Free Edition The increased mobility of endpoints has significantly enhanced productivity. However, it also raises the likelihood of losing or misplacing computers. When a computer is lost or misplaced, there is a heightened risk of sensitive data exposure if accessed by an unauthorized outsider or threat actor. Endpoint Central enables the remote enforcement of measures to secure sensitive data on lost computers.
If a managed computer is lost or missing, you can activate a lock on the computer remotely. Upon boot-up, a dialogue box prompts the user to enter an authenticator passcode, restricting access to authorized individuals only. Even when the operating system is reinstalled, the authenticator passcode is necessary to unlock the computer. This security measure ensures that the computer remains safeguarded against potential threats from malicious actors or outsiders.
Step 1 - Download the script and provide the preferred authorization passcode in the second line of the script, which will be indicated as 'password.' For example, if the passcode is 1234567, edit it as $password ="1234567".
Note: Ensure to execute lost mode only when you are certain the computer is lost. Before executing the script on a computer, run the script on a test machine for confirmation.
Step 2 - On the Endpoint Central console, click on Configurations tab and navigate to Add Configurations. Under Configuration, opt for Custom Script in the Windows category, and select the Computer icon.
Step 3 - Specify the Name and Description of the configuration.
Step 4 - In the Configure Custom Script section, select the script from the repository (Learn more about creating custom scripts in the script repository).
Step 5 - Specify the execution privilege as the System User under the Run As option.
Step 6 - Define the target computer by selecting the Remote Office or Domain and choosing the target computer from the list.
Step 7 - Select the Deploy option to execute the script in the target computer.
Step 8 - Once the computer is found, you will be required to enter the lost mode passcode on every Windows boot up.
Is it possible to deactivate the authenticator passcode, allowing a user to use the computer without entering the passcode each time?
Log in to the target computer using the authenticator passcode and disable BitLocker from the Control Panel. User can now access the computer without entering the lost mode passcode.
Does Endpoint Central store the authenticator passcode of the lost computer after executing the script?
No, the authenticator passcode will not be stored in Endpoint Central. It is recommended for admins to manage carefully and store it.