People are stealing RAM from company computers again

[-]

ciabattabing16@reddit

Where are these users that know what RAM is?! I've only interacted with those that feel the square box of magic is negatively influencing their ability to have infinity tabs and spreadsheets open.

[-]

FarmboyJustice@reddit

Lots of business-class machines have chassis intrusion detection, if yours do you could read that with a WMI query.

[-]

UltraEngine60@reddit

chassis intrusion detection

ding ding ding. Make sure you set passwords on UEFI settings as well.

[-]

nfkgdh@reddit

ok, how to be sure it's not implemented on my company's computers ? I need myself some RAM and they're not paying me enough

[-]

UltraEngine60@reddit

I know this was /s but if you're seriously contemplating stealing RAM they are paying you your fair market value

[-]

Aevum1@reddit

many mini pc´s from lenovo and dell usually have the kensignton lock set up in a position that the case cant be opened when the lock is installed,

[-]

wrincewind@reddit

Look up the chassis model, find out where the button is, depress it with a credit card while you open the case then hold it down with a clothesleg while you work.

[-]

Isn't this for preventing electrical access when the computer is running aka sniffing data etc? Intrusion detection I saw is just a switch on the case, how would it work when the machine is unpowered?

[-]

nroach44@reddit

Probably wired to the RTC. Clears / sets a flag when triggered, "resets" electrically when powered on next.

[-]

vmeldrew2001@reddit

I had an instance in a school where a kid somehow managed to punch through the optical drive blanking plate plus the metal plate behind to steal the ram.

[-]

GolemancerVekk@reddit

It's not that difficult, both the plastic plating and the metal shield behind it are there mostly for dust protection. They are designed to be easily removed if the bay needs to be used.

Business PCs tend to be a lot more compact though and the components are packed very tightly so I doubt that would work.

[-]

notainotbot@reddit

IT team don't bother with that

[-]

hkr@reddit

The whole point is that they now should.

[-]

TheRufmeisterGeneral@reddit

Depends on the math. If an occasional RAM replacement, and a stern warning that being caught leads to being fired and prosecuted for theft, is less effort than setting up intrusion detection for all your machines, then it's better to not do it

[-]

chris77982@reddit

Yep, I have Lenovo and dell mini pc's and the chassis detection flag gets triggered when ever I open them up. There is a history log in the bios too with timestamps.

[-]

No-Preparation7805@reddit

Seen something similar a while back — not even theft, just “mysterious hardware drift” over time.

Your RMM approach makes sense. We ended up doing something similar but tied it into asset inventory as well, so any unexpected change in RAM/disk would trigger a flag against the baseline.Not perfect, but at least it gives you something to point to instead of just a gut feeling.Physical controls are always going to be weak if someone really wants to get around them.

[-]

Helpjuice@reddit

Get a Kensington lock for all the workstations and make sure those cameras are working so they cannot take the workstation from their current location and if they want to steal something they have to violate policy by opening the machine and stealing it.

[-]

CeC-P@reddit (OP)

We checked. That costs like 30 sticks of stolen RAM worth of parts and labor and would "Bring down morale" according to the owner.

[-]

Niouke@reddit

Even if a few laptops disapear each year it's still not worth it. Been there, done the math.

[-]

accidentlife@reddit

Look at plastic wire padlocks. Unlike regular locks, these can only be opened destructively.

They are used by utility companies because they are dirt cheap ($20/100pcs on Amazon). “Low cost” equipment exposed to unsupervised members of the public aren’t going to be adequately secured by a padlock anyway; so the use of these locks as tamper indicators is just as effective.

[-]

tyami94@reddit

hot take but genuinely, if that's what they say, i'd just let it go. this is an HR issue not an IT issue. no need to needlessly piss people off if you don't have management backing. just document and move on.

[-]

lenswipe@reddit

well the neat thing is that's a one time cost, but RAM theft can keep happening

[-]

Helpjuice@reddit

Ok, some math may be way off then for your calculations one Kingston lock is $40 to $150 dollars.

So the options are: - Lock it down or loose the RAM. - Move everyone to fixed thin clients that are still locked to the desk along with monitors and move all workstations to a locked room with industrial AC and put who knows how much time and money into having a janky VDI setup or move everyone to thin clients and setup a production grade VDI setup.

Cannot complain about the losses and not doing anything about if it is something that need to be stopped.

[-]

ElvisDumbledore@reddit

And here I am contemplating adding RAM to my underpowered laptop. 😭

[-]

Single-Virus4935@reddit

When I was a freelance sysadmin for SMB I had one client where employees messed with the hardware all the time. I installed an automatic system importing hardware and serialnumbers into asset mamagement. Every discrepancy was logged and internal changes triggert an alert/jira ticket. - SSDs were chanfed with cheaper ones (expensive at the time) - GPUs/ram swapped with collegues PCs - surprise: one employee in a small remote branch added a 3 TB HDD. When fired later because he barely worked he hadnt a chance to fet back to the office. The disk was full of recordings from erotic livestreams if his wife. - not inventory related: when the HQ mived every employee should disassemble his pc and put all cables etc in one box. I had everything standardized. On the new location the 3m DVI cables were nowhere to find and all what was left were the cheap short ones. A USV and a IP phone (expensive) was also missing. CEO didnt really cared and didnt want to hear about it.

[-]

ammit_souleater@reddit

Usv? Are you german and mean an ups, or is there another acronym that i don't know?

[-]

Single-Virus4935@reddit

Yes I am german and meant UPS.

[-]

ammit_souleater@reddit

Dachte ich mir.

[-]

Apachez@reddit

The disk was full with recordings of erotic livestreams of his wife

So... what happend to that content?

[-]

Single-Virus4935@reddit

It was used as evidence in court together with phone, email logs, browserhistory and GPS data from his car. Some videos were played in court as a example. The employee was a salesman with almost no sales while collecting salary and coachings. He had to pay a good amount of his salary etc. back.

Also there was evidence, he exported and uploaded the customer records etc. onto a private online share.

[-]

Apachez@reddit

Evidence in court you say?

So... public records then?

Whats the case number and which court and year? ;-)

[-]

Single-Virus4935@reddit

German courts, while usually public hearing, arent recorded nor is recording allowed. I cant remember but it maybe that the harddisk had to be handed off to the employee after the trial because it was still his property. But not 100% sure.

[-]

Walbabyesser@reddit

Die Verhandlung war bestimmt lustig

[-]

Single-Virus4935@reddit

Ich war als Zeuge geladen und leider nicht in der ganzen Verhandlung anwesend.
Ich meine aber, die Videos wurden im Richterzimmer abgespielt und nicht öffentlich. Trotzdem wars zum schmunzeln.
Von der Art der videos kann es für ihn sogar ein kick gewesen sein.
Naja, am Ende durfte er quasi 1,5 jahre Gehalt und und Gerichts-/Anwaltskosten zurückzahlen.

