Wipe out the magical computer Technology has advanced at an unprecedented rate, with computers becoming an integral part of our daily lives. From personal computers to smartphones, these devices have transformed the way we communicate, work, and entertain ourselves. However, there is one kind of computer that stands out among the rest – the magical computer. The magical computer, also known as a supercomputer, is a type of computer with immense computational power. Its capabilities go beyond that of a regular computer, as it can solve complex problems and process vast amounts of data at incredible speeds. This makes it invaluable in fields such as scientific research, weather forecasting, and even AI development.
Yes you will need a 3rd party application to do that. Itune does stuff like that.. other softwares if you search.. there are dozens. You can think about how you let them connect? Are the apps local to the PC's or are you using a Terminal Server or Citrix environment? Vmware Horizon? Where the OS is securely in your server room and if someone is terminated you can just disabled their access to the OS.
Of course, having your components always turning into useless smoke on a regular basis isn t going to the basis of much magic, so we re going to have to be more creative in what it means to be unreliable. Hello, I am IT director for a medium sized company 100 PC based in Canada and starting 2 years ago like many corporations, we gone from a 100 local business to 75 remote employee working from home from anywhere in Canada and even worldwide I have employees in Europe now.
This makes it invaluable in fields such as scientific research, weather forecasting, and even AI development. However, there is a school of thought that argues for the "wiping out" of these magical computers. They believe that the reliance on supercomputers for solving intricate problems is hindering our own intellectual growth.
Remotely lockdown/wipe corporate computer when employee terminates?
Hello, I am IT director for a medium sized company (100 PC) based in Canada and starting 2 years ago like many corporations, we gone from a 100% local business to 75% remote employee working from home from anywhere in Canada and even worldwide (I have employees in Europe now). Now 40% of our employees are not even living in a local area from our head office.
Because employee are way less trusty these days in 2022, just like any business we have several employee that terminate unexpectedly or needs to by fired for any reasons.
I would like to subscribe to security solution to remotely manage my corporate computer security at an hardware level (sort of). I would like to be able to remotely (from public internet connection, not from a VPN) lockdown a corporate Windows 10 computer (prevent user to login) or in worst case scenario to remote wipe a computer. Pretty much like we are doing with a mobile phone right now using iCloud!
What would be the best solution for that. I've done some quick research, maybe Microsoft InTune could be an option?
*EDIT* sorry I forgot to include few relevant informations;
- Our O365 plan is "business standard" what not include Azure nor InTune for the moment.
- All computers are corporate setup and provided by mail to employee, they are not BYOD
- All corporates computers are bound to a local (on-premise) Active Directory, this is why I can't lock down a local AD account (cached) on the remote computers. I can disable AD account from server and it'll disable VPN and O365 sync, but not local account
Popular Topics in General IT Security
38 Replies
This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. thai pepperYes you will need a 3rd party application to do that. Itune does stuff like that.. other softwares if you search.. there are dozens. You can think about how you let them connect? Are the apps local to the PC's or are you using a Terminal Server or Citrix environment? Vmware Horizon? Where the OS is securely in your server room and if someone is terminated you can just disabled their access to the OS.
Spice (3) flag Report Was this post helpful? thumb_up thumb_down anaheimJohn3367 wrote: Yes you will need a 3rd party application to do that. Itune does stuff like that.. other softwares if you search.. there are dozens. You can think about how you let them connect? Are the apps local to the PC's or are you using a Terminal Server or Citrix environment? Vmware Horizon? Where the OS is securely in your server room and if someone is terminated you can just disabled their access to the OS.
They are using all local apps (mostly O365 suite + some Adobe Apps) and they are using a VPN connection for accessing local file server on-demand but I don't want to relay on VPN connection for that because they are only connected to the VPN a few times per weeks when they requires local file access. This is a pretty simple workflow.
Spice (1) flag Report Was this post helpful? thumb_up thumb_down This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. ghost chiliSimon C. wrote: . Because employee are way less trusty these days in 2022, just like any business we have several employee that terminate unexpectedly or needs to by fired for any reasons. .
Wow, that does not sound good. Who hires these less trusty employees? In our company we do not allow connection to our network from employee's personal computers, if someone needs a computer they are given one and obviously we can control its setup with usernames and passwords plus VPN. All data is kept on the server. Anyone leaves they need to hand back all Company PC's/Laptops/Phones etc but we also disable accounts/change passwords to stop them getting logged in and we use bitlocker on laptops..
