Locking a Windows device when employees leaveSolved

Hey @famk_e ! Classic situation, this happens more often than you’d think.

In Hexnode, there are quite a few ways to cut off user access. The first thing that comes to mind is the Wipe Device remote action. It’s the simplest way to ensure the user can’t get to corporate data; it removes everything from the device so nothing sensitive stays behind.

If you just need a quick temporary solution, you can go with the Lock Device action. It instantly locks the screen remotely, giving you time to take further action. Meanwhile, you can disable the local account or change its password from your end to make sure the employee can’t log back in.

Thanks, @skylar-a ! But if I use Wipe Device, won’t that remove everything, even Hexnode? I’d still want the device to remain managed so we can reassign it later.

Good question, @famk_e . You’re absolutely right. The Wipe Device action clears everything, leaving only the OS.

But don’t worry, there’s a smarter way around it! You can set up Windows Autopilot enrollment. That way, when you wipe the device, it will automatically re-enroll with Hexnode during setup. So, you still get a fresh start for the new employee and keep the device under management.

Hey folks, jumping in with a few more tricks.

Before handing devices out, you can use Hexnode Access policy to make users sign in through your identity provider (like Azure AD). If you’ve done that, simply disable their Azure AD account when they leave. Problem solved, they can’t sign in at all.

Another good option is the Enable Lost Mode action. It remotely locks the device and restricts all its functionalities. The only way to use it again is for the admin to Disable Lost Mode from the Hexnode portal. Perfect if you’re waiting for the device to be returned.