[-]

Hebrewhammer8d8@reddit

Did you see any of clips? 480, 720 or 1080?

[-]

Single-Virus4935@reddit

Yes, I saw the videos because I was the one responsible for IT (small business).
It was around 2011 and I dont remember the quality.

[-]

Hood-Boy@reddit

Lmao

[-]

Narcotras@reddit

Did he get the hard drive back in the end? Since I imagine the data itself wasn't actually included in the whole company issues and such?

[-]

Single-Virus4935@reddit

I cant say for sure but I remember a discussion that the harddrive was still property of the employee and needed to handed out after the process. But not 100% sure.

[-]

MtnCrvr1@reddit

What country was this ?

[-]

ammit_souleater@reddit

Germany, op mentioned in another comment

[-]

MtnCrvr1@reddit

Thanks

[-]

BogdanPradatu@reddit

the judge:

gif

[-]

wwabbbitt@reddit

Thanks for asking the important question that I'm too cowardly to ask.

[-]

-fno-stack-protector@reddit

the important question that I'm too cowardly to ask.

it's reddit man you can just type anything, who cares. gniodfng thjiogfdngnioger hniogvbdfngio dffg uniodsndfiosb biojnsdfg

[-]

Aevum1@reddit

/r/officegonewild ?

[-]

GreatAlbatross@reddit

gniodfng thjiogfdngnioger hniogvbdfngio dffg uniodsndfiosb biojnsdfg

WHO SEEKS THE AN AUDIENCE WITH THE ANCIENT ONE?

[-]

itishowitisanditbad@reddit

who cares.

I'm going to go out of my way to stew on this for like, 3 minutes.

Take that.

[-]

Larry_Underwood_108@reddit

Oh yeah, well take this.

edit: shook my wang.

[-]

MaxMcBurn@reddit

lol .. you made my day 😎

[-]

Apachez@reddit

:-)

[-]

tikanderoga@reddit

Archived for security purposes. Still being reviewed daily to check if the firing was justified. Just in case something got missed.

[-]

jaymzx0@reddit

Right? Seems like a shame to lose it. I hope it was backed up somewhere where we can verify it was backed up ok.

[-]

Single-Virus4935@reddit

The videos were used in court. The lawyer of both parties get all the evidence, so maybe he got his videos back.

[-]

OperationMobocracy@reddit

It feels like the kind of deal where the guy and his wife could have both been over 40 and pushing 225.

[-]

AcidBuuurn@reddit

So that’s why Single-Virus3945 was typing with one hand.

[-]

Nasa_OK@reddit

I don’t get this. Like I get the idea of taking the batteries out of the mouse of the colleague who is on Holliday due to being lazy and too cheap to just buy some if you already can’t be bothered to walk to it and ask for a AA battery.

I also somwhat get people stealing usb cables to charge their phones etc.

But messing with the hardware to the point where you need tools? Like that’s one step away from ripping electric wires out of the wall to sell the copper.

What makes this even more crazy is that at my company not even 6 years ago departments where throwing away perfectly good hardware because they didn’t need it anymore. Like to the point where it was fishing a Watercooled pc with rtx gpus out of the bin.

I go on a lan party with some of the it guys 2 times a year and they already have fully functioning loaner pcs built from these junk devices incase someone wants to join who doesn’t have a desktop or gaming laptop

[-]

Single-Virus4935@reddit

Better gpu, more ram, .... its not _always_ malicious.
Devs had all 16GB+ ram. One needed more and asked a collegue to swap. Others did it just in secret but without malicious intent. The irony is that there was a process to request hardware and I was free to order it without any approval. Its was just faster for them.
GPUs was pure envy because the new hire got the more recent _slightly_ better gpus. No relevancy for work.

[-]

Nasa_OK@reddit

Maybe it’s a different mentality but at the end of the day I get paid for my time. If business wants me to spend weeks working inefficiently until I get adequate ram then so be it.

Messing with the hardware config can be grounds to get fired so I personally don’t get why someone would risk their job over something like that

[-]

Calm-Show-9606@reddit

I had to secure a laptop from a fired employee, fairly high up. When I examined it I found home porn of him, his girlfriend and her underage daughter. I had done some volunteer work with local PD on getting past passwords on seized computers, so I called the supervisor of that dept and asked to have a detective sent out. Detective showed up, I signed a chain of custody and he took it. Then I reported it to company president. The exemployee and girlfriend got 10 years, I told DA I did not want that computer back!

[-]

lenswipe@reddit

I do not understand what would possess someone to not only do something like that, but to then record it...and to do so on a company device no less....🤷‍♂️🤦‍♂️

[-]

killjoygrr@reddit

I think when someone’s brain is broken in that way, it isn’t limited to just that one part of their thinking process.

[-]

winaje@reddit

People are stupid

[-]

Calm-Show-9606@reddit

Guy never appeared to be too smart to me, I found he was fired for fudging sales reports. I had complained before because he always resisted my inspecting his computer. As sales manager he was on the road a lot.

[-]

lenswipe@reddit

I had complained before because he always resisted my inspecting his computer.

well I guess now you know why

[-]

Calm-Show-9606@reddit

I have found pronounced on systems before even home produced but never kiddie born. The regular type i have a discussion with person with working happens again I go to president who really doesn't like it.

[-]

FixDouble1405@reddit

Honestly, the RMM alert is the better control anyway. A small padlock is mostly a nuisance and a little bit of a pain for techs.

[-]

willwork4pii@reddit

I’ve been doing this 30 years. I’ve maybe come across 5 people outside of IT who would know what RAM is.

Whet industry is this customer in? Education? They’re stealing everything in education right now. They steal the paper towel and soap dispensers for fucks sake. And I’m in one of the richest zip codes in the country.

[-]

joshghz@reddit

I tested replacing some OptiPlexes with some Intel NUCs in a private school lab, and Kensington locked them. First thing that was stolen was the mini-DisplayPort/VGA adapter.......

[-]

Apachez@reddit

Yeah it seems like some workplaces are worser than prisons.

Anything that isnt physically locked or epoxyglued will get stolen.

Which is also a leadership thing.

What does the management do to minimize these events?

[-]

finkwolf@reddit

The computers out of our prison classroom had ram stolen. But not to be sold. It was made into a shank. (True story)

[-]

jackfinished@reddit

I supported a jail many moons ago and I'll never forget the lesson to always carry own pen.

[-]

Nu-Hir@reddit

Shank or be shanked?

[-]

jackfinished@reddit

That would have been a better situation. So what had happened was... working on some networking issues and was pulled into an interview room to work on my laptop. Had a notepad but left my pen in my bag that i couldn't bring in. See a pen on the desk and start writing. Guard walks in and says "you don't want to touch that pen..." Apparently it had been in the ol' prison purse and someone left it sitting there. which was a fuck up on their part. I jokingly chewed him out and disinfected my hands, laptop, threw away the notepad.