Spice (12) flag Report 2 found this helpful thumb_up thumb_down This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. jalapeno We use Absolute and Scalefusion depending on the device, both let us remotely lock/wipe a machine. Spice (2) flag Report Was this post helpful? thumb_up thumb_down anaheim Briser_fae_the_broch wrote:Simon C. wrote: . Because employee are way less trusty these days in 2022, just like any business we have several employee that terminate unexpectedly or needs to by fired for any reasons. .
Wow, that does not sound good. Who hires these less trusty employees? In our company we do not allow connection to our network from employee's personal computers, if someone needs a computer they are given one and obviously we can control its setup with usernames and passwords plus VPN. All data is kept on the server. Anyone leaves they need to hand back all Company PC's/Laptops/Phones etc but we also disable accounts/change passwords to stop them getting logged in and we use bitlocker on laptops.. I think my initial question may miss some relevant information because we are not on the same page here. All the employee are working using corporate computers that are provided by our IT department. They are all bound to Active Directory with Group Policies, data encryption, admins rights limitation, etc. The only "issue" I have is because those employees are all in remote locations, I have no physical access to these corporate computer as they are sent to the employee with UPS or FEDEX and when they are terminating, I have no real way to ensure that the computer will be returned to us. So far so good, during the last 2 years not a single computer has been "stolen" that way over a about 30 departure and hiring.
Spice (2) flag Report Was this post helpful? thumb_up thumb_down mace I suggest Connectwise, you can shut down a device in seconds for a termed employee or lost device. Spice (1) flag Report Was this post helpful? thumb_up thumb_down This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. mace Simon C. wrote:John3367 wrote: Yes you will need a 3rd party application to do that. Itune does stuff like that.. other softwares if you search.. there are dozens. You can think about how you let them connect? Are the apps local to the PC's or are you using a Terminal Server or Citrix environment? Vmware Horizon? Where the OS is securely in your server room and if someone is terminated you can just disabled their access to the OS.
They are using all local apps (mostly O365 suite + some Adobe Apps) and they are using a VPN connection for accessing local file server on-demand but I don't want to relay on VPN connection for that because they are only connected to the VPN a few times per weeks when they requires local file access. This is a pretty simple workflow. What is your O365 license level? Intune is included as part of O365 if you have the right licenses. For example if you have Business Premium then you already have intune licensed and just need to set it up and enroll your machines to get remote wipe (and a lot more) abilities
Spice (8) flag Report 6 found this helpful thumb_up thumb_down This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. cayenneIf you have SCCM, among so many other things you can block the system from the "Devices" list. You can also configure and use Azure AD / Intune to manage your devices from the initial provisioning, to rolling out apps and upgrades, to remote locking, deactivating and wiping them, Both solutions are very doable, but neither is a trivial exercise, nor are they cheap in terms of setup time (consulting?) and licensing. Not too familiar with other third party device management solutions (Desktop Central or Airwatch come to mind), but the same will apply.
For remote client devices that are not 100% managed, there are a couple of other things you can do, for example:
1. Force "Always-On" VPN, i.e. establishing the VPN tunnel before logging into Windows, and do not allow Windows to cache the last x logins. That way, if the user account is removed from the VPN group or otherwise disabled, no login to Windows possible.
2. Allow login with cached credentials, but do not give users any local admin rights (which they should never have anyway). That way, if the user account is removed from the VPN group or otherwise disabled, it can still login with cached credentials, but will not be able to access network resources or install anything funky on the device. 3. In addition, use a security´monitoring and management solution such as SentinelOne (my preference, no financial interest) that allows you to disconnect a suspicious device from the network. That means not only the corporate network / VPN - S1 does some kind of magic with the network stack on the computer, which then loses ALL network access except to SentinelOne. Of course disgruntled users could still take a hammer to the machine, glue the USB ports and the keyboard shut, etc., - great argument for only giving good hardware to reliable people - but most people won't go that far. The main thing is to disable/delete their user accounts and using appropriate security policies and tools to exclude or at least minimize any damage they can do the local system and network.
