[SOLVED] In need of a script to crash a computer or block all logins

Aug 13, 2019
15
0
10
I have a laptop that has an agent on it to where I can push a script or monitor it if needed. The laptop should have been returned however it has not yet. It does have bitlocker on it along with a pin. The downside is that it has been turned off for a while and I can't login remotely. It's not hooked up to the domain either so group policy is out. I need a script that can either block all users, specifically domain if possible, or to make a computer completely unusable unless windows reinstalled. We have the recovery key available here so I'm not beyond changing pins or anything else. I need to make sure that the user who has it, can't access anything on the hard drive or turn on the computer or login. Something along those lines. Whatcha got?
 
Aug 13, 2019
15
0
10
Well yes it is true that you can't push a script onto a computer that is turned off, I do have the ability to have a script waiting for an indefinite amount of time so that when it turns on it runs the script. Doesn't matter if it's on the domain or not just needs to be on and hooked up to some internet. It's not an ideal situation but it's a very small window of something that I can do.
 

USAFRet

Titan
Moderator
You can't push a script to a random system that just because he turns it on and it happens to have an internet connection.

Unless there is some functionality to phone home that is already on the system (Domain authentication!), it is just a random PC.
 
Aug 13, 2019
15
0
10
There's an agent installed on the machine to monitor it so I can tell when it's turned on or when it's not turned on. And when it is turned on there's quite a bit I can do with the PC. And when it's not turned on I have the capability to push a script and it holds the script until the PC turns on and runs it. I'm just needing to find a script to run.
 
Aug 13, 2019
15
0
10
Yes I have that but I need something that's going to keep him from being able to log back in the second time which is why I'm kind of looking into registry deletion but I can't make that work in a test environment. I need something that can either change the BitLocker pin and then shut down or delete the registry and then shut down. Or if there's a way to block anyone from logging in and then shut down.
 
Aug 13, 2019
15
0
10
It's a HIPAA compliancy issue. The user was a remote user so we log them in through the domain and then disconnected from the domain so that they could actually login still. So the credentials are still on the computer. The user left the company and was supposed to turn the computer in however that didn't happen yet because they are supposedly lazy. But due to the timeframe it's getting close to HIPAA violation
 

USAFRet

Titan
Moderator
Ahhh...

Time to start legal threats.
"Return the laptop by close of business on Friday, or...."

I would think HIPAA would kick in as long as he has physical possession.
Remove the drive, boot up in non-connected system, your data is still compromised.
 
Aug 13, 2019
15
0
10
Well that would be the case if he had the recovery key but all he currently has is the BitLocker pin which is connected to the TPM. In order for him to access the drive some other way he'd have to remove it and he has no keys to do so.
 
Aug 13, 2019
15
0
10
The only concern with HIPAA would be if he saved any documents or anything on the local machine instead of to the cloud like he was supposed to. Unfortunately there's no way to check unless he turns it on. The security officer is wanting us to wipe the machine or have some way of being able to block him from accessing the machine. So far all of my tests have come back negative or with some sort of error that occurred. I did find a way to delete the user's profile but they were still able to log in so it was kind of a win but at the same time not 100% secure.
 
Aug 13, 2019
15
0
10
I have tried that as a script however it doesn't take the new PIN number as a parameter. You have to manually enter it. I will however try it once I get back to work with the added variables that were in that article. Thank you for that
 

punkncat

Champion
Ambassador
I am of the assumption that this employee has already received last paycheck and time/vacation owed?

Usually in a situation like this (corporate policies/law notwithstanding) it's a case of "your last paycheck is at the front desk along with the checklist of items you need to return to have it".
 
  • Like
Reactions: USAFRet
Aug 13, 2019
15
0
10
Well, I tried both of those in my test environment. Neither one worked just because it doesn't except the input for the passwords or pins. Those have to be manually entered. Back to the drawing board. Thank you for the advice though.