Here is one that I have created. It’s pretty simple. The attachment does not contain the download part of the action script, so you will have to get all the requirements (see below) and package them yourself. Let me know if you have any improvements to it.
I think the above sufficiently adds computer recovery to BigFix/TEM. I’d like to be able to query the location of the device and other Prey reporting and have that go directly to a BigFix/TEM analysis. This should be possible, especially since it is open source.
we delt with this and there are a couple things to think about.
it started out as a fixlet for terminated employee laptop locks out, but we also used it as a stolen laptop fixlet.
so we use Dell’s mostly, so I found a Dell utility that is used for setting up the bios of new computers for mass deployment of hardware. you set the bios settings you want and you run this Dell utility and it reads the bios and creates a .exe file. so you can run this .exe on any dell and it will set the bios the same way.
anyway I used this to set the system password, not the bios password but the system hardware password, so it waits at the Dell logo waiting for a password.
so in my fixlet I did two things, in the reg I reset the TPM ownership which triggers a bitlocker prompt and if the computer is a Dell I also run this .exe which locks out the hardware and then I do a forced reboot.
this works great on the employee termination hardware lockouts.
and one would think this would work great on a stolen laptop in theory, but for this to work the computer has to be on the network for bigfix actions to run, so a thief can’t connect to a new wireless connection until they log in, so the only way a stolen laptop lockout can run is if the laptop is connected to a network cable first before booting it up.
anyway 99.9 percent of thieves are just going to reload the OS to make it usable again, they are not going to spend much time on trying to crack the security on the data.
The dell utility is great and I don’t think they know it can be used this way to brick a Dell laptop.
A lot’s changes in the last 11 years, and the way to do this today is via MDM.
Once enrolled in a business account, Windows and Mac systems check in to the MDM provider during installation and whenever they connect to a network, allowing you to enforce policies or wipe machines even if the OS is reinstalled.