If it's a Win10 box and they are logged into Microsoft accounts that you set up, you should be able to change the password online. Subsequent login failures would lock them out. Otherwise; preinstalled software, remote SSH login over the internet, or some other pre-planned access method needs to have been deployed already. Failing that, you need physical access to the box. If they don't return it, you might have to report it stolen. Why this is becoming a problem 2 years after the pandemic started is a bit confusing.
Spice (2) flag Report Was this post helpful? thumb_up thumb_down This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. habaneroSimon C. wrote: . So far so good, during the last 2 years not a single computer has been "stolen" that way over a about 30 departure and hiring.Good to know that they aren't really less trustworthy. And, that you are still ahead of the problem. Spice (1) flag Report Was this post helpful? thumb_up thumb_down anaheim molan wrote: Simon C. wrote:
John3367 wrote: Yes you will need a 3rd party application to do that. Itune does stuff like that.. other softwares if you search.. there are dozens. You can think about how you let them connect? Are the apps local to the PC's or are you using a Terminal Server or Citrix environment? Vmware Horizon? Where the OS is securely in your server room and if someone is terminated you can just disabled their access to the OS.
They are using all local apps (mostly O365 suite + some Adobe Apps) and they are using a VPN connection for accessing local file server on-demand but I don't want to relay on VPN connection for that because they are only connected to the VPN a few times per weeks when they requires local file access. This is a pretty simple workflow. What is your O365 license level? Intune is included as part of O365 if you have the right licenses. For example if you have Business Premium then you already have intune licensed and just need to set it up and enroll your machines to get remote wipe (and a lot more) abilities I have the Business Standard plan, which are not include InTune unfortunately. At this point I am considering changing my plan for Premium, what mean to increase my monthly charges of about 12$ per user x 100 users = 1200$, but that probably worth it since it's also including Azure Premium, what mean that I could eventually drop my "on-premise" Active Directory which is still Windows Server 2012 R2 and who will have required a new licence purchase and a full AD schema upgrade later. Thx!
Spice (1) flag Report Was this post helpful? thumb_up thumb_down anaheim jessevas wrote:Simon C. wrote: . So far so good, during the last 2 years not a single computer has been "stolen" that way over a about 30 departure and hiring.
Good to know that they aren't really less trustworthy. And, that you are still ahead of the problem. Well, I should have mentioned that while every cases from the past 2 years finally had an happy ending, it were not without a lot of work from myself and other company's managers, lots of delays, lots of pressure, few formal notice, etc., so this is why at some point I still qualify this as not much trustworthy.
Spice (1) flag Report Was this post helpful? thumb_up thumb_down anaheimjessevas wrote: If it's a Win10 box and they are logged into Microsoft accounts that you set up, you should be able to change the password online. Subsequent login failures would lock them out. Otherwise; preinstalled software, remote SSH login over the internet, or some other pre-planned access method needs to have been deployed already. Failing that, you need physical access to the box. If they don't return it, you might have to report it stolen. Why this is becoming a problem 2 years after the pandemic started is a bit confusing.
Actually all our corporate computers are joined to our on-premise Active Directory for user authentication, so for the moment if I disable and lock the user account from the on-premise Active Directory, then sync it to O365 and other Cloud services, it doesn't disable the local AD account which is cached in the computer.
Spice (1) flag Report Was this post helpful? thumb_up thumb_down This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. jalapenoTake a look at DriveStrike. It might be what you are looking for. https://drivestrike.com/ Opens a new window
Spice (1) flag Report 1 found this helpful thumb_up thumb_down This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. cayenne Desktop Central by Manage Engine may also meet your needs. Spice (8) flag Report 1 found this helpful thumb_up thumb_down This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. anaheimContracts and Agreements my friend. Since its a company computer, they are to use it for company purposes and any other use can result in termination. Upon termination they have 14 days to return equipment to company otherwise it will be deducted from their final pay. You can even through some words around in the agreement that speak about stolen goods etc. Make sure they agree to the agreement and sign and date before you send it out. Now OfCourse this is assuming you are running a business where you are having your employee's fill out the proper paperwork, and verified all of their information before hiring them in.
Spice (2) flag Report 1 found this helpful thumb_up thumb_down maceYou are gong to need some kind of MDM solution here. If thats MS Intune or other solution. Consider there is going to be spend for any new features you acquire (M$ or third party). You need to factor in your MDM costs vs how many times you actually lost assets and your spend to replace the lost asset. I know some companies will just continue on with trusting their remote workers because the cost benefit of MDM is outweighed by the spend for the MDM solution. What is hard to put a price on is the loss of intellectual property that goes with the asset. That also has to be taken in account in the cost/benefit decision.
