ULPT Request - How to work abroad with company laptop?
Posted by False_Secret1108@reddit | UnethicalLifeProTips | View on Reddit | 23 comments
Let's you can work remotely and you are given a company laptop. Let's also assume that you work for an American employer and you're supposed to work only in America due to tax and other liability reasons. Is there anyway you can take your laptop with you abroad and not be detected that you are actually not in the states?
There's gotta be a way. I am not too familiar with the IT/VPN obstacles you have to overcome. Maybe you have to leave the company laptop at home and then remotely log into it from another laptop abroad? Anyone here have experiences with such thing?
FreedomRouters@reddit
you will need to deploy your own VPN server at home and have another router connect to it. It's some work but it can be done with help of chatgpt or googling guides.
if you have the money and want a secure easy way to do it check out flashedrouter.com
Eggslaws@reddit
IT guy here, if your VPN connection is geo locked, chances are that the ability to connect to your laptop remotely is also locked out. And if you are not sure if that's what they have done, any simpler methods the internet proposes to work around that would either likely not work or leave the devices at your home a target for hack and hijack if not done correctly. And any 'correct' ways to do it would be way beyond what you can possibly understand and DIY.
If the IT team is even as semi-decent as ours, that would be the quickest way out. Not to forget, you messing about would make the IT and HR spoil it for others, who are playing by the rules. Do yourself and your colleagues a favour, either take a proper time off to go do what you want to do or quit the job and find something with more liberal remote working policies.
ocvl@reddit
So our company used to let remote employees work from anywhere, all they had to do was submit a request to allow the specific IP address they would be connecting from if was was in a country where we did not have a physical office (most, we only have offices in like 5). And honestly, in my eyes that was a HUGE perk as my wife’s entire family is from South America and we love to travel.
Well, recently, I’m guessing a handful of people screwed that up for the entire company likely by spending most of the year in another state/country and trying to file taxes not from their home of record. So now, we can only work from a country that has a physical office, for two weeks, anything longer requires you to actually work IN that office and only for another two weeks. You can also only do this now once every 6 months. For places in the US, you can work from anywhere in your home if record’s state, but if in another state the maximum is a month.
All that to say is that I had and was following the proper steps needed to go to SA to close on a land and separate apartment purchase and oversee the final construction. All was set, to work from there for a couple months… and then BAM, this policy gets immediately implemented out of nowhere.
Do you mind if I DM you with non-private specifics for our setup and discuss feasibility and risk? I have a higher workstation/endpoint privileges and more than average understanding of AD, Networking, Protocols, and all the relevant monitoring and anti-tamper triggers installed. Laptop allows connecting to ANY internet connecting, regardless of geo-location (I’m sure it’s logged though), we just have to connect to VPN for accessing internal company resources (non-M365), all of which are on Azure instances which only allows connection from the VPN IP range, regular Teams, SharePoint, Outlook are all accessible without VPN. So this leads me to believe that UniFi or Google Travel routers or even my own router with VPN integration set up might be feasible? Best friend of many years and his wife just moved in a few houses down so we can easily any troubleshoot router issues, or just bring it to his house.
Eggslaws@reddit
I would not be in the best place to give you advice. Every company's principles governing their IT architecture is different, using different flavours of applications with a common set of functionalities shared with other similar apps but differs in its own ways and offers different sets of audit capabilities. And how companies set up monitoring is different too.
If your company's work conditions are no longer suitable for you, you should explain your position to your employers and try to get a derogation instead of trying to work around the problem thinking "handful of people screwed it up for the rest" instead of acknowledging you too are a part of the problem. If your manager honestly acknowledges your work, then he would go to lengths to get it approved. Otherwise, just quit your job and find something else that suits you. That way, your IT team itself can set you up with an approved solution.
Otherwise, you'll be constantly thinking "can they see I'm using a travel router or not?" And that is not worth it.
