Some general privacy questions about my work laptop

Dissonance1

Estimable
Oct 15, 2015
2
0
4,510
Hello! My department purchased me a laptop, and it's setup in a way that is new to me, so I'm just asking a few questions.

The Win10 login screen is replaced by one that validates through my employer's server. A local wired connection is required with company credentials to login for the first time, and subsequent logins can be from anywhere. Files in the My Documents folder are automatically synced to the server. There's no antivirus installed. My IT said it's set up this way for security and so they can do updates.

Would someone please explain to me how the login screen overrides how users are normally created in Windows? How is security being done without an antivirus program? How are updates administered? Can my employer view my files that are not synced to the server and see what programs I have installed?

I'm not planning on changing the setup, I just want to understand it before I sync my work files to it. Thanks!
 
Solution
Your computer is part of a windows domain. The security policies are created by the domain. The reason you had to login with a direct connection the first time is because your login had to be validated. After that a local copy of the validated credentials are kept on the laptop.

The IT admins can setup the Windows update so that it only connects to THEIR update server (WSUS). They have probably taken away all permissions for you to be able to install any programs.

The rights your employer has over the data on the laptop probably depends on the laws in your country. Or the paperwork you signed to get the job may have given the employer the right to access any files on your computer. But, in most cases, the employer can access...

kanewolf

Judicious
Moderator
Your computer is part of a windows domain. The security policies are created by the domain. The reason you had to login with a direct connection the first time is because your login had to be validated. After that a local copy of the validated credentials are kept on the laptop.

The IT admins can setup the Windows update so that it only connects to THEIR update server (WSUS). They have probably taken away all permissions for you to be able to install any programs.

The rights your employer has over the data on the laptop probably depends on the laws in your country. Or the paperwork you signed to get the job may have given the employer the right to access any files on your computer. But, in most cases, the employer can access any files. They can install tracking software, or even keyloggers. It is their hardware. You are only using it, and you are assumed to be using it for THEIR benefit.
 
Solution

USAFRet

Illustrious
Moderator
And the 'no antivirus' is because that is handled at the network level, rather than the individual PC.

Like this:
You have a lock on the front door of your house (the corporate network AV and firewall)
Do you also need a lock on your sock drawer? (your individual laptop)

But there probably is an AV application installed, you just don't have permissions to see it.
 

Dissonance1

Estimable
Oct 15, 2015
2
0
4,510
Thank you for your feedback. Your responses provide the information for which I was looking. My account is admin so I can install programs and view all running processes. I don't see any antivirus or tracking software running. I am familiar with my employer's policies on intellectual property rights because I serve on that committee.