adrockk Contributor.
Contributor.
1695 views

Tracking Laptops

I want to make sure laptops that we provide get brought in and actually
connected to our network every so often (so our AV, Zenworks, WSUS, etc can
"discover" and manage them). Anyone know of a way to make sure this happens?
Maybe disable user accounts on the local machine if they haven't been logged
into the network for so long, or lock the device. If it's something Zen can
do, I'll gladly move it to that forum, just looking for a starting point.
Thanks!
Adam

Labels (1)
0 Likes
23 Replies
jmarton2 Absent Member.
Absent Member.

Re: Tracking Laptops

On Wed, 06 Jan 2010 20:17:52 +0000, Adam Gabriel wrote:

> I want to make sure laptops that we provide get brought in and actually
> connected to our network every so often (so our AV, Zenworks, WSUS, etc
> can "discover" and manage them). Anyone know of a way to make sure this
> happens? Maybe disable user accounts on the local machine if they
> haven't been logged into the network for so long, or lock the device.
> If it's something Zen can do, I'll gladly move it to that forum, just
> looking for a starting point. Thanks!


I wonder if this is something that NAC can do. I know it's designed for
determining who gets access to the network, but perhaps some NAC
solutions can also control disconnected laptops? Might be worth looking
into the Novell NAC solution, a solution from your AV vendor if they have
one (I know McAfee does), and possibly even Cisco if you use them for
your switches.




--
Joe
With great power comes great responsibility.

Joe Marton Emeritus Knowledge Partner
0 Likes
Knowledge Partner
Knowledge Partner

Re: Tracking Laptops

I'm not aware of any mechanism to do that. I mean unless someone comes up with a Zen for Humans (haha).

NAC, at best, could keep the laptop off the network (or technically segregated onto some portion of your network) if it's not been on in X days, etc.

But I don't believe there's any sort of software, etc. that can "make" a user bring their laptop into the network or power it on every X days to connect and get updates, etc.
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Tracking Laptops

On Wed, 06 Jan 2010 20:56:01 +0000, kjhurni wrote:

> NAC, at best, could keep the laptop off the network (or technically
> segregated onto some portion of your network) if it's not been on in X
> days, etc.


Yeah but is there a NAC solution where there's some sort of NAC agent on
the laptop where you push policies, and possibly configure the policy
that if the agent hasn't contacted the server in X days then the laptop
is essentially disabled? That seems like theoretically it should be
feasible.



--
Joe
With great power comes great responsibility.

Joe Marton Emeritus Knowledge Partner
0 Likes
Knowledge Partner
Knowledge Partner

Re: Tracking Laptops

I'm not aware of any NAC that'll disable the laptop entirely to prevent you from using it offline, although the original question was:

"I want to make sure laptops that we provide get brought in and actually
connected to our network every so often (so our AV, Zenworks, WSUS, etc can
"discover" and manage them). Anyone know of a way to make sure this happens?"

I don't believe the McAfee or Cisco NAC solutions disable the laptop or prevent one from using it offline. Just that they theoretically prevent it from connecting to your LAN if they're not up to date or whatever (if it's disabled then how are you going to get it to be on the network to re-enable it again?)

I'm not sure if you could use some sort of "lo-jack" technology to shut off a device that's not been on your network for X days (assuming it's got some sort of wi-fi or whatever and has been powered on).

Like a self-destruct timer that gets reset every time you put it on the network. Now that would be funny. Could you "force" someone to bring a laptop in? Probably not. Could you "get" them to MAYBE bring it in? Probably. Maybe even use a scheduled task to reformat the drive or overlay an image from a hidden partition if they don't bring it in to reset the schedule. Would LOVE to see someone get away with that. (now I'm getting evil ideas, but we'd never be allowed to use them).

We have people that leave their laptops around for months (at home, etc.) and never use them and then maybe bring it in 9 months later and wonder why they have 900 reboots to go through (hehe). Even though policy says they have to bring it in every 30 days.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Tracking Laptops

> I want to make sure laptops that we provide get brought in and actually
> connected to our network every so often (so our AV, Zenworks, WSUS, etc
> can "discover" and manage them). Anyone know of a way to make sure this
> happens? Maybe disable user accounts on the local machine if they haven't
> been logged
> into the network for so long, or lock the device. If it's something Zen
> can do, I'll gladly move it to that forum, just looking for a starting
> point. Thanks!


Checkpoint offers 'Secure Client'. Basically checks various softwares for
versions before allowing network access. Does require a Checkpoint firewall
I believe.

0 Likes
islander Absent Member.
Absent Member.

Re: Tracking Laptops

Adam:

If nothing else, you could try the low-tech option of adding a batch
file that executes at startup that pops up a graphic image reminder
every x minutes after x number of days to bring the laptop in to the
network. Then you could have a batch file that activates when they log
into the network that resets the batch file on the laptop.

Most people are clueless about batch files anymore, so even those who
are more than just noobs and have some computer savy might not think to
check for something like a batch file. And if you hide it, they'll
probably never find it. : )

--
Susan
Novell Community Chat Moderator

http://support.novell.com/forums/faq_rules.html
http://www.ncci.org NCCIrregulars Web Site



Susan Novell Community Chat Moderator http://forums.novell.com/faq.php?faq=novfor#faq_rules http://www.ncci.org NCCIrregulars Web Site
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Tracking Laptops

On Wed, 06 Jan 2010 21:56:01 +0000, kjhurni wrote:

> I don't believe the McAfee or Cisco NAC solutions disable the laptop or
> prevent one from using it offline.


I didn't know if they did. Just throwing it out as a theoretical for
someone to look into. 🙂

There's also the Novell Endpoint Security stuff... no idea what it does.
Might be another solution to investigate.

--
Joe
With great power comes great responsibility.

Joe Marton Emeritus Knowledge Partner
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Tracking Laptops

On Thu, 07 Jan 2010 03:05:18 +0000, Susan wrote:

> If nothing else, you could try the low-tech option of adding a batch
> file that executes at startup that pops up a graphic image reminder
> every x minutes after x number of days to bring the laptop in to the
> network. Then you could have a batch file that activates when they log
> into the network that resets the batch file on the laptop.


Could even get more extravagant... create a .reg file containing all the
keys to lock down the laptop (stuff that grouppol would do), and use the
batch files to determine if the .reg file should execute or not based on
dates which are updated whenever the laptop logs into the network.



--
Joe
With great power comes great responsibility.

Joe Marton Emeritus Knowledge Partner
0 Likes
adrockk Contributor.
Contributor.

Re: Tracking Laptops

>>> kjhurni<kjhurni@no-mx.forums.novell.com> wrote:
> Like a self-destruct timer that gets reset every time you put it on the
> network. Now that would be funny. Could you "force" someone to bring a
> laptop in? Probably not. Could you "get" them to MAYBE bring it in?
> Probably. Maybe even use a scheduled task to reformat the drive or
> overlay an image from a hidden partition if they don't bring it in to
> reset the schedule. Would LOVE to see someone get away with that. (now
> I'm getting evil ideas, but we'd never be allowed to use them).
>


Well, I'm thinking more of disabling all the user accounts except
administrator on the laptop. I don't wanna get into support, but I was
thinking about making DLU users volatile with cache times of like 30 or 60
days, that way if they don't log into zen for that long, poof - profile goes
away. <EG>

I actually discussed that with the PHB, and even brought up the idea that
things saved locally on the laptop would cease to be (within the profile).
He winced a bit, but he didn't entirely hate the idea. <VBEG>

0 Likes
adrockk Contributor.
Contributor.

Re: Tracking Laptops

>>> Joseph Marton<jmarton@no-mx.forums.novell.com> wrote:
> On Thu, 07 Jan 2010 03:05:18 +0000, Susan wrote:
>
>> If nothing else, you could try the low‑tech option of adding a batch
>> file that executes at startup that pops up a graphic image reminder
>> every x minutes after x number of days to bring the laptop in to the
>> network. Then you could have a batch file that activates when they log
>> into the network that resets the batch file on the laptop.

>
> Could even get more extravagant... create a .reg file containing all the
>
> keys to lock down the laptop (stuff that grouppol would do), and use the
>
> batch files to determine if the .reg file should execute or not based on
>
> dates which are updated whenever the laptop logs into the network.
>
>



Intriguing. Maybe something in the Novell login script to write the login
date to a text file, then the windows login script or scheduled task to
check it, and if it's >60 days past, use box.exe to nag them to death (like
every 30 minutes <g>). Maybe I could find a command to disable their
account... Nothing destructive, but the first would annoy them to death, and
the latter would prevent access to the laptop. I'll investigate, Thanks
Susan and Joe.

0 Likes
Knowledge Partner
Knowledge Partner

Re: Tracking Laptops

Be careful about the preventing access to the laptop. I don't know your environment but that would never fly here because of all the "important" people that would b***h up a storm if they couldn't use their laptop while they're on a plane/train/etc even if they should've brought it in every 30 days.
0 Likes
adrockk Contributor.
Contributor.

Re: Tracking Laptops

>>> kjhurni<kjhurni@no-mx.forums.novell.com> wrote:

> Be careful about the preventing access to the laptop. I don't know your
> environment but that would never fly here because of all the "important"
> people that would b***h up a storm if they couldn't use their laptop
> while they're on a plane/train/etc even if they should've brought it in
> every 30 days.
>



I'm in a K12 school district, so not too many business travelers here, but
the people who have laptops are coordinators and administrators: the people
I like playing BOFH the most with. They have laptops to be able to work from
home or intra-district, but I can't think of much around here that can't
wait till morning.
The funny thing is, if we make a policy about updates or bringing a laptop
in every so often, then we have to enforce it; and we can get dinged hard if
we don't. In the state comptroller's eyes, the act of users defying the
policy is a slight offense compared to the district not actively enforcing
it.

This is why sometimes it's cost prohibitive to provide technology in a
public school/setting. The cost of the tech is feasible, but it has to be
regulated and audited so closely that the management is nigh impossible. The
NY State comptroller's office spent upwards of $90 million doing a state
wide policy and spending audit over the last 4-5 years. Throughout the
entire audit, they saved under $10 million.

0 Likes
islander Absent Member.
Absent Member.

Re: Tracking Laptops

Yep, lots of things can be done. In the old DOS days, you could turn
the display into blue on blue so nothing could be seen. <G>

--
Susan
Novell Community Chat Moderator

http://support.novell.com/forums/faq_rules.html
http://www.ncci.org NCCIrregulars Web Site



Susan Novell Community Chat Moderator http://forums.novell.com/faq.php?faq=novfor#faq_rules http://www.ncci.org NCCIrregulars Web Site
0 Likes
islander Absent Member.
Absent Member.

Re: Tracking Laptops

You're welcome. : )

--
Susan
Novell Community Chat Moderator

http://support.novell.com/forums/faq_rules.html
http://www.ncci.org NCCIrregulars Web Site



Susan Novell Community Chat Moderator http://forums.novell.com/faq.php?faq=novfor#faq_rules http://www.ncci.org NCCIrregulars Web Site
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.