[-]

joshghz@reddit

In this economy, that's like someone smuggling in a solid gold knife.

[-]

wiwtft@reddit

It's a management and a morale thing. Some people are just awful but usually when stuff is getting stolen in an office it's because morale is just absolutely shot. People are unhappy and fell owed and can justify little thefts to compensate for how they feel they are being mistreated.

[-]

mcsey@reddit

Who thought these USB-A to USB-C cables would not get stolen as phone chargers?

[-]

Moontoya@reddit

I took have been doing it 30 years

Hardware / component theft has long been an issue across multiple fields of SMBs.

Ram swapping in cad pcs, ssds flat out nicked, keyboards & mice & headsets go wandering, nice usb docks end up mysteriously becoming Amazon basic docks.

Hot gluing ram to make it harder to remove, been there, seen that, got the crappy t shirt.

[-]

AnomalyNexus@reddit

I’ve maybe come across 5 people outside of IT who would know what RAM is.

Way more people than that build their own PCs - they just don't announce said fact to any sysadmin they encounter

[-]

slonk_ma_dink@reddit

yeah, lots of the gamer types know what RAM is, but the jurys out on if they know what it does as a greater part of the computer.

[-]

willwork4pii@reddit

They have concepts of RAM

[-]

slonk_ma_dink@reddit

lmfao yes exactly.

[-]

AnomalyNexus@reddit

If they can spec out a gaming PC with components that make sense and are compatible they likely know what RAM does.

My point is 30 years in IT 5 people knowing what RAM is can't be anywhere near true. People just don't announce their knowledge because they know it comes across wrong. Bit like going to a doctor and launching into a monologue about all the google research you did. The doc doesn't want to hear so sane patients shut up. The above 30y/5 people comment is the equivalent of a doc concluding none of the patients know anything just because they're silent...

[-]

xendr0me@reddit

90210?

[-]

statikuz@reddit

The only zip code I remember is 60652

[-]

Nayro@reddit

Scruff Mcgruff, Chicago IL, 60652

[-]

DFLDrew@reddit

10001?

[-]

_THE_OG_@reddit

10002 because 2 is more then 1

[-]

DFLDrew@reddit

99999

[-]

QuantumRiff@reddit

In late 90’s, early 2000’s an education sysadmin near me would order all cpu’s and Ram in July (start of budget year) and insisted on custom building all the pc’s. Went to jail when they learned he would sell most of them on eBay, since they were brand new and expensive (my 300Mhz pentium 2 (not core) was like $700) and later in the year, he would buy them much cheaper and pocket the difference.

[-]

Rawme9@reddit

There are approximately 2 people in my office who I thoroughly believe could open up a computer and take out the RAM undamaged. I'm one of them.

[-]

DigiNoon@reddit

It's not really that complicated.. all you need is a good pair of pliers. Sometimes a hammer may be needed if it's a really old computer.

[-]

Waylander0719@reddit

Damn I've never been able to it without a drill and a sawzall. You got skills

[-]

Rawme9@reddit

It's super easy. My users are just dumb when it comes to computers lol.

[-]

perkia@reddit

How do you quickly remove the hooks on the side of the RAM sticks? I typically use a really pointy knife, but sometimes it rips and hits one or two of the mini water-towers thingies. /s

[-]

hurkwurk@reddit

in my last office, it wasnt the employees, it was some random idiot boyfriend that came in with a girl on her lunch break, most everyone was out at lunch, her section was mostly empty, he opened the desktop of the pc next to hers and took ram while she went to the restroom.

lost her job because she picked a low life boyfriend who couldnt keep his sticky fingers in his pockets for 5 minutes.

[-]

therankin@reddit

I haven't watched 90210 in years!

[-]

commsbloke@reddit

"I’ve been doing this 30 years. I’ve maybe come across 5 people outside of IT who would know what RAM is."

Its the IT people on the nick.

[-]

MedicJambi@reddit

We don't have this problem at my work. My work computer uses DDR3 lol.

[-]

Norskamerikaner@reddit

Same here. $300k of lab equipment connected to a Dell with 4GB of DDR3.

[-]

Aevum1@reddit

dont fuck with legacy hardware... some systems are still managed with windows XP desktops.

[-]

darkciti@reddit

Those were Iranian power plants.

[-]

Nu-Hir@reddit

We've got a PC running Windows 2000 for part of our HVAC system.

[-]

Bogus1989@reddit

god ive got stock piles of ddr3. lmao also 128gb in an old hpz440 thats in my homelab. shit will not die. going 24/7 since 2017.

[-]

awetsasquatch@reddit

Bruh

gif

[-]

Amazing_Scientist696@reddit

Idk like 1893

[-]

skat_in_the_hat@reddit

some systems have chassis intrusion information. You can configure that to get sent remotely in the bios IIRC.

Do you not have some kind of inventory tool? Shouldnt having that alert on changes tell you?

[-]

psycobob1@reddit

They thought I was crazy when we moved to soldered on RAM in laptops.

[-]

barnopss@reddit

I still think you're crazy.

I've got my workstation loaded with 96GB of RAM because its not soldered on...it would have cost me tons (or neigh impossible) to order that custom from a manufacturer who only does soldered memory on mainboards.

[-]

vrtigo1@reddit

I still think you're crazy...

[-]

RabidTaquito@reddit

Second.

[-]

Arudinne@reddit

thirded.

[-]

Pablo______@reddit

fourtheth

[-]

itsaride@reddit

Fifthethed.

[-]

nugohs@reddit

Sexed

[-]

rdldr1@reddit

8GB soldered RAM. More tragedy than comedy.

[-]

elsjpq@reddit

amateurs... just download more!

[-]

lenswipe@reddit

it's both if you're not the one using it

[-]

ilrosewood@reddit

Tragedy plus time equals comedy.
And with 8GB of RAM you have plenty of time to wait for the comedy to appear.

[-]

CretinousVoter@reddit

If there is no expectation of upgrade that makes perfect sense. If more performance is wanted, buy more performant hardware with soldered RAM. It's only money.

[-]

killjoygrr@reddit

I had that happen where my group was moved into a repurposed room with no lock on the door.

Systems had all been upgraded. One of our people came in early and found someone in the room who quickly shuffled out mumbling something about being in the wrong office. Then our employee noticed a pc lid lifted. But no desire to try to chase someone down and try to physically apprehend someone who had a few minutes of lead time on a site with thousands of people. They cleared the memory out of a dozen systems.

Management decided to put a lock on the door to the room after that.

[-]

Beaautiifful@reddit

ngl this has been a thing forever 😭 small expensive parts like RAM are just too easy to pocket. I’d start locking cases or tracking hardware changes

[-]

akuakaii@reddit

Baseline and alert on hardware deltas is the move. We flag RAM/storage changes and at least get a timestamp when something “walks.”