Your remote wipe solution can't be dependent of a VPN connection because standard practice is to disable user account immediately upon termination (in both terms of the word). There should never be a chance for them to login "one last time" to reach command and control to wipe the system. Your MDM solution will need to have an internet presence so as soon as the device is turned on and is connected the internet it receives the wipe command. While its to late for your current fleet of computers, Dell has sold its laptops with a computrace add-on for years. This solution hooks in below the OS, at the firmware level so even if the terminated person wipes the computer computrace lojack will still reach out to its C&C system to retrieve instructions.
At least in the USA I can see a need for companies to have this type of MDM solution's in place with the numbers of employees jumping ship for greener pastures, to ensure their assets get returned.
Simon C. wrote: . Because employee are way less trusty these days in 2022, just like any business we have several employee that terminate unexpectedly or needs to by fired for any reasons. .
Wow, that does not sound good. Who hires these less trusty employees? In our company we do not allow connection to our network from employee's personal computers, if someone needs a computer they are given one and obviously we can control its setup with usernames and passwords plus VPN. All data is kept on the server. Anyone leaves they need to hand back all Company PC's/Laptops/Phones etc but we also disable accounts/change passwords to stop them getting logged in and we use bitlocker on laptops.. I think my initial question may miss some relevant information because we are not on the same page here. All the employee are working using corporate computers that are provided by our IT department. They are all bound to Active Directory with Group Policies, data encryption, admins rights limitation, etc. The only "issue" I have is because those employees are all in remote locations, I have no physical access to these corporate computer as they are sent to the employee with UPS or FEDEX and when they are terminating, I have no real way to ensure that the computer will be returned to us. So far so good, during the last 2 years not a single computer has been "stolen" that way over a about 30 departure and hiring. Depending on pay structure, HR should be helping. Add a term of employment that allows the company to retain all due pay and ROE's until all company devices are returned. In most cases final paychecks are going to be more than the value of any hardware. if these are pure commission sales people this is a challenge because ones that are quitting have likely copied down any contacts they want, but you could restrict local caching of email so the computer is basically empty all the time anyway. Force them to save all data to the local server over VPN and allow no local storage. OWN YOUR DATA or a departing employee will.
Spice (2) flag Report 1 found this helpful thumb_up thumb_down This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. chipotleSoti Mobicontrol allows gps tracking, remote app install/delete, remote wipe, remote display, etc. We were in the process of firing someone and wanted him to return his phone, laptop and all company equipment. He claimed to be on a fishing trip with no access to the stuff, however Mobi showed he was in his house on the phone he was using to talk to us. We informed him that we knew his location and his lawyers could talk to ours, or he could provide a UPS tracking number within the next 10 minutes. He knew we had that technology because we assisted him in finding a lost phone. To prove the point I took control of his phone and launched google maps which showed his location.
oliverw8 wrote: If you have SCCM, among so many other things you can block the system from the "Devices" list. You can also configure and use Azure AD / Intune to manage your devices from the initial provisioning, to rolling out apps and upgrades, to remote locking, deactivating and wiping them, Both solutions are very doable, but neither is a trivial exercise, nor are they cheap in terms of setup time (consulting?) and licensing. Not too familiar with other third party device management solutions (Desktop Central or Airwatch come to mind), but the same will apply.
For remote client devices that are not 100% managed, there are a couple of other things you can do, for example:
1. Force "Always-On" VPN, i.e. establishing the VPN tunnel before logging into Windows, and do not allow Windows to cache the last x logins. That way, if the user account is removed from the VPN group or otherwise disabled, no login to Windows possible.
2. Allow login with cached credentials, but do not give users any local admin rights (which they should never have anyway). That way, if the user account is removed from the VPN group or otherwise disabled, it can still login with cached credentials, but will not be able to access network resources or install anything funky on the device. 3. In addition, use a security´monitoring and management solution such as SentinelOne (my preference, no financial interest) that allows you to disconnect a suspicious device from the network. That means not only the corporate network / VPN - S1 does some kind of magic with the network stack on the computer, which then loses ALL network access except to SentinelOne. Of course disgruntled users could still take a hammer to the machine, glue the USB ports and the keyboard shut, etc., - great argument for only giving good hardware to reliable people - but most people won't go that far. The main thing is to disable/delete their user accounts and using appropriate security policies and tools to exclude or at least minimize any damage they can do the local system and network.
