Local council finds better way to track lost laptops

Bracknell Forest Borough Council has adopted a new service to monitor user activities and wipe systems if they are lost or stolen.

A local council has managed to limit the potential damage from the loss of a laptop by installing a system that allows the machine to be disabled remotely.

Bracknell Forest Borough Council has adopted the Computrace service from Absolute Software Corp. in order to monitor what users are doing with their machines, and also to wipe systems if they are lost or stolen.

Richard Dawson, IT service manager for the council, says he was first introduced to the Computrace product by Dell, which supplies all the council's laptops and embeds the Computrace agent in the BIOS of all its machines.

"We just looked at it and thought it was fantastic, and at £60 per machine for the whole lifetime of the machine, we thought it was a no-brainer," says Dawson.

After performing a few trials and remote-detonating a set of laptops, Dawson claims he saw the benefits of being able to monitor laptops remotely, and then decided to apply the technology across the whole estate of 400 machines.

For existing machines, Dawson says installation is easily done by sending out a small piece of client software either by email to the user, or as a remote installation.

"They just install the little TSR (Terminate and Stay Resident) program, update the device and it's live from then," he says.

New machines from Dell come pre-installed with the Computrace software built-in, which means that Dawson is able to trace machines even before he has received them. "I can monitor the delivery chain as well -- once the machines have been built, I can track them. So if one disappears off the back of a lorry, I still have visibility of it."

With the agent installed now on all machines, he says he can get a detailed view of what users are doing with systems. Each time a laptop connects to the Internet for any reason, the agent feeds back information about it to the central server operated by Absolute.

Dawson can log in via a secure Web portal to inspect the state of all 400 machines. "I can see what software is on them, and when [users] last checked in, for instance," he says.

This has delivered some side benefits. For instance, the system showed that a couple of people had not logged on for a while and really didn't need their laptops.

"I called them up and said 'You don't actually use that machine, do you?' to which they replied, 'No, it's in a cupboard.' It means we can get back unused machines for our centralised loan stock. And it also means I have lower capital refresh year-on-year," he adds.

On another occasion, the system helped him to trace a stolen machine, as he explains: "The monitor allows me to spot any machines that look a bit odd. For instance, I saw one just recently that was one of ours, a brand-new machine but it didn't have the standard Bracknell machine name. It turned out the machine had been stolen and renamed. We managed to retrieve that one through an internal process."

In another case, Dawson's team discovered that three machines that had gone for disposal -- and which should have been properly wiped -- were still loaded with the standard Bracknell systems image, including operating system and a copy of Microsoft Office. "We remote-detonated those. As soon as those laptops hit the Internet, Absolute sent a little 'Kill' command to the software, and it reformatted the machines and rendered them inoperable."

The system also enables him to enforce policy, for instance, ensuring users do not run banned applications such as iTunes and Limewire.

Dawson describes the Computrace agent as "a great safety net" which provides him with constant feedback on what is happening. "Beforehand, as soon as I'd given someone a £1,300 asset, I wouldn't see it again unless it had a fault or I called it back in. Now, I have visibility of my portable computer estate," he says.

The only weakness in the system is that the laptop has to connect to the Internet to be wiped by the system. But Dawson says they are now looking to close that particular loophole with hard-drive encryption.

"Most of our users do not have classified data. And our applications that have classified data do not allow you to store data locally, using VPN and terminal services," he adds.

Dawson compares it to putting insurance on a mobile phone for theft. "It's just £60 over the lifetime of the machine; it's a very small proportion of the total cost of the unit."

Read more on Application security and coding requirements