[-]

Bogus1989@reddit

you could also do what we did at a point, ziptie thru the back and in a loop, then another ziptie on the PSU cable, then a 3rd ziptie connecting the two, make sure the ziptie around the PSU cable is tight enough it cant be slid off either end.

[-]

Kraeftluder@reddit

Classmates of mine were selling memory cheaply and I bought a ridiculous amount. Meanwhile, more and more of our lab machines stopped functioning. Thankfully there were many more than needed but still, annoying. If you didn't report a broken machine then the last person who didn't report it got into issues.

Then when I became a sysadmin at a high school only a few short years later, I found out that stealing wasn't so much an issue but did you know you can fit three whole banana peels inside a CD-ROM player?

[-]

jtroll@reddit

Or that they used to steal the band/belts from them....!

[-]

Bogus1989@reddit

oh man, i remember kids used to steal the mouse balls in middle school….till my school replaced them all with microsoft intellimouse laser mice. oh then those things started disappearing quick.

[-]

Sokanas@reddit

Daily walks to check all classroom PCs to fix or replace keyboards / mice because the kids figured it'd be funny to replace keys to spell cusses or cut cables.

[-]

Kraeftluder@reddit

it'd be funny to replace keys

That's funny to me even now as someone who hasn't looked at a keyboard in about 30 years.

[-]

ZarathustraGlobulus@reddit

That's funny to me even now as someone who hasn't looked at a keyboard in about 30 years.

Whoah buddy, slow down. Are we talking ALL keyboards or just external ones? What's life like on the sunny side of the yard? Did you T9 this comment?

[-]

Kraeftluder@reddit

I Dr. Sbaitsoed it.

[-]

FireLucid@reddit

Change the number row by putting 0 at the front and shifting all the keys off by one. No one could log on as passwords had numbers and they show up as *. Ended up on my desk and I spotted it right away.

[-]

Fly_Pelican@reddit

Yes. Yes, I do

[-]

Kraeftluder@reddit

Did you also have non-auto-sensing-but-switchable-by-a-slider-on-the-back-PSUs on all your machines?

I'll never forget the day I heard one of the more popular older guys go off on a classmate who suggested doing it through a wall in a closet where we had a server for some godforsaken reason. This was 2002. TCP/IP was being rolled out slowly.

[-]

alas11@reddit

Hmm, I still have no idea why the computer in the scintillation counter room is so slow.

[-]

daddyrabbit78@reddit

In the industry I work for, if any part of company-issued equipment is missing or has missing parts when you leave, you’re on the hook for it with HR. It’s in the contract they sign.

My corporate offices actually had a guy fired from his new job when he returned a phone that was id-locked and a laptop that had the ram and hd stripped. When they sent him the bill, he ghosted. Don’t know how it worked between my bosses and his, but he called me irate saying I got him fired.

[-]

Bogus1989@reddit

lol i remember when we first deployed iphones and ipads. i briefed everyone there no reason to steal these, first of all ill be alerted because they are geofenced, then it will go in lock down lost mode, even if you do wipe it, cant do anything, its enrolled in apple business manager, will just ask for an AD login when wiped.

ive only had one ipad ever get stolen, or they tried too, and one of the facilities guys brought it to me and said it was dumped in the patient area. i work at a hospital.

lol i totally have the means to figure out who it was, with security cameras and who was logged in last doing whatever on it…but i dont have time for that.

[-]

Bogus1989@reddit

well? you sparked my interest. looks like this company has locks for dell optiplexs of all sizes and minis, they seem to have one for all manufacturers. keeps case closed and a cable for securing in place.

https://www.noblelocks.com/products/ngdt7-optiplex-desktop-lock-with-peripheral-cable-trap

[-]

dreniarb@reddit

Worked in the shipping/recieving department of a high tech company in the 90s. A shipment of very expensive ram went missing after being signed for by me. I had dropped it off with the IT like I did with all his packages - as well as all other packages for employees. He of course said he never got the package.

My co-workers pointed out all the signs of his drug use - so I don't think anyone even suspected I had stolen it. I have no idea if he got in trouble. From then on we had to get a signature for every package we dropped off to him.

[-]

GhoastTypist@reddit

I think the way forward is build the computers into the desks. I'd like to see someone dismantle a desk right before they resign just for some ram.

[-]

ohnonotagain94@reddit

You could simply power off on last day, remove the RAM and post it back to the MSP.

You will still have no idea where in the chain it was stolen.

[-]

DFLDrew@reddit

This. Even if you’re positive it was stolen, how are you going to prove who it was?

[-]

ohnonotagain94@reddit

Doesn’t make sense does it?

The only way they can do this is by having the machine collected and inspected at the same time. Thats a whole lot of money and time to pay for, which will cost more than a stick of RAM.

I’m afraid it is a risk that OP should document as a risk, keep a record of the occasions it’s happened, and update the risk register accordingly.

Sorry OP - you are stuck in my experience (25 years of doing this).

[-]

technobrendo@reddit

Current role is small and I inspect all hardware at least twice a year or more so I would notice.

Past roles didnt pay enough for me to care, so I didn't.

[-]

blotditto@reddit

So how long would it take you to find out if they did it a day after you inspected the hardware? Even a week imo is too long before determining theft.

[-]

yensteel@reddit

Ha, when I got my first ever pc, my brother was a little envious. He got his first own PC a year earlier. I got a pentium 4 2.4 GHz. He had a 1.6GHZ one.

He swapped the cpus when I wasn't home. I noticed more stuttering on the games I regularly played, and found out.

[-]

blotditto@reddit

That's grounds for an ass beating.

[-]

Flabbergasted98@reddit

Considering I can get past a dollar store bulk padlock that small with a paperclip, I instead put in an RMM rule that says send a high priority alert email if the RAM on a system falls below what it is now by more than 10%.

So when I steal ram off my neighbor's desktop and go home for the day you won't know to blame him until tomorrow morning when he powers up the PC again?

Is this better or worse than the padlock?

[-]

CptUnderpants-@reddit

Is this better or worse than the padlock?

That depends, is it a Masterlock 607?

[-]

somerandomguy101@reddit

Yes, because most people don't own a Masterlock 607.

[-]

terryducks@reddit

Doesn't take a genius to get into a 607, however, getting into the lockpickinglawyer wife's beaver is a whole 'nother issue.

(NSFW for all the innuendo)

[-]

gnartato@reddit

Depends on if your management have an actual back bone or not.

[-]

Outarel@reddit

IT's budget should only be spent on infrastructure.

All laptops and smallware should come from whatever department's budget : the managers will start worrying about broken laptops, missing equipment if it's coming out of their bonuses.

[-]

Frothyleet@reddit

So when I steal ram off my neighbor's desktop and go home for the day you won't know to blame him until tomorrow morning when he powers up the PC again?

