached password, they could possibly use it to gain network access.
Windows OS
Windows OS

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent