Obtaining hardware from terminated remote employee
-
@magicmarker said in Obtaining hardware from terminated remote employee:
When they can't open IE, Chrome, Firefox, or Office apps the laptop becomes pretty useless.
LOL, what does that take, five minutes to work around? Not much of a deterent.
-
@scottalanmiller said in Obtaining hardware from terminated remote employee:
@magicmarker said in Obtaining hardware from terminated remote employee:
When they can't open IE, Chrome, Firefox, or Office apps the laptop becomes pretty useless.
LOL, what does that take, five minutes to work around? Not much of a deterent.
We are talking about a standard user with no admin rights. The Sophos policies will block all browsers, office applications, USB ports, and PDF readers on a per device policy. Why would a standard user have a work around for this in 5 minutes? At that point the users only option is hire a tech to slave the drive and copy the data. The Sophos policies just make it harder to use the pc after they are terminated.
-
@magicmarker said in Obtaining hardware from terminated remote employee:
@scottalanmiller said in Obtaining hardware from terminated remote employee:
@magicmarker said in Obtaining hardware from terminated remote employee:
When they can't open IE, Chrome, Firefox, or Office apps the laptop becomes pretty useless.
LOL, what does that take, five minutes to work around? Not much of a deterent.
We are talking about a standard user with no admin rights. The Sophos policies will block all browsers, office applications, USB ports, and PDF readers on a per device policy. Why would a standard user have a work around for this in 5 minutes? At that point the users only option is hire a tech to slave the drive and copy the data. The Sophos policies just make it harder to use the pc after they are terminated.
Reinstall OS, done. Possibly reflash BIOS/UEFI if that is locked down. That's at the longest possible time. I've forcibly removed a locked down Sophos without benefit of the unlock code before. 5 minutes is a little long for that in my personal opinion.
-
@travisdh1 said in Obtaining hardware from terminated remote employee:
@magicmarker said in Obtaining hardware from terminated remote employee:
@scottalanmiller said in Obtaining hardware from terminated remote employee:
@magicmarker said in Obtaining hardware from terminated remote employee:
When they can't open IE, Chrome, Firefox, or Office apps the laptop becomes pretty useless.
LOL, what does that take, five minutes to work around? Not much of a deterent.
We are talking about a standard user with no admin rights. The Sophos policies will block all browsers, office applications, USB ports, and PDF readers on a per device policy. Why would a standard user have a work around for this in 5 minutes? At that point the users only option is hire a tech to slave the drive and copy the data. The Sophos policies just make it harder to use the pc after they are terminated.
Reinstall OS, done. Possibly reflash BIOS/UEFI if that is locked down. That's at the longest possible time. I've forcibly removed a locked down Sophos without benefit of the unlock code before. 5 minutes is a little long for that in my personal opinion.
The user still needs to hire a @travisdh1 to do that for them. It's still annoying to them. Users are not going to know how to slave a drive and re-install an OS. So factor in the users time to find a computer tech and then pay for the work to be done. It's not 5 minutes.
-
There's Absolute Security. But that's more for securing your devices than obtaining your hardware.
You can lockdown and track the device location but that doesn't mean you will get your equipment back.https://www.absolute.com
https://www.absolute.com/platform/editions/From Dell
https://www.dell.com/learn/us/en/04/help-me-choose/hmc-absolute-computrace -
@black3dynamite said in Obtaining hardware from terminated remote employee:
There's Absolute Security. But that's more for securing your devices than obtaining your hardware.
You can lockdown and track the device location but that doesn't mean you will get your equipment back.https://www.absolute.com
https://www.absolute.com/platform/editions/From Dell
https://www.dell.com/learn/us/en/04/help-me-choose/hmc-absolute-computraceGreat point. I wanted to look into those programs. The Sophos block policy isn’t going to get me very far in getting the hardware back. At least I feel like I still won since they can’t freely use the laptop without wiping and reloading the OS. My point is that the pc becomes more useless to the employee. They MAY be more inclined to return it.
-
Hardware is not worth the fucking time to get back.
If the company thinks wasting man hours on that is a good idea the company is insane
-
@JaredBusch said in Obtaining hardware from terminated remote employee:
Hardware is not worth the fucking time to get back.
If the company thinks wasting man hours on that is a good idea the company is insane
Thank you! I completely agree. Trying to convince my company this idea is difficult for me right now.
-
After all that, why doesn’t the company work on something like an RDS or Terminal to Server system that way the data and application is not on the user’s machine? Or even better think about a web app or anything that doesn’t depend on your hardware.
Also you might be able to disable tamper protection on the client for Sophos however the best thing for someone using Sophos Central is to have the MDM to allow the wipe of the computer, it will wipe the minute that computer hits the internet. Also the Sophos lockdown with the agent is very annoying but I have gotten it to work for the reasons this topic started but HR took care of getting the laptop back and not IT.