I don't know if you are being serious about this scenario or not, but yes, that's a pretty reasonable configuration. It's up to management how they want to deal with the situation but you now have logs indicating an incident has occurred and pinning down the timeframe in which a RAM stick was stolen (or failed).

[-]

IamHydrogenMike@reddit

Padlock acts as a physical deterrent that someone isn’t going to try to break open since it takes time and logging proves that fixed the issue for management. Management might not care if you have logs to show it’s an issue but padlocks make them feel better it’ll stop.

[-]

accidentlife@reddit

A semi-skilled person can bypass a padlock quickly and easily. Many cheap padlocks have vulnerabilities that allow them to be opened without the use of any tools (lacking shackle catches, loose manufacturing tolerances, etc). Even the better ones can be vulnerable to shimmying, bypasses, and other attacks that don’t rely on picking the lock.

If OP decides to use padlocks, I suggest getting the plastic wire padlocks which are used by electric companies. They can only be opened destructively so are tamper evident and cost about $0.20/ea on amazon.

[-]

xilix2@reddit

There's an old locksmith saying "Locks only keep honest people out".

[-]

Wall_of_Force@reddit

Not sure if they are steal from their own computer?

[-]

Flabbergasted98@reddit

Well half joking.

I'd argue the padlock still acts as a visible deterrant and additional barrier.
But the logs give you better tracking when an incident occurs and lets you mobilize on it much sooner.

which to employ ultimately is going to fall on what type of environment, but in an environment where theft is already known to have occurred, I'd be inclined to introduce bother options. the visible deterant because thats what the client asked for, and the logs for better monitoring.

[-]

uzlonewolf@reddit

Plastic tamper seals are cheaper and easier to install.

[-]

dhardyuk@reddit

The RMM rule is detection, the padlock is deterrent.

[-]

OldGeekWeirdo@reddit

Exactly. Would you rather discourage people, or have to take it up with management? You're free to choose both.

[-]

CeC-P@reddit (OP)

Say hi the cameras, as we'd have a VERY narrow time range due to the fast checkin interval of our RMM (because I scripted the check myself, otherwise hardware checks are less frequent to save bandwidth).

[-]

Additional-Simple248@reddit

Exactly how often does your RMM perform checks on powered off hardware?

[-]

ThellraAK@reddit

Is there not a RMM that taps into IME/PSP?

[-]

TheITMan19@reddit

It’s better because it acts like a deterrent. You could also assume if the business have employed this approach, what else have they done? Back to the early 2000’s with our smart DNA pens.

[-]

Flabbergasted98@reddit

well technically my point is that logging doesn't act as a deterent. The thief doesn't necessarily know they're there, and you still don't know theft has happened until after the fact.

That said it does let you know much sooner after it's occurred, which does make it easier to sort out who your suspects are. it might also give you an opportunity to take action before it happens again. But it doesn't necessariy prevent additional losses.

[-]

9302462@reddit

Agreed, the padlock acts as a deterrent.

You can also add on a security tamper seal like they use at gas pumps. It lets people know that things are being monitored and implicitly says “we know if you were in there”. You don’t need to log the numbers on the seal, but if it’s broken by anyone other than you, then you know there’s a problem. Also unlike a lock, it can’t be opened and close without someone eventually knowing.

[-]

Unexpected117@reddit

Agreed, a security wire seal would be a better deterrent

[-]

Apachez@reddit

Yeah you must show them by example.

Put IED inside your devices that explodes when opening and the problem will resolve itself?

You might get a visit from the local police office and perhaps FBI but still worth it ;-)

[-]

TinderSubThrowAway@reddit

But it assumes someone steals the RAM out of their own computer.

I feel like anyone swiping RAM would steal from someone else versus make their own computer “slower” with no RAM.

[-]

Rustyshackilford@reddit

Lmao. This is sooo based.

Respect.

This one is clever and experienced.

[-]

Logical_Sort_3742@reddit

If the padlock is so easy to opens, maybe instead of a padlock, something like a one time seal you have to break to access the box.

[-]

VtDL@reddit

No tips for your current situation, but I recall back in the day my shop at the time was all Compaq and they had the password protected solenoid case locks in the bios. And sturdy cases!

[-]

therankin@reddit

The solenoid would open the case with a password? That's rad af.

[-]

Bright_Arm8782@reddit

They were great, the sound was like a pinball machine when you win an extra game.

[-]

tyami94@reddit

i wonder how hard that'd be to poke at. i'd be willing to bet you could unlock it with some debug.exe magic

[-]

VtDL@reddit

Oh for sure. A simple bit flip and it would open up. For added context, the 'threat' was an internal pool of nuclear physicists (80-90% of staff) who were 'stealing' ram to improve their own workstations so they could run calculations faster. Long live NT4 SP6a!

[-]

ScottieNiven@reddit

I picked up an old Compaq Deskpro 6000 about 10 years ago and it was the first time I ever saw a PC with a solenoid lock, I was very impressed.

[-]

Leosthenerd@reddit

“Boss makes a dollar, I make a dime, that’s why I steal RAM on company time”

[-]

CeC-P@reddit (OP)

I forgot to mention this is the same customer who had their ex-IT guy install a Monero miner on the VM host on the way out. They got issues with hiring people that aren't assholes.

[-]

Leosthenerd@reddit

Are you sure it’s not the employer that’s the asshole? 😂

[-]

ConsciousEquipment@reddit

leaving crypto miners behind is actually a smart thing to do because it might take them a while to discover it, in the meantime you got money trickling in your wallet on their computing power

[-]

frankv1971@reddit

Damn, that reminds me of the time I wanted to start my PC at work in 1994 just to find out the memory and HDD was missing 😭.

Was at a big multinational and it happened on a regular basis.

[-]

Moontoya@reddit

"soldered ram is a security feature so we have to charge another 8%"

The cynic in me wants to be wrong, but side eyes apple I'm afraid it's less cynical and more prophetic

[-]

mad-ghost1@reddit

That’s an offboarding process issue. Technology won’t help you here.

[-]

genscathe@reddit

Must be an American thing

[-]

Torches@reddit

This reminds me of a story: Once I came to work in the weekend and booted my pc but it wouldn’t boot, I got worried and being the inquisitive I opened the box and the Ram was missing. Immediately I notified the security guard who I happened to be friends of mine. He looked around and didn’t see anything fishy. He told me to hold reporting as theft because it might be one of my colleagues that borrowed it for some time and it won’t look good. I left the office that day and low and behold the next morning I found a note from some friend saying that he borrowed the ram for the weekend and returned.

[-]

CKtravel@reddit

Oh, this certainly brings back memories :D I never understood why did PC cases of that time have locks on them that apparently have prevented them from being opened. I guess this is why :D

[-]

mrkirukiru@reddit

I don’t think any of my company uses a desktop and all laptop ram is integrated onto the motherboard

[-]

octaviuspie@reddit

I remember several occasions our sites at different hospitals getting hit. My boss would send me down to our PC supplier in a North London lockup to get replacements. I remember being given a bjg bag of RAM chips in a shopping bag. Must have been over £20,000 in there. Just me walking round London with absolute fortune worth double my then annual salary. Crazy days.

