My company has been greatly affected by the pandemic, we went from running over a dozen call centers to almost completely WFH. An issue we have been experiencing is that our own operations staff refuse to send equipment from terminated coordinators back to IT for refurbishment/reimaging, they give it to the next person hired (because the turnaround isn't fast enough for them). We use Windows and Active Directory, so to set up the AD profile we use Global Protect to connect as a pre-logon VPN whenever we send a newly-reimaged laptop out. The problem is if the computer is *NOT* reimaged the pre-logon option is unavailable as we have it turned off after a successful login. Our operations management is adamant: find a way to connect to the WAN without sending computers back. We have a very clumsy workaround involving Microsoft LAPS to log in as local admin and resetting the password afterwards so the users cannot install unauthorized software, but it does not work if the computer in question loses its AD account (we periodically purge inactive computer accounts). I have been thinking, is there a portable router available that has the GlobalProtect client in its firmware so that it would connect automatically to the VPN? Any computer connecting to it would be connected to the WAN w/o installing and connecting the GlobalProtect client on the computer itself. It would allow me to ship a portable device (ideally with an Ethernet cable so no fooling around with WiFi) so the user can connect the computer and be on the WAN. I can then do my thing using tools like SCCM to get them up and running. Obviously I need to examine the security behind such a box as it is a potential security risk if UPS lost it. Does anyone know of a vendor providing GlobalProtect support at the firmware level of their routers? Thanks in advance!
... View more