There are certain mistakes companies simply should not make. Selling equipment with your internal computer still attached is one of them.

So, what would you do if a “missing” company computer suddenly checked in from another state? Would you pause and try to figure out how it ended up there in the first place? Or would you wipe it and lock it down immediately?

In the following story, a tech support worker faces this very decision and springs into action. Here’s what happened.

A 3rd party company ended up with a company computer.

Last year, we were working on updating machines to Windows 11.

There was a device we couldn’t find, so our security team locked it down in FortiEDR. The antivirus program would make the machine inoperable the next time it checked in.

Well it checked in… and yeah…. it was inoperable.

So, I got a call from someone in tech support.

Here’s how the call went.

Tech Support: Hey, I got a call from someone in Louisiana. He’s got a computer that keeps getting FortiEDR Toast notifications.

Me: What?

Tech support: Yeah, weird, right?

Me: *Very confused* What’s the serial number of the device?

The guy had found the company’s contact info and called them.

Tech support: Gives me the serial number.

Me: I look it up, “I found the missing computer.”

Tech support also informs me that this person had never heard of our company. But he researched the notification, and that led him to our website and then to our tech support number for our customers.

Why he didn’t just wipe the computer is beyond me.

He finally discovered that manufacturing had sold a device but failed to wipe it.

I start talking to various members in my team and throughout the company, trying to figure out how in blazes one of our devices is in Louisiana.

Apparently, manufacturing had sold one of our ERSA devices, and they neglected to tell IT, and they sold it with the computer attached.

Did they reimage or wipe it you ask, no. They sold the ERSA, with the computer. The computer had auto-log-in enabled and was still in our Intune tenant.

Throughout all this, I learned that we effectively caused a manufacturing line to go down at this 3rd-party company when we isolated the device in FortiEDR.

The other company let him fix the situation remotely.

We ask the other company if we can remote in and uninstall our software, and unregister it from our system.

To my astonishment, they allow it. I remote in, I uninstall apps and remove files that are specific to our company, and I remove the device from our Intune tenant.

If it were me, I wouldn’t have called anyone. That machine would’ve been reimaged immediately. If it came up again after reimage, that device would have been replaced.

The computer tells the ERSA how to make a circuit board via communication software. The computer is cheap compared to the rest of the unit.

Wow! It’s crazy that manufacturing didn’t know better… and neither did the client.

Let’s check out how the readers at Reddit feel about what happened here.

This person is torn about autologin.

These are great thoughts.

According to this comment, they would’ve needed help either way.

This reader thinks he should’ve checked with the legal department.

That was some quick thinking.

If you liked that post, check out this post about a woman who tracked down a contractor who tried to vanish without a trace.