[-]

Killertigger@reddit

I would do both - the padlock is a visible reminder that you know what’s going on, and that you’re keeping track. It’s cheap deterrence that pays for itself - hell, it pays for a shoebox shoebox full of cheap locks _ if it only saves one single stick of RAM.

[-]

Apachez@reddit

Better then to just use some assurance tape - also way cheaper.

Most physical locks out there are just pure garbage nowadays:

https://www.youtube.com/@lockpickinglawyer

[-]

Killertigger@reddit

Both are good - most locks are neither intended to or going to stop a serious theif; their real intent is to make that casual thief-of-opportunity to stop just long enough to reconsider what they’re doing, and perhaps decide not to steal.

[-]

Apachez@reddit

Yeah but when 99 out of 100 locks are easily opened by a <$1 tool there is no "causal thief-of-opportunity" to stop here. More like "challenge accepted" ;-)

Also note when the locks are opened the way lockpickinglawyer does it there is also no remains of that the box have been opened (other than some inventory software that might identify that your box who previously had 32GB RAM now only have 16GB RAM).

So an assurance tape will be both cheaper and better and have the same (if not higher) "deterent" factor compared to a physical lock.

[-]

Sceptically@reddit

I once opened a small padlock with a tensioning tool.

[-]

Sk1rm1sh@reddit

I feel like metal cable ties would be the best of both worlds.

Keeps the "honest" thieves out, gives evidence of tampering.

They're pretty cheap too.

[-]

CeC-P@reddit (OP)

It's smarter to put a large plastic outdoor weather resistant price tag around the loop with custom printed label "Tamper Alarm: alarm will sound if removed" and on the back "GPS tracker enabled" But it's a plastic price tag with plastic band that does nothing. Then train the IT staff to wave their phone over the tags before cutting them so people think it's some RFID chip inside the plastic housing with a metal trip wire inside the plastic band.

I have seen this.
I have done this lol.

We had zero thefts internally or externally.

[-]

therankin@reddit

Even a thick zip tie would work. If they can't get it cut without shears, that'll stop a good many of people.

[-]

Training_Yak_4655@reddit

Ah the 1990s. Our company had expanded into a portacabin where about 5 PCs were in use. And indeed the portacabin was broken into and the RAM from all PCs stolen. The chance that there was an inside informant pinpointing the assets was high.

[-]

bbbbbthatsfivebees@reddit

We get alerts for all system spec changes, polled hourly.

There's likely something similar in your RMM already. If it's not already built-in, it's easily scriptable via Powershell and can tell you when system specs change. I'd recommend something similar, especially to detect theft and/or unauthorized system changes outside of theft because it can often indicate someone is tampering with systems in an unintended way.

[-]

atbims@reddit

Y'all work in places with staff intelligent enough to steal RAM? I had to explain the steps to restart a computer yesterday....

[-]

bughunter47@reddit

My company does not have to worry about that yet, we still run DDR4

[-]

itsadile@reddit

Which is still at least 200% more expensive now than it was about a year ago.

I hate this.

[-]

CeC-P@reddit (OP)

We mostly use paper and yell at each other from desk to desk but we're the MSP lol.

[-]

therankin@reddit

DDR4 is pricey too now though, isn't it?

I see m.2 drives are insanely priced as well. Thankfully I bought all the m2s I need a few years back.

[-]

beedunc@reddit

They were doing that at Costco, they had modern ddr-5.

[-]

pabskamai@reddit

Thieves used to do this in my university back home, maybe even some students or teachers, they would the leave the keyboard and mouse in the chassis holes lol, people came in in the morning and tied to turn the device on…. Yeah…

[-]

bionic80@reddit

I'm getting a RAM upgrade in my laptop from 16 - 32g here in the next little bit. The field guy said they'd just mail it to me, but I said no, you're going to do it because you're going to take custody of the old RAM. It's not about making more work for the field, it's for making sure that there is accountability for a scarce, expensive resource for our company right now.

[-]

disconnected_tech@reddit

I think AI is just downloading the RAM directly from us now

[-]

LeidaStars@reddit

Yeah I’ve seen this pop up again. Your RMM alert is honestly smarter than cheap case locks. I’d also log hardware baselines, restrict physical access where possible, and maybe add BIOS passwords or tamper seals. It’s less about stopping it completely and more about making it obvious when it happens.

[-]

rose_gold_glitter@reddit

Wow. This honestly never occurred to me until now. Almost all of our staff are on laptops and they only have the one SODIMM module in them, so they're be bricked if they stole the RAM, so I guess it would be obvious but even still, wow. Something to think about.

We have had several staff leave and "lose" their laptop, so they could not return it and our HR is so weak they do nothing about it (so it's well known now), so I guess they've graduated to stealing the whole thing, here, now.

[-]

HoosierExplorer@reddit

Where I work, our computers will prompt for a BIOS password if the case is opened and will alert if the memory size changed. Only the 3 of us in IT have the password. Therefore a call to IT has to be made to enter the password and then we would see an alert that memory was changed.

[-]

braytag@reddit

if the RAM on a system falls below what it is now by more than 10%

This is the weirdest metric I would have guess for this use case. What are they going to do? de-solder 1 chip and leave the rest?

[-]

wpbfriendone@reddit

Not for nothing, but our desktop support team isn't paid enough to give a fuck.

[-]

BlackFlames01@reddit

You can say that again, lol. If companies want to pay $23/hr, they can get $23/hr worth of work. I don't pay for a $30 steak, expecting a $100 steak. 🥩

[-]

gadget850@reddit

I remember when Lemark designed printers that could access the controller board with the press of a button, and the RAM kept getting stolen.

[-]

fonetik@reddit

Ha! I learned what “Severance pay” meant when I saw someone doing this when we’re all laid off one day in the late 90’s at one of my first jobs. They knocked in the 5 1/4 blank and just popped them out in a few seconds.

[-]

TopLychee1081@reddit

How about dye packs inside the case; like the banks use?

[-]

Sk1rm1sh@reddit

Lock + dye pack + logging, can't be too careful

Hopefully they make a dye pack that doesn't ruin electronics, but the problem is probably going to be taken care of before three packs go off.

[-]

paul_33@reddit

This doesn't seem like an IT issue. I would give it to HR/Management and move on. I can't believe this is where we are at, insanity.

[-]

Smith6612@reddit

A computer can remove RAM from the pool if it detects a bad DIMM. Keep that in mind if you have an RMM Monitoring things. It may not be by bad intention if RAM just falls off a system like that. Obviously, disregarding the fact that a system can physically come back with less RAM than it was ordered with...