- local_offer Tagged Items
- oliverw8
MichiganMan wrote: Contracts and Agreements my friend. Since its a company computer, they are to use it for company purposes and any other use can result in termination. Upon termination they have 14 days to return equipment to company otherwise it will be deducted from their final pay. You can even through some words around in the agreement that speak about stolen goods etc. Make sure they agree to the agreement and sign and date before you send it out. Now OfCourse this is assuming you are running a business where you are having your employee's fill out the proper paperwork, and verified all of their information before hiring them in.
Good point. However some of my employee are provided a 10K$+ computer setup (CTO MacBook Pro, 4K monitor, accessoires) which is way way more $$ than their final pay. But for the others that could be relevant. We already have a 25 pages work and confidentiality agreement signed with all employee, I am pretty sure this sentence could be easily added.
Was this post helpful? thumb_up thumb_down maceSimon C. wrote: Good point. However some of my employee are provided a 10K$+ computer setup (CTO MacBook Pro.
Well this adds a bit of leverage for an MDM solution here because of the recovery cost of the asset. The other point of the comment is you mentioned Macbook, so we are not just thinking about a windows platform. So your MDM needs to span both Windows and MacOS.
Do you allow users to access company email via their personal devices? If yes how do you recover company related information from the mobile devices when someone is terminated?
If you are using office 365, why not just sign them out from the admin portal. change their password and remove their licence for the apps. It will kick them out with 60 minutes on any device they are signed into, with the account locked, and the licence removed they cant do much on the laptop.
$\begingroup$ This sounds a bit like the"Halting problem" in Turing computers. I'm not entirely clear how this will work in the situation you've set up, though. cs.odu.edu/~toida/nerzic/390teched/computability/unsolv-1.html $\endgroup$
Instead of exerting effort and finding solutions on our own, we have become dependent on these machines to do the work for us. In doing so, we risk losing that human touch, that ability to think critically and creatively. The proponents of wiping out magical computers argue that by doing so, we would be forced to rely on our own brains and mental capacity to solve problems. This could lead to great leaps in human ingenuity and advance our understanding of the world in unexpected ways. They believe that the removal of these machines would ignite a new era of human intelligence and innovation. However, the idea of wiping out magical computers is not without its critics. Those in favor of these machines point out their positive impact on society. Supercomputers have played a crucial role in scientific breakthroughs, medical advancements, and even space exploration. Without them, we may be limited in our potential to discover and understand the unknown. In conclusion, the debate surrounding the wiping out of magical computers is a complex one. While some argue for a return to a time when human intellect prevailed, others emphasize the benefits that supercomputers bring to society. It is important to strike a balance between reliance on technology and the preservation of our own mental capacities. Perhaps the answer lies in finding ways to utilize supercomputers to enhance human intelligence rather than replace it entirely..
Reviews for "How Magical Computers Are Robbing Us of Authentic Human Connection"
1. Jenny - 2/5 - I was really excited to read "Wipe out the magical computer" as I love fantasy and technology. However, I was highly disappointed with the book. The plot was confusing, and the characters were poorly developed. It felt like the author didn't have a clear direction and kept adding unnecessary elements to the story. Furthermore, the writing style was choppy and lacked depth. Overall, I found it difficult to connect with the story and was left unsatisfied.
2. Mark - 1/5 - "Wipe out the magical computer" was a complete waste of my time. The premise sounded interesting, but the execution was abysmal. The story lacked coherence and the characters were one-dimensional. The dialogue was awkward and unrealistic, making it even more difficult to get through the book. Additionally, the pacing was all over the place, with sudden jumps in time and events that made no sense. I would not recommend this book to anyone looking for a well-crafted fantasy tale.
3. Emily - 2/5 - After hearing good things about "Wipe out the magical computer," I had high hopes for this book. Unfortunately, it fell short of my expectations. The plot was predictable and lacked originality. There were no surprises or twists to keep me engaged. The main character was also rather annoying and lacked depth, making it hard to root for their success. Overall, the book felt like a generic and bland attempt at a fantasy novel. I was left feeling disappointed and uninterested in any potential sequels.