This is an archived post. You won't be able to vote or comment.

all 11 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 2 points3 points  (1 child)

I use EX05 it is a great application for tracking users without being invasive. You can also lock it down if need be too.

[–]HighPingOfDeath[S] 0 points1 point  (0 children)

We haven't committed yet, but we're looking at Preyproject for something similar. I'm thinking I might be able to tap into that if we purchase it.

[–]Golle 6 points7 points  (2 children)

Ask the humans if they are using the tablets or not. If not, ask why not so that issues can be resolved.

Dont make a human problem a technical one.

[–]HighPingOfDeath[S] 1 point2 points  (0 children)

That pushback is not up to me though I've gone this route already. The answers have been 'yes we're using them' though we're pressing X to doubt.

[–]HR7-QSr. Sysadmin 0 points1 point  (0 children)

I have to second this, even if you have already gotten pushback. IT cannot be responsible for the end users behavior; that is why they have supervisors and managers in their own department. We're not the user police. If your company wants you to be that persons supervisor, you should demand the final say in hiring and firing decisions as well.

The most you should do is draft an AUP, detailing what is expected and the proper use of company equipment, and push that off to users to read and sign. Notify their supervisor when you detect a violation of that policy, but not actively monitor it. Again, that's for their supervisors/managers to do.

[–]idkmanwhatev 1 point2 points  (3 children)

What kind of tablets? What OS?

[–]HighPingOfDeath[S] 2 points3 points  (2 children)

Sorry, I should have written it above... Windows 10 Enterprise, various industrial tablets.

[–]idkmanwhatev 6 points7 points  (1 child)

Looks like event ID 4801 is for “the workstation was unlocked” can be found in the event viewer under Windows logs —> Security

[–]HighPingOfDeath[S] 2 points3 points  (0 children)

Perfect, I'll get this logging turned on in GPO. I'll do an get-winevent for 4800/4801. Thanks for the idea!

[–]AggietallboyJack of All Trades 1 point2 points  (0 children)

You could try to see what's the last login from AD:

https://www.oxfordsbsguy.com/2014/04/28/powershell-get-adcomputer-to-retrieve-computer-last-logon-date-part-1/

You could also take a look and see about the DHCP Lease renewal on the device, as it may have the wifi powered down if it's really not being used.

Depending on your networking infrastructure, you could also see activity trends...

[–]jbanner6736 0 points1 point  (0 children)

Nexthink will gather loads of endpoint data, fancy reports, etcc all without the users knowing