A discussion took place about different security options for laptops, specifically a method to prevent bootup in the event of theft. It was mentioned that ControlUp does not have this feature, but there is a user voice open for it. It was also suggested to use MDM or Intune for this purpose, but it was noted that a script will not run if the agent cannot communicate with the device. Some laptops have Absolute software built-in for this purpose. Another possible solution is using BitLocker with TPM+PIN, but it is important to ensure proper policies are in place for it to be effective. URL mentioned: www.absolute.com
Read the entire ‘Securing Laptops with ControlUp and other Options’ thread below:
not sure if this is the right channel (sorry, if not). I know about various security software that allows you to "freeze" a laptop if it gets lost or stolen so they get stuck on a customized screen after POST, preventing bootup. I’m aware ControlUP does not do this but is there a way to achieve a similar functionality? I know we wont be able to fully "freeze" the laptop but is there a script that maybe someone has created to essentially prevent the laptop from booting?
I need to double check but there is a user voice open for this
But this is more an MDM function do you have Intune ? Or something similar?
A script will not run on the device if the agent cannot communicate with your tenant
Sonid the device is lost or stolen and the agent doesn’t check in it will not send the script
Some laptops have Absolute (www.absolute.com) built-in, but of course you’d a) have to pay for it and b) have to set it up in advance of the machine being stolen. Some manufacturers (e.g. I know Dell do this) will let you inform them that a machine has been stolen and then they’ll block all support requests on that hardware (in theory).
As Eugene said, if you have no way to communicate with the device to tell it that it is stolen, how will it know?
You can make the machine inherently more secure if you use BitLocker with the TPM+PIN option – that’ll stop the machine booting to an OS (which is more attackable), but of course you have to ensure that the machine is shut down or in hibernate before it goes anywhere where it might be stolen – that’s part human policy and part group policy (or MDM).
Continue reading and comment on the thread ‘Securing Laptops with ControlUp and other Options’. Not a member? Join Here!
Categories: All Archives, ControlUp for Desktops, ControlUp Scripts & Triggers