Sign in with
Sign up | Sign in
Your question
Solved

Laptop rollout: looking for security advice

Tags:
  • Laptops
  • Security
  • Business Computing
  • Software
Last response: in Business Computing
Share
February 1, 2014 8:27:22 AM

Hi all,

I've been put in charge of rolling out and building (software wise) new laptops for the company and although I've got the software working fine and dandy (I build from a WDS server) I would like to improve the security practices on client devices.

I have bitlocker enabled using TPM for unlocking, with recovery keys backed up to AD.
Antivirus is also included in the build, Windows updates are automatic without the need for admin rights.Are there any other features or practices I could add or change to improve security?

Although we have a record of what laptops (serial numbers, hostnames) are assigned to what staff members the laptops are going out unlabelled. Ideally I'd like to label them so I can identify what the laptop is called but am unsure if having the hostname stickered on the laptop is a security risk when staff are working at, say a coffee shop with public wifi. Is this why IT departments stick asset/hostname stickers on the inside of the laptop on the screen bezel?

More about : laptop rollout security advice

a b D Laptop
February 1, 2014 9:42:56 AM

Hi

How about a big red security sticker with Black printing
Stating-
Encrypted laptop property of xyz corp
A phone number and a. Serial number
+ a zip code or post code or equivalent

Sticker should be hard to remove
Possibly a pair one on top other on bottom

Keep a excel database matching
Label serial number with other details

If bios supports prey or similar tracing software enable it


I presume you have set bios Uefi master password for administrators and
optionally power on password ( I use the hard disk password) for user

Regards

Mike Barnes
m
0
l

Best solution

February 2, 2014 6:11:51 PM

You could always add a small label to the bezel just below the screen. This is how I have instructed people to label our laptops. If someone gains physical access to the device you have more to worry about than the computer name being shown.

Also, many times the labels are placed on the inside so that they do not become scuffed up and destroyed as quickly. If placed on the outside, it can be subjected to forces such as a laptop bag, fingernails, books being thrown on top of it, etc.
Share
!