Laptop stolen 1024x576

Stolen Laptop Script Pack

Pack of script to monitor stolen laptop

Description

This pack of procedure will allow to retrieve different informations from the stolen laptop. You will be able to get a dekstop screenshot, get a picture from the camera, get a short video, retrieve the list of available wireless network and monitor IP changes.
You will need to schedule any of these scripts, most of them are compatible with both Windows and Mac.

Some scripts require outside tools provided in the archive, they will need to be uploaded to the manages files into a folder named "stolenlaptop"
All results files end up being downloaded to the Document folder of each endpoint. (Easily available in Quick View.)

NB: You run the scripts at your own risks, you may want to check your state and federal laws prior to running them (webcam picture or video could be sensitive.)

Developer
  • Name: Douglas Sanchez
  • Company: Kaseya
  • Website: http://www.kaseya.com
  • Contact Developer
  • Summary
  • Stolen Laptop Script Pack
  • 688 Downloads
  • Initially Released May 4th, 2018
  • Reviews

    Stolen Laptop Script Pack has no reviews.

    Discussion
    Gravatar for Todd Williams
    Todd Williams almost 3 years ago

    Anybody have any experiences with this pack? 

    Gravatar for Chris
    Chris almost 3 years ago

    Yes, last time I checked this worked. Which was about a month or two ago. 

    Gravatar for Jeremy Hinkle
    Jeremy Hinkle almost 3 years ago

    Where is the "webscr.exe" file? It's not in the zipped file that was downloaded.

    Gravatar for Douglas Sanchez
    Douglas Sanchez almost 3 years ago

    Jeremy, it should be in the zip file, you may want to disable your anti virus first as I have seen the file get flagged as a malware but it is a false positive. 

    Gravatar for Jeremy Hinkle
    Jeremy Hinkle almost 3 years ago

    Yea, you're right. My antivirus is cleaning it off too quick for me to notice. Thanks for the heads up!

    Gravatar for Jeremy Hinkle
    Jeremy Hinkle almost 3 years ago

    This is probably a dumb question, but where is it saving these files it's creating? For instance, the "collect IP information", it's saving to the temp directory on the local computer, but then the procedure does a "getFile". Where is "..\Docs\"?

    Gravatar for Douglas Sanchez
    Douglas Sanchez almost 3 years ago

    All your agents have a GetFile and Documents folder in your k server. You can access the Documents in Quick View of any agent whenever you hover the mouse over the agent icon. Right on top of GetFile is Documents. Otherwise it should be easy to edit the procedures and save the files to the GetFiles folder or a network location of your choice. 

    Gravatar for Jeremy Hinkle
    Jeremy Hinkle almost 3 years ago

    Thanks for the info!

    Gravatar for Michael Barrett
    Michael Barrett over 1 year ago

    Just one note the video and webcam pictures will not work with a computer with more than one camera (ex. Surface Pro).

    Gravatar for Dylan Hall
    Dylan Hall 11 months ago

    This could use a procedure to delete all documents and user data

    Gravatar for James Armstrong
    James Armstrong 10 months ago

    I fully agree with Dylan. If a procedure was created to delete all documents and user data that would be great!

    Gravatar for Charles Vasquez
    Charles Vasquez 4 months ago

    Hello everyone. In my orgaization I can only upload documents to my Private files and created the 'Stolen Laptop' folder there. My question is will these scripts read from that location or do I have to change the script?

    Gravatar for Thomas Goral
    Thomas Goral 3 months ago

    Tried deploying to a laptop, didn't work for me.

    Gravatar for David Perhacs
    David Perhacs 3 months ago

    I've messed with this script and made a few personal changes and it works fairly well for me. I have it generate emails when a computer is outside of the US and give us the Location. The main issue I found was the GEO location websites were maxed out on hits for the day very early on and did not give me a location. I found a different website that works much better and is fairly robust. I will send out the info in the next couple of days to this discussion if it will help people out.

    Gravatar for Mike Moniz
    Mike Moniz 3 months ago

    I would like to try the new website.  Emails are a great idea too!

    Gravatar for Brendon
    Brendon 3 months ago

    Hey David,

    Did you end up committing your changes to this repo? 

    Gravatar for David Perhacs
    David Perhacs 2 months ago

    My apologies for the delay. I'll add the XML text below


    -- GEO IP Locator with changes

    <?xml version="1.0" encoding="utf-8"?>

    <ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">

      <Procedure name="GEOIP_Locator">

        <Body description="">

          <Statement name="GetURL" continueOnFail="false">

            <Parameter xsi:type="StringParameter" name="URL" value="http://ip-api.com/csv/?fields=281" />

            <Parameter xsi:type="StringParameter" name="ResponseFileName" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

            <Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />

          </Statement>

          <Statement name="GetVariable" continueOnFail="true">

            <Parameter xsi:type="EnumParameter" name="VariableType" value="FileContent" />

            <Parameter xsi:type="StringParameter" name="SourceContent" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

            <Parameter xsi:type="StringParameter" name="VariableName" value="geoIP" />

          </Statement>

          <Statement name="DeleteFile" continueOnFail="true">

            <Parameter xsi:type="StringParameter" name="Path" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

          </Statement>

          <Statement name="UpdateSystemInfo" continueOnFail="true">

            <Parameter xsi:type="StringParameter" name="ColumnName" value="GEO_IP_Location" />

            <Parameter xsi:type="StringParameter" name="Value" value="#geoIP#" />

          </Statement>

        </Body>

      </Procedure>

    </ScriptExport>


    What I called the GEO_Alert email 

    <?xml version="1.0" encoding="utf-8"?>

    <ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">

      <Procedure name="GEO_Alert">

        <Body description="">

          <Statement name="GetURL" continueOnFail="false">

            <Parameter xsi:type="StringParameter" name="URL" value="http://ip-api.com/csv/?fields=1" />

            <Parameter xsi:type="StringParameter" name="ResponseFileName" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

            <Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />

          </Statement>

          <Statement name="GetVariable" continueOnFail="true">

            <Parameter xsi:type="EnumParameter" name="VariableType" value="FileContent" />

            <Parameter xsi:type="StringParameter" name="SourceContent" value="#vAgentConfiguration.agentTempDir#\geoQuery.txt" />

            <Parameter xsi:type="StringParameter" name="VariableName" value="geoIP" />

          </Statement>

          <Statement name="GetVariable" continueOnFail="true">

            <Parameter xsi:type="EnumParameter" name="VariableType" value="MachineGroupID" />

            <Parameter xsi:type="StringParameter" name="SourceContent" value="" />

            <Parameter xsi:type="StringParameter" name="VariableName" value="MachineID" />

          </Statement>

          <If description="">

            <Condition name="CheckVariable">

              <Parameter xsi:type="StringParameter" name="VariableName" value="#geoIP#" />

              <Parameter xsi:type="EnumParameter" name="Condition" value="NotEquals" />

              <Parameter xsi:type="StringParameter" name="Value" value="United States" />

            </Condition>

            <Then>

              <Statement name="SendEmail" continueOnFail="false">

                <Parameter xsi:type="StringParameter" name="To" value="<YOUR-EMAIL>" />

                <Parameter xsi:type="StringParameter" name="Subject" value="<Subject Line about missing laptop>" />

                <Parameter xsi:type="MultiLineStringParameter" name="Body" value="ALERT - &#xA;&#xA;#MachineID# has been located in #geoIP# and is in violation of company policy." />

              </Statement>

            </Then>

          </If>

        </Body>

      </Procedure>

    </ScriptExport>


    Hope this helps. This does require the original script pack instructions, I just modified a couple items. Thanks!