(imported topic written by SystemAdmin)
Hey everybody… I’ve got a little project that I want to write but thought that I’d ask around here first.
What are your thoughts around creating a Self-Destruct fixlet to run on stolen systems?
FYI yes, we are working on rolling out Whole Disk Encryption, but unfortunately WDE doesn’t do much if the laptop isn’t rebooted.
Anyway I’d love to hear your suggestions. Thanks! -s
(imported comment written by BenKus)
Here is some info:
http://forum.bigfix.com/viewtopic.php?id=1886
http://forum.bigfix.com/viewtopic.php?id=2112
http://forum.bigfix.com/viewtopic.php?id=428&p=1
Ben
(imported comment written by cstoneba)
Here is one that I have created. It’s pretty simple. The attachment does not contain the download part of the action script, so you will have to get all the requirements (see below) and package them yourself. Let me know if you have any improvements to it.
Requirements:
1a) You will need to configure this ini file to silently run and where to put the pictures
The C++ 2005 x86 (vcredist_x86.exe)
sdelete.exe (http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx)
Here’s what it does:
If there is a camera present, install the C++ 2005 for x86 so WFWgrab will run. Then take 4 pictures
Output the current time, date, and external IP to a text file called info.txt
Upload any pictures taken and info.txt to the BES Server
using sdelete, delete either the c:\users or the c:\documents and settings folder
Note: Neither I nor BigFix is responsible for any data loss due to the attached fixlet
(imported comment written by SystemAdmin)
You might find this of interest in trying to recover a stolen computer: http://forum.bigfix.com/viewtopic.php?pid=36772
I think the above sufficiently adds computer recovery to BigFix/TEM. I’d like to be able to query the location of the device and other Prey reporting and have that go directly to a BigFix/TEM analysis. This should be possible, especially since it is open source.
we delt with this and there are a couple things to think about.
it started out as a fixlet for terminated employee laptop locks out, but we also used it as a stolen laptop fixlet.
so we use Dell’s mostly, so I found a Dell utility that is used for setting up the bios of new computers for mass deployment of hardware. you set the bios settings you want and you run this Dell utility and it reads the bios and creates a .exe file. so you can run this .exe on any dell and it will set the bios the same way.
anyway I used this to set the system password, not the bios password but the system hardware password, so it waits at the Dell logo waiting for a password.
so in my fixlet I did two things, in the reg I reset the TPM ownership which triggers a bitlocker prompt and if the computer is a Dell I also run this .exe which locks out the hardware and then I do a forced reboot.
this works great on the employee termination hardware lockouts.
and one would think this would work great on a stolen laptop in theory, but for this to work the computer has to be on the network for bigfix actions to run, so a thief can’t connect to a new wireless connection until they log in, so the only way a stolen laptop lockout can run is if the laptop is connected to a network cable first before booting it up.
anyway 99.9 percent of thieves are just going to reload the OS to make it usable again, they are not going to spend much time on trying to crack the security on the data.
The dell utility is great and I don’t think they know it can be used this way to brick a Dell laptop.
A lot’s changes in the last 11 years, and the way to do this today is via MDM.
Once enrolled in a business account, Windows and Mac systems check in to the MDM provider during installation and whenever they connect to a network, allowing you to enforce policies or wipe machines even if the OS is reinstalled.
true, but this is a cheap solution for those companies that are not ready for a MDM solution yet.