-
We are going through the same in our company. What we do is Jamf lock the systems so they are unusable and ship them boxes and return labels.
I reached out to our legal department about holding back pay, but it is illegal because it is for work performed. What we did discover is that we could deduct the cost of the equipment from the paycheck, but we have not done that yet.
Currently, my team (IT) is FedEx-ing an empty laptop box and bubble wrap, tape, etc... To each employee. My employees and are keep stock of boxes and packing materials in our homes. What I would like to find to alleviate the workload to my team, is a site that we could order and ship directly to the user the packing materials. I know Fedex sells the laptop boxes in store, but does not ship it.
-
@Eve6 said in Obtaining hardware from terminated remote employee:
I reached out to our legal department about holding back pay, but it is illegal because it is for work performed. What we did discover is that we could deduct the cost of the equipment from the paycheck, but we have not done that yet.
You can, in theory, in certain states, but you want to be really, really sure that a court will agree that they don't own the equipment. Many companies leave it pretty unclear who owns what.
-
@scottalanmiller said in Obtaining hardware from terminated remote employee:
Can't do that legally for US employees though, in most cases.
I worked a place that kept your first week's wages as a deposit against hardware (yes, this is weirdly legal at least in Texas).
Eventually, it got silly as more and more of the office switched to BOYD (The rule dated back to when they issued $600 smart phones and laptops that cost 2K).
This was technically in the signed work contract but many people angrily found out about it after their first paycheck was kinda "light". -
@JaredBusch said in Obtaining hardware from terminated remote employee:
Hardware is not worth the fucking time to get back.
If the company thinks wasting man hours on that is a good idea the company is insane
While I largely agree, our R&D laptops are ~2-3K a pop. (fully max spec' MPB or XPS with onsite repair agreements).
I did hear we have started on the Mac's using DEP, so the device will auto-enroll in MDM even if the device is wiped.
https://support.apple.com/en-us/HT204142 -
@StorageNinja said in Obtaining hardware from terminated remote employee:
@JaredBusch said in Obtaining hardware from terminated remote employee:
Hardware is not worth the fucking time to get back.
If the company thinks wasting man hours on that is a good idea the company is insane
While I largely agree, our R&D laptops are ~2-3K a pop. (fully max spec' MPB or XPS with onsite repair agreements).
I did hear we have started on the Mac's using DEP, so the device will auto-enroll in MDM even if the device is wiped.
https://support.apple.com/en-us/HT204142Makes no sense developing on a laptop IMHO - unless you're talking about another kind of R&D in another field.
On our team we remote into development servers and all development and testing is run there. Which means the computer you're actually sitting in front of just needs to be able to run a browser, rdp, ssh etc. So any machine suitable for general office work would get the job done. So no 2-3K laptops needed for development, even if that is not the primary reason. I kind of assumed everyone worked that way but haven't actually given it much thought until now.
-
@Pete-S said in Obtaining hardware from terminated remote employee:
@StorageNinja said in Obtaining hardware from terminated remote employee:
@JaredBusch said in Obtaining hardware from terminated remote employee:
Hardware is not worth the fucking time to get back.
If the company thinks wasting man hours on that is a good idea the company is insane
While I largely agree, our R&D laptops are ~2-3K a pop. (fully max spec' MPB or XPS with onsite repair agreements).
I did hear we have started on the Mac's using DEP, so the device will auto-enroll in MDM even if the device is wiped.
https://support.apple.com/en-us/HT204142Makes no sense developing on a laptop IMHO - unless you're talking about another kind of R&D in another field.
On our team we remote into development servers and all development and testing is run there. Which means the computer you're actually sitting in front of just needs to be able to run a browser, rdp, ssh etc. So any machine suitable for general office work would get the job done. So no 2-3K laptops needed for development, even if that is not the primary reason. I kind of assumed everyone worked that way but haven't actually given it much thought until now.
I haven't really seen anyone do this other than CAD work. Everywhere I've been it's local development, possibly using Eclipse Che or Coder or something for a remote IDE but still local.
VSCode and JetBrains tools allow you to include your development environment in a container. So when you open the project it will open inside of a container with all of the dependencies included. That's the best workflow ive seen so far.
-
@stacksofplates said in Obtaining hardware from terminated remote employee:
@Pete-S said in Obtaining hardware from terminated remote employee:
@StorageNinja said in Obtaining hardware from terminated remote employee:
@JaredBusch said in Obtaining hardware from terminated remote employee:
Hardware is not worth the fucking time to get back.
If the company thinks wasting man hours on that is a good idea the company is insane
While I largely agree, our R&D laptops are ~2-3K a pop. (fully max spec' MPB or XPS with onsite repair agreements).
I did hear we have started on the Mac's using DEP, so the device will auto-enroll in MDM even if the device is wiped.
https://support.apple.com/en-us/HT204142Makes no sense developing on a laptop IMHO - unless you're talking about another kind of R&D in another field.