I know I'm on ULPT sub, but I'm just a tired IT guy wasting time cleaning up after people trying to work around their IT policies instead of fixing the usual printers or dead keyboard batteries and a disgruntled employee whose "some special privileges" were taken away because some of those same people whose excel spreadsheets I fixed, took it away from the rest of us. Don't worry about me though, my manager still treats me well and I get exceptions when I rightfully deserve so.
False_Secret1108@reddit (OP)
It seems like you're suggesting there is no way if I am understanding you correctly.
Eggslaws@reddit
Not without putting your job and/or your personal/work devices at risk.
HI-McDunnough@reddit
It really depends on how good your IT department. It should be the default to block or at least notify if someone is trying to log in from another country, but some people don't care. Likewise, day 1 stuff in IT is, don't let users install their own software and block unauthorized remote access, so if they are even halfway competent you can't remote into your laptop at home from somewhere else.
NeverEnoughBoobies@reddit
I used to leave my company laptop at home and use TeamViewer (and then Splashtop) to remote into it.
noclue9000@reddit
How do you deal wirh the company laptop needing to reboot after a mandatory it update?
NeverEnoughBoobies@reddit
Splashtop was able to connect even before the Windows login screen. Granted, this was back in Win10 days.
ChrisCopp@reddit
Remote KVM might work but it's risky. If something messes up on the laptop you'd need someone to restart it.
You most likely use a VPN already to connect to work stuff.
You can't use 2 of them at the same time.
A remote KVM would bypass these worries.
poop_report@reddit
Remote KVM is the best, most foolproof option. Make sure that it has a "power cycle" option or else that someone is at your house who can power cycle the laptop in case it crashes.
You can also do this with a specialised VPN router device but it's a lot more of a pain and you will need some technical know how to make it work properly.
TheLastREOSpeedwagon@reddit
You need a remote KVM
JohnHazardWandering@reddit
Worked for north korea!
BadgerBreath@reddit
Upvote parent! Using a KVM is the most undetectable and “simplest” correct solution. I am senior engineer in IT. Every other option that listed using VPNs would work until you are in the middle of a session and the VPN unexpectedly drops out and your connection to a work service is automatically reestablished from outside the US.
Our company policy is if someone is traveling outside of the US, we have to receive pre-approval before travel to whilelist the exception. Otherwise, their Office/M365 account is immediately locked and flagged for review by their supervisor and IT security. This all happens automatically within seconds.
Anagoth9@reddit
This would be your best bet. If you have Chrome installed on the company laptop then try installing the Chrome Remote Desktop extension. You can remote into the laptop that way. I worked IT at a publicly traded company and I'd do that all the time. Neither my manager nor ITSec team had any idea. It's almost comical how often I've seen that overlooked.
CutCorners@reddit
This assumes IT Dept will let the user install a remote extension on the PC.
GENHEN@reddit
leave your company laptop at home
get and connect a KVM like this:
https://www.youtube.com/watch?v=XqhGHcIXvyI
ThePiachu@reddit
Try checking out Unifi and their Travel Router. It is a fairly simple way to connect your devices from abroad into your home network and appear to be there.
SeanFrank@reddit
I would use a travel router set up with a VPN connection paired with my home internet connection. Then connect ONLY to your travel router when you are away, and it will appear that you are on your home network.
You would need your home router to support the VPN, or set up a separate VPN box at home.
If you can't handle it, you could probably find somebody locally to help set you up for a couple hundred dollars.
Osmyn@reddit
Google travel router. Products like unifi will let you connect your laptop via Wi-Fi or Ethernet to your travel router which itself connects to the local Internet and Vpns back to your home unifi router and then that should be where it appears you are connecting from.
Representative_Hunt5@reddit
Make sure your home router has a vpn. Vpn from home. 😀
heyitscory@reddit
Your idea is the safest idea, but they'll still have logs that someone is connecting from [where ever you are], so if they care about whatever laws or rules you'd be breaking, doing that or using a VPN likely wouldn't help you get around this.