Also look into Chassis Intrusion Detection. Most business machines sold support it, and clearing the Chassis Intrusion alarm is very difficult if the machines also have a BIOS lock on them.

[-]

PosterAnt@reddit

They stopped beeping???

[-]

Smith6612@reddit

What do you mean? PCs can beep with a POST Error, but they can also block a DIMM slot from initializing (and they do usually beep with an error due to a change in memory) if there's a bad DIMM.

[-]

PosterAnt@reddit

We assembled 9 pcs at work today. We only had beeping and no boot when going through a bunch of maybe working RAM.

Never heard of initialisation block... Either it boots or it doesn't, incorrectly seated or not.

[-]

punkwalrus@reddit

In mid 1990s, I worked in an office where the Gateway computers (the moo cow print) were our office systems. The way the accessory plates for the ISA cards were, you could pop them out, and steal the RAM out of the back of the computers. Not easily, but a screwdriver would just pop off the case. We lost RAM and sound cards (remember those?) all the time.

Turned out it was the third party security company we hired. Ironic.

[-]

JimTheJerseyGuy@reddit

Wow! You just conjured a blast from the past!

I got called into the big VP's office circa 1996 to discuss how we might identify the thieves of a fuckton of RAM from a bunch of engineering workstation that were loaded out with a whole ***64 MB*** of RAM each.

Some asshole had come into the office space over a weekend just after we'd done a 16->64 MB upgrade (and the engineers where fucking ecstatic about it!) and cleaned out every single desktop and replaced the innards with a single 1 MB SIMM.

[-]

jmnugent@reddit

As someone who practices lock-picking,. I fully concur with the old adage "Locks only keep out the honest". Your typical keyed Masterlock is fairly easy to pick (fastest I've done one is about 30 seconds)

[-]

B4rberblacksheep@reddit

I can count on one hand the number of people I’ve encountered in my life who know how to pick locks, and if I take away the ones that work in IT that’s one person.

Just put padlocks on the damn cases it’ll be enough to deter people

[-]

jfernandezr76@reddit

LPL followers are everywhere

[-]

Sad-Branch-6927@reddit

Wow. Didn’t think of this being a problem at the work place. Most users I deal with wouldn’t be able to open the case let alone take the ram. Plus, my company is cheap and we are mostly running on ddr3 PCs.

[-]

GoodbyeIPv4@reddit

Solution: Can't steal ram from a thin client that connects to a VDI ;-)

[-]

bloodguard@reddit

Not just RAM.

A couple weekends ago a former coworker started getting dozens of "system down" alerts late at night. Around the same time he got a call that the office alarms had gone off, police were onsite and he needed to go in pronto.

Turns out (from camera footage) a group three people crow barred open the lobby door, made their way straight up two floors to an obscure door (crow barred open) that opened into their server room.

About 10 or so relatively new SuperMicro HPC Servers where yanked out of the racks and ferried out the door. Each with around 1TB of memory and packed with NVMe drives.

The way they made a beeline straight to the server room means it was either a current (or former) employee, a VAR tech or some other vendor (HVAC etc) that knew what kind of riches where in that room.

[-]

CountGeoffrey@reddit

i remember when RAM used to get stolen but don't remember how we fixed it. we didn't have MDM/RMM back then.

are we talking laptops or desktops? since you said desktops, maybe rig the cases with exploding dye pack or glitter. maybe spring loaded snakes are enough. or smear the ram sticks with feces. then put a "do not tamper" sticker on the case seam, as a deterrent.

i would just go with a kensington style lock ($40, probably $20 for a chinese variant and you don't care about the actual security retention aspect -- it's just a visual deterrent) and a tamper seal sticker.

you could also just tack weld the case shut. if you need to officially service it you'd just grind off the weld.

even cheaper replace 1-2 of the case screws with the kind that don't back out. again to service it you grind it off. drop a piece of paper inside 'fuck you thief prepare to die' or some other message.

[-]

Liquidennis@reddit

Give their workstations less ram per stick or older models. When they complain about the performance be honest and let them know it’s due to thievery in the workplace. Maybe that will motivate peers to be more vigilant.

[-]

jjaAK3eG@reddit

theft is not IT's problem. It doesn't matter what is being stolen.

[-]

catwiesel@reddit

I'll overlook that the customer wanted a lock and you put a alarm in the system somewhere, which, in theory, lets you know the next time its switched on when the ram is gone...

thats two entirely different things. and, ok, sure, maybe its valuable to get that email. but put the locks on. not only will they slow down, deter, but they might also cause the theft to be more intense since its not just taking something, but also breaking a security system to gain access to take something. you alert does nothing of those.

[-]

RememberCitadel@reddit

Just use a zip tie, pull it tight and clip the end. It's hard enough to remove that it's a good deterrent, and obvious if removed.

[-]

CptUnderpants-@reddit

You can get metal zip ties as well.

[-]

t53deletion@reddit

Locks keep out the honest people. Logs prove it happened. A broken lock shows it was intentional.

[-]

CptUnderpants-@reddit

Locks are security theatre, however it makes it clear that if someone does break/pick the lock they have no defense of "I was just looking, I didn't take the ram".

In some jurisdictions, a padlock is used to ensure that someone knows they shouldn't be somewhere, not to prevent them from getting there.

For example, our front gate has a padlock. You can easily jump the fence. But the big padlock preventing it being opened means the person knows or should have known they were not allowed there.

[-]

poro_8015@reddit

the RMM alert is smart, way better than padlocks. cameras near the workstations too?

[-]

Realistic_Mix3652@reddit

Your average office worker is not going to know how to pick a lock and if someone is smart enough to pick a lock they know that stealing a 300 dollar stick of RAM is not going to go away after they leave the company

[-]

Jerkface0079@reddit

Thank god for laptops with RAM embedded onto the mobo.

[-]

killer2239@reddit

I can see it now... PC manufacturers will use this as a reason to solder the ram on desktops.

[-]

the_doughboy@reddit

I thought this was solved a while back with soldered on RAM

[-]

AlThisLandIsBorland@reddit

So wouldn't putting a bios password on the machine solve this issue?

[-]

The_Wkwied@reddit

How is a bios password going to stop someone from physically taking something out of the device?

[-]

CeC-P@reddit (OP)

Because computers that ran a mini-memory check at startup could be configured to do this in the past.

[-]

BioshockEnthusiast@reddit

They could be configured to physically stop someone from removing components from a powered down PC?

[-]

Apachez@reddit

Didnt knew it was "open mic" this evening =)

[-]

CeC-P@reddit (OP)

For you young folks, yes, this would work in 2002 when RAM changes could be configured to cause a startup check pause and then a password wouldn't let them proceed.

[-]

JoeLaRue420@reddit

I have a feeling if someone is stealing ram out of machines they really wouldn't give a fuck if a machine boots back up after they've pilfered from it.

[-]

NoThatsNotPasta@reddit

So wouldn't putting a bios password on the machine solve this issue?