On our team we remote into development servers and all development and testing is run there. Which means the computer you're actually sitting in front of just needs to be able to run a browser, rdp, ssh etc. So any machine suitable for general office work would get the job done. So no 2-3K laptops needed for development, even if that is not the primary reason. I kind of assumed everyone worked that way but haven't actually given it much thought until now.
I haven't really seen anyone do this other than CAD work. Everywhere I've been it's local development, possibly using Eclipse Che or Coder or something for a remote IDE but still local.
VSCode and JetBrains tools allow you to include your development environment in a container. So when you open the project it will open inside of a container with all of the dependencies included. That's the best workflow ive seen so far.
I've seen, but never tried myself, a remote option in VSCode. I just saw it in an article the other day. Interested to try it out.
-
@stacksofplates said in Obtaining hardware from terminated remote employee:
I haven't really seen anyone do this other than CAD work.
We actually do it some for development.
-
@StorageNinja said in Obtaining hardware from terminated remote employee:
@scottalanmiller said in Obtaining hardware from terminated remote employee:
Can't do that legally for US employees though, in most cases.
I worked a place that kept your first week's wages as a deposit against hardware (yes, this is weirdly legal at least in Texas).
Eventually, it got silly as more and more of the office switched to BOYD (The rule dated back to when they issued $600 smart phones and laptops that cost 2K).
This was technically in the signed work contract but many people angrily found out about it after their first paycheck was kinda "light".Might be legal in Texas, but AFAIK violates federal law. Texas can't change federal law and that sounds like a disaster just waiting for someone to get a better lawyer.
-
@scottalanmiller said in Obtaining hardware from terminated remote employee:
@stacksofplates said in Obtaining hardware from terminated remote employee:
@Pete-S said in Obtaining hardware from terminated remote employee:
@StorageNinja said in Obtaining hardware from terminated remote employee:
@JaredBusch said in Obtaining hardware from terminated remote employee:
Hardware is not worth the fucking time to get back.
If the company thinks wasting man hours on that is a good idea the company is insane
While I largely agree, our R&D laptops are ~2-3K a pop. (fully max spec' MPB or XPS with onsite repair agreements).
I did hear we have started on the Mac's using DEP, so the device will auto-enroll in MDM even if the device is wiped.
https://support.apple.com/en-us/HT204142Makes no sense developing on a laptop IMHO - unless you're talking about another kind of R&D in another field.
On our team we remote into development servers and all development and testing is run there. Which means the computer you're actually sitting in front of just needs to be able to run a browser, rdp, ssh etc. So any machine suitable for general office work would get the job done. So no 2-3K laptops needed for development, even if that is not the primary reason. I kind of assumed everyone worked that way but haven't actually given it much thought until now.
I haven't really seen anyone do this other than CAD work. Everywhere I've been it's local development, possibly using Eclipse Che or Coder or something for a remote IDE but still local.
VSCode and JetBrains tools allow you to include your development environment in a container. So when you open the project it will open inside of a container with all of the dependencies included. That's the best workflow ive seen so far.
I've seen, but never tried myself, a remote option in VSCode. I just saw it in an article the other day. Interested to try it out.
It works really well, at least for the Go projects I work on. Everyone having the same extensions and environments is really nice.
-
@stacksofplates said in Obtaining hardware from terminated remote employee:
@Pete-S said in Obtaining hardware from terminated remote employee:
@StorageNinja said in Obtaining hardware from terminated remote employee:
@JaredBusch said in Obtaining hardware from terminated remote employee:
Hardware is not worth the fucking time to get back.
If the company thinks wasting man hours on that is a good idea the company is insane
While I largely agree, our R&D laptops are ~2-3K a pop. (fully max spec' MPB or XPS with onsite repair agreements).
I did hear we have started on the Mac's using DEP, so the device will auto-enroll in MDM even if the device is wiped.
https://support.apple.com/en-us/HT204142Makes no sense developing on a laptop IMHO - unless you're talking about another kind of R&D in another field.
On our team we remote into development servers and all development and testing is run there. Which means the computer you're actually sitting in front of just needs to be able to run a browser, rdp, ssh etc. So any machine suitable for general office work would get the job done. So no 2-3K laptops needed for development, even if that is not the primary reason. I kind of assumed everyone worked that way but haven't actually given it much thought until now.
I haven't really seen anyone do this other than CAD work. Everywhere I've been it's local development, possibly using Eclipse Che or Coder or something for a remote IDE but still local.
VSCode and JetBrains tools allow you to include your development environment in a container. So when you open the project it will open inside of a container with all of the dependencies included. That's the best workflow ive seen so far.
I believe you and find it very interesting. Wov. If that's how most people work, I'm just blown away. I assumed everyone was remote and had full on development and test environments at their disposal.
