Something to bear in mind for the future
We run encryption software on our laptops that only decrypts on a successful login. If the laptop gets nicked, it'll fail and lock it out for good. In the even of a former owner going off with it, disable their account and the second they try to get back onto the company network with it, it'll disable it.

We don't allow anyone with a laptop to save anything locally, so if they steal the laptop and don't connect it to the network, all they have is two hundred quid's worth of paperweight, they can't reformat, or reinstall Windows because they don't have admin rights to the machine and they can't steal any data as they're locked out of the network. Once the cached password details expire, the encryption software will refuse to even allow them to see the Windows loading screen until the password's changed.

I know it doesn't help you now, but it might in the future.
( Kroney, Thu 7 Oct 2010, 10:08, 2 replies, latest was 15 years ago)

That is good to know. Thanks. What is the name of the software?

(lkjshaglkasjdhglkhjz lkcvl; g;aodh;owih, Thu 7 Oct 2010, 10:12, Reply)

The one we use
is called Utimaco. It's a complete pig to administer, but very effective. Perhaps a little too effective, the amount of unlocks I have to do.
( Kroney, Thu 7 Oct 2010, 10:14, Reply)

Having been involved with a similar system when I worked "in the real world"
I'd suggest that if your company is too small to happily write off a laptop it's probably way too small for it to be worth it to run something like that.
( the mighty badger Aphrodite, on a bar stool, by your side, Thu 7 Oct 2010, 10:33, Reply)

It is mainly the data and the fact that our cap-ex budget is spent for this year.
Our margins on the work we do are good - I just re-invest most of this back in to the company to fund growth.
(lkjshaglkasjdhglkhjz lkcvl; g;aodh;owih, Thu 7 Oct 2010, 10:37, Reply)

Like Kroney says - these things are a cunt to administer.
You might need to employ a new IT admin just for that. It's about the size more than anything. Unless you've got heading to 100 staff who all use remote login on work laptops I'd not bother. But then my experience is going back about 8 years.
( the mighty badger Aphrodite, on a bar stool, by your side, Thu 7 Oct 2010, 10:39, Reply)

It'd definitely be worth
removing admin rights to the laptops, though. Restrict them from saving stuff locally and you stop them stealing business.
( Kroney, Thu 7 Oct 2010, 10:38, Reply)

Been there and done that.
It massively pisses off staff in a small company. It basically says "fuck you, I've employed you but that doesn't mean I trust you"

It does depend on how "adult" your staff are, but IME it just created a situation where a bunch of staff thought that we valued the computing equipment more than them. Not a good situation in a small company.
( the mighty badger Aphrodite, on a bar stool, by your side, Thu 7 Oct 2010, 10:41, Reply)

My colleagues will be amongst the first to tell you
that I'm a bit jackboot in my approach to these things. In response, I'd say screw the staff, it's my job to protect the company's business, not their feelings.

Which is why I'm in a monolithic corporation, of course.
( Kroney, Thu 7 Oct 2010, 10:51, Reply)

I don't think you're wrong.
But in a company of 20-30 people, most of whom had PhDs, sometimes maintaining a pleasant working environment is more important than the occasional disappearing laptop ;)
( the mighty badger Aphrodite, on a bar stool, by your side, Thu 7 Oct 2010, 10:56, Reply)

I guess that would depend
on what's potentially on the laptop :P
( Kroney, Thu 7 Oct 2010, 11:00, Reply)

Can you not wipe the CMOS using the onboard jumpers
and reinstall windows?
( Peej, Thu 7 Oct 2010, 10:28, Reply)

and what does that mean in English?

(lkjshaglkasjdhglkhjz lkcvl; g;aodh;owih, Thu 7 Oct 2010, 10:29, Reply)

CMOS
Is a sort of onboard memory for the system board, it keeps everything that you set in BIOS (which is a system board program for various different things, including what the machine looks at first when it boots up). Now assuming that by default the machine looks at the CD-ROM drive first at boot-up you could in theory pull the jumpers, clear CMOS, insert a Windows disc and reinstall Windows. Not all of them do have the CD-ROM set as the first boot device by default, though, and even if they did, you'd have to wipe the partition the data's on to get full use of the harddrive back. If you didn't, you'd just have a second partition on the drive that you couldn't access because you still don't have admin privileges.

*breathes*
( Kroney, Thu 7 Oct 2010, 10:46, Reply)

Possibly
but you'd have to be pretty knowledgeable to do that. I think, though, that clearing CMOS just resets BIOS.
( Kroney, Thu 7 Oct 2010, 10:32, Reply)

Yup and where else are they going to store passwords to stop people reinstalling windows?
And where else can you change the CD rom as first boot device.
( Peej, Thu 7 Oct 2010, 11:56, Reply)

indeed
b3ta.com/questions/offtopic/post899030
( Kroney, Thu 7 Oct 2010, 12:02, Reply)

Yes but you say that this presumes the PC looks at the CD rom drive first
If you reset the CMOS the bios is then open wide for you to go in and change that.
( Peej, Thu 7 Oct 2010, 12:43, Reply)

I also said that
you'd have to delete the partition with the data on it or put up with a computer with a partly encrypted hard drive.
( Kroney, Thu 7 Oct 2010, 12:47, Reply)