Kaseya Community

Stolen Laptop

  • Ben, Thanks for posting the scripts from Kaseya Connect.  A customer had a laptop stolen and I was able to make good use of your recommendations.

    I was doing some internal testing of your scripts and had 2 small problems.

    I get the following message on the endpoint when running the script to collect a webcam picture.  Have you seen that before?


    Also, the script that collects webcam video saves the video upside down.


    Both of these are very minor issues as I don't plan to run the webcam scripts on any stolen laptops because of the potential legal issues, but I just wanted to mention it.

    In my testing, I was able to find the location of test machines easily using the WiFi information script.

    Thanks again for providing these scripts!

  • I had been meaning to update this thread since Connect.

    I had fun over the years working with folks on stolen laptops directly, but the cat is now out of the bag and my fun is over :)

    You can head to the resources section to grab some procedures and a word doc that guides you through some initial practices when a laptop is swiped:

    community.kaseya.com/.../86509.aspx

    On the webscr issue, see if extracting msvbm50.zip to your agent working folder (typically C:\kworking) helps. If it doesn't, there won't be much that can be done to fix it. Webscr is a very old binary, often caught by AV software, and when I periodically scour Google for a replacement I haven't had any luck coming up with anything.

  • Thanks, Ben.  I am willing to bet it's caught by AV.  I am not too worried about it as I don't plan on using it in production.  I don't need to worry about the legalities of that!

  • Has anyone ever tried Prey?  We use it and it works great.  You can even use it on cell phone and tablets.  It could be just me but if something is stolen time is of the essence, I wouldn't have to be trying to put some scripts together and hope they work.

  • The only process that is a little dicey is the webcam capture, for multiple reasons - the primary one being the fact that you're flashing the LED on the screen for the thief to see.

    I have been getting stolen laptops back with Kaseya before Prey even existed as a company :)

  • I need the same thing.  I notice the answer isn't here. instead someone friends someone and then they work outside this forum.  Can someone please help me?  Two MACS need to be wiped remotely if they check in.  Thank you.

  • Ben no longer works for Kaseya, but posted his awesome beefed up version of Ben's scripts for all to peruse.  I believe the are focused on gathering information for the purpose of recovering the assets rather than trying to wipe the machines, but I could be mistaken.

    community.kaseya.com/.../86575.aspx



    clarified
    [edited by: Andrew Underwood at 7:51 AM (GMT -8) on Mar 3, 2016]
  •  Thank you for pointing in the right direction!

    One slight clarification at this time, , actually does work for Kaseya again (Hopefully, I am not stealing his thunder).

     - if you have any issues with the scripts Ben or Brian uploaded, please let us know.

  • Welcome back !

  • Guys,

    Please forgive my ignorance. I have followed the steps in the "Read Me" Copied the sqlread and SLEM folders to the appropriate directories. Imported the XML and edited the email address.

    What do I do next?

    Thanks for being patient.

    Mark

  • I managed to get the script working but the collected data doesn't present itself in the Documents folder under Audit.

    How does one troubleshoot this ?

  • Does anyone have this script available for download?  When i try it downloads an empty zip file

  • Try this: http://community.kaseya.com/resources/m/knowexch/86575.aspx

  • I have been looking for a script to use in the SAAS environment for this same problem.. Stolen laptop, whatever information we can get would be a help.

  • I would create a  silent install  Prey Project https://www.preyproject.com/ script (not sure if we are allowed to post links).  Soon as it's reported have it run on next check in.  I also recommend having a destroy profiles script handy in the case of stolen computers.  If you have vpro or similar enterprise features you can run a script to have the system check in even if reformatted if the firmware is built into the lan port.