No.

If you work in IT you should be ashamed of yourself with that biblically stupid comment

[-]

CeC-P@reddit (OP)

Guys, this used to work a long time ago. I can't name an OEM computer that supports this now but it was a thing. BIOS changes including RAM level would require the BIOS password to bypass. Any computer that did a quick RAM check on boot could be configured to do this.

I suspect maybe Dell has a tamper setting for this that would route to the BIOS pass tripping, maybe.

[-]

mahsab@reddit

How does password prevent someone from stealing RAM?

[-]

linoleumknife@reddit

Well how are you supposed to install your downloaded RAM without access to the BIOS?

[-]

NFX_7331@reddit

/r/ShittySysadmin

[-]

Sneeuwvlok@reddit

gif

^(\^)

[-]

bonfire57@reddit

Yes, just like deleting files will make a laptop lighter

[-]

AggravatingMap3086@reddit

... No.

[-]

simAlity@reddit

I think I lost brain cells reading this.

[-]

Kodiak01@reddit

My company won't have that problem because they barely put enough RAM to make things work to begin with!

God forbid I try to open two Excel spreadsheets at once...

[-]

tdmsbn@reddit

Once had the execs demand more ram for their projects and whatever which then made it impossible for any of their underlings to load any of these massive data sheets because nobody had enough ram but the managers.

[-]

Kodiak01@reddit

What really gets me is that they offer dual screens to anyone that wants them, and most people say no even to that!

Me, I could use at least two MORE... They'd even let me drill into the concrete walls myself just to put up the mounts.

[-]

andragoras@reddit

jokes on them. we're running DDR3

[-]

Rustyshackilford@reddit

Wait, I could be collecting RAM from all these users??? 😈😈😈

[-]

UnicornFartSmelzGood@reddit

JB Weld. Good luck getting that stick of ram out of a case that's welded shut.

[-]

AcidBuuurn@reddit

JB??? You can buy a real welder from Harbor Freight for $99. Your break-even would depend on if the JB dries out or not.

[-]

marklein@reddit

I saw a real welder on Amazon for $40. I'm sure it could weld a PC case quite solidly.

[-]

AcidBuuurn@reddit

So when I got my welder from Harbor freight I actually tested it on a PC case I had laying around and it was more difficult than you might expect. I essentially cut the case door (panel?) in half with tin snips then attempted to weld it back together at an angle. It sort of worked but the metal was so thin it also was very difficult to keep a bead and not burn through.

[-]

krodders@reddit

I had to do this for a customer. I ended up storing the RAM serial numbers in an RMM field, and alerting on changes

Here's the command that I worked from (obviously I didn't store the whole table):

Get-CimInstance win32_physicalmemory | Format-Table Manufacturer,Banklabel,Configuredclockspeed,Devicelocator,Capacity,Serialnumber -autosize

[-]

czj420@reddit

https://www.globalindustrial.com/p/mobile-security-lcd-computer-cabinet-black-2

[-]

JohnnyFnG@reddit

We have a strict policy for computers aging out, strip them for parts and reuse them for other computers soon to be aging out that are of the same generation of RAM and MOBO. If a computer is to be refreshed and it hits the depot without basic parts, we look up the last tech to work on the workstation. Fortunately in healthcare IT, staff couldn’t be bothered to learn where the power button is, let alone take parts out of the computer. More techy savvy teams know better, as we’ll be less likely to give them newer machines at enterprise cost when they hinder our budgets by stripping their hand me downs.

[-]

lazylion_ca@reddit

Suddenly Apple soldering their ram in doesn't seem like such a bad idea.

[-]

Apachez@reddit

"we can't really prove it but we're 99% sure someone stole a stick"

Well, perhaps you cant prove WHO stole it but you really say you cant tell IF it were stolen?

Just compare to the invoice when the box was bought and later on check the inventory system who I assume would map at least once a week the stats of your devices?

This way you can pinpoint down to which day or at least week when RAM suddently disappeared from a client.

[-]

CeC-P@reddit (OP)

The time is within a 5 minute polling interval so if the person was in their office on the cameras and nobody else walked in and their system rebooted during that time, it's not a mystery who took it. In most cases, we could contact security and the person would be intercepted and searched before they leave the building.

[-]

rswwalker@reddit

Yeah but if they leave the PC off then it becomes a little harder to pin down exactly when it happened. Maybe a thief looks for PCs that have been powered off.

[-]

Apachez@reddit

Around here you cant just have cameras running on people everywhere.

Also searching someone out of the blue will get you as employer into troubles aswell. Specially given the fact that the stick is somewhat easy to hide (like put it in some drawer or whatever and pick it up later) so what do you do when you now have stopped and searched and didnt find anything on this person?

You really should start talking with your employees so they dont steal from you to begin with rather than trying to do the cat vs mouse hunt where the only one who will be losing is you.

[-]

ludlology@reddit

my memories of rambus are being triggered

[-]

ShermansWorld@reddit

Yes... I put in that rmm rule at every site. Yes... Uptick in RAM theft, middle of the night/late in the day. 50% of the time it's the cleaners... The others it's the employees... We cross reference with the door pass access. Interestingly, every has found a way to avoid the cameras.

[-]

XB_Demon1337@reddit

I steal RAM from machines we are sending to recycle. I have about 40 sticks of the laptop style RAM. All 8G or 16G DDR4.

[-]

SuperWarning6038@reddit

We had 40 news finance pc’s prepped by this one tech who gave his notice. He deployed them as part of his last weeks work and it wasn’t until a month later when users got memory allocation errors did we notice he took 2/256GB chips out of each computer.

[-]

ASentientRailgun@reddit

To be fair, that dollar store padlock would still stop most of this. Even a low barrier will stop most people.

The ones dedicated enough to pop off the lock will probably pull shenanigans with any system you put in place that isn't ironclad. Maybe literally ironclad, in this context.

There's a cost/benefit curve here that the shitty padlocks fall nicely into for most businesses with this problem.

Fuckin insane we're talking about this, though. RAM was so cheap a few years ago, I feel like a crazy person every time I point out that this is the first year over year price increase ever

[-]

gptbuilder_marc@reddit

Hard-coding the RAM threshold in an RMM alert is smart, but the gap between detecting the theft and proving it to a client for chargeback is where that workaround breaks. The alert tells you something happened, not who did it.

[-]

ncc74656m@reddit

Log full shutdowns, too. It's not exactly "simples" but it at least lets you know when it PROBABLY happened if it boots up with a different quantity of RAM.

[-]

brendanprice2003@reddit

Unfortunately, education institutions with students taking Computer Science classes; they all know what RAM is. Only recently have students, at the college I work at, have started to steal RAM from our newly-deployed and purchased machines.

Tis nothing but a classroom management thing. Keep control of your students, don’t leave them unattended, use paxton readers on your rooms, leave rooms locked when not in use, etc.

[-]