# Remotely lock Windows computer ## How to lock Windows computers remotely with Endpoint Central The increased mobility of endpoints has significantly enhanced productivity. However, it also raises the likelihood of losing or misplacing computers. When a computer is lost or misplaced, there is a heightened risk of sensitive data exposure if accessed by an unauthorized outsider or threat actor. Endpoint Central enables the remote enforcement of measures to secure sensitive data on lost computers. If a managed computer is lost or missing, you can activate a lock on the computer remotely. Upon boot-up, a dialogue box prompts the user to enter an authenticator passcode, restricting access to authorized individuals only. Even when the operating system is reinstalled, the authenticator passcode is necessary to unlock the computer. This security measure ensures that the computer remains safeguarded against potential threats from malicious actors or outsiders. ### Supported OS - Windows 11 Pro, Enterprise, Education editions - Windows 10 Pro, Enterprise, Education editions - Windows 8.1 Pro and Enterprise editions - Windows 8 Pro and Enterprise editions - Windows 7 Ultimate and Enterprise editions - Windows 7 Vista Ultimate and Enterprise editions - Windows Server 2008 and above ### Steps to enable lost mode Step 1 - [Download the script](https://www.manageengine.com/products/desktop-central/Windows-remote-lock-script.ps1) and provide the preferred authorization passcode in the second line of the script, which will be indicated as 'password.' For example, if the passcode is 1234567, edit it as $password ="1234567". **Note:** Ensure to execute lost mode only when you are certain the computer is lost. Before executing the script on a computer, run the script on a test machine for confirmation. Step 2 - On the Endpoint Central console, click on Configurations tab and navigate to **Add Configurations**. Under **Configuration**, opt for **Custom Script** in the Windows category, and select the **Computer** icon. Step 3 - Specify the **Name** and **Description** of the configuration. Step 4 - In the **Configure Custom Script** section, select the script from the repository (Learn more about [creating custom scripts](https://www.manageengine.com/products/desktop-central/custom-scripts.html) in the script repository). Step 5 - Specify the execution privilege as the System User under the Run As option. Step 6 - Define the target computer by selecting the **Remote Office** or **Domain** and choosing the target computer from the list. Step 7 - Select the **Deploy** option to execute the script in the target computer. Step 8 - Once the computer is found, you will be required to enter the lost mode passcode on every Windows boot up. **Is it possible to deactivate the authenticator passcode, allowing a user to use the computer without entering the passcode each time?** Log in to the target computer using the authenticator passcode and disable BitLocker from the Control Panel. User can now access the computer without entering the lost mode passcode. **Does Endpoint Central store the authenticator passcode of the lost computer after executing the script?** No, the authenticator passcode will not be stored in Endpoint Central. It is recommended for admins to manage carefully and store it.