@Wizzadry If you used an "Advanced recovery" option that performed a restore from a baseline state on the hard drive itself rather than installing from bootable Windows installation media that you created, then it's possible that the baseline state was customized by your IT department. If you want to truly set up your system from scratch, download Windows 10 directly from Microsoft here and use the Media Creation Tool that you'll get from that site to create a bootable USB flash drive that will allow you to install a truly unmodified version of Windows 10. At the step in Windows Setup asking you where to install Windows, choose to delete each existing partition on your disk until the entire disk just shows up as a single "Unallocated space" entry, and install there.
Apart from that, the only remote access capability I'm aware of that would survive a proper format would be Intel vPro, which is embedded into the firmware and is designed to allow remote control even outside the OS, i.e. including the ability to remotely power the system on (as long as it's connected to power) and even install the OS. But that wouldn't work over the Internet unless you actually opened up the necessary ports for it on your firewall, which would be a very bad idea.
Even if you don't have automatic power-on enabled, do you have the option to return to "Last State" or "Power On" after a loss of power? If so, then that might have triggered that behavior. Otherwise, certain Windows scheduled tasks can be configured to allow waking up your system in order to run if it's asleep and maybe even if it's hibernated (not sure), so that might have caused it. Apart from that, are you absolutely certain nobody else in your home or wherever you are might have turned it on somehow?
For the background change, if it wasn't another person or the normal behavior of the slideshow capability built into Windows, I suppose malware is a possibility.
WiFi becoming disabled could have been the result of a background driver update from either Windows Update or Dell Update, or accidentally triggering Airplane Mode.
The fact that Dell Command applications are installed does not mean someone is actively controlling the system. Dell Command applications CAN be used for that purpose, but that doesn't mean somebody is still doing that.
BitLocker Recovery Key prompts can occur after certain operations such as a BIOS update that might have occurred and would have required a restart. The basic reason is that certain changes to the hardware or firmware state of the system relative to the state trusted by the TPM will cause the TPM's "platform integrity check" to fail, and at that point it will not release the decryption key itself as it normally does, which is why you then get prompted to provide a Recovery Key. If you provide it, then the TPM will "re-seal" to that new state and trust it going forward. Another possible cause would be clearing the TPM, in which case the TPM wouldn't have a key to release in the first place. But if you don't have the correct Recovery Key, then unless you can undo whatever hardware/firmware change caused the prompt to appear in the first place (which isn't an option if the problem is that the TPM was cleared), then the data would effectively be lost and you would indeed have to set up the system from scratch.
As for you saying, "I require this issue to be escalated and require someone to assist me," first of all this forum is primarily for user-to-user support. There are some Dell Support reps here, but they tend to provide basic troubleshooting and answers to basic questions, and in any case, you simply posting that you "require" assistance isn't going to make anyone feel obligated to fulfill that requirement -- in fact it's probably more likely to provoke the opposite response compared to simply REQUESTING assistance. Same goes for "confronting" your IT department. I've worked in various IT roles for 15 years, and if you had come to me with this set of evidence as your basis for "confronting" me about alleged remote access by my department on a system that had been gifted to you by my department, I'd have a few thoughts, to say the least. If on the other hand you had asked for help resolving some strange behavior you were encountering, I might be inclined to help out, or at least suggest what you could do to wipe your system yourself -- as I did.
So on that note, once again given everything you've experienced, I would start by reinstalling Windows from scratch using bootable media that you yourself created from an application provided directly by Microsoft. If you aren't confident you'd be able to do that yourself, then considering that you're willing to pay, ask a tech-savvy contact or an actual PC repair shop to do this for you.
@Wizzadry Happy to try to help, and I understand that if you believe someone is spying on you, then that would be highly stressful and uncomfortable. But maybe I have a soft spot here since I work in IT myself, but jumping to confronting your former IT department over alleged spying on you is not something that should ever be done lightly. It's true that IT people in order to do their jobs get a lot of power, and just as with any industry, there will always be some people who abuse that power -- and unfortunately they'll be the ones that everyone hears about, because the world loves a good scandal -- but there are a lot MORE people who take their jobs and the extremely high level of trust that has been placed in them seriously because they have a strong sense of integrity, and those people can be very sensitive to allegations of unprofessional, improper behavior without any clear evidence, or at least evidence that has other much more benign explanations.
As to your questions, I'm not sure I understand what you mean by asking if you could recreate the access that previously allowed your system to be controlled by your organization, partly because I'm not sure why you would WANT to recreate a remote management capability given that that's what you wanted to avoid in the first place. Whether it would even be POSSIBLE for your IT organization to manage that system remotely, and to what degree, would first depend on what sorts of tools they used. But before that could even happen, you'd need to install something or join your computer to their Active Directory domain or something. It wouldn't just "happen".
I haven't studied the Dell Command suite of applications in detail for a while, but last I checked it was focused around deploying enterprise-customized Windows "images" to new systems and managing the distribution and installation of things like driver and firmware updates. I'm pretty sure Dell has not gotten into the business of developing software to allow organizations to spy on their employees. You can read about the various Dell Command applications here. Even Dell Command | Monitor that talks about gathering information seems to be focused on gathering system health and diagnostic information, i.e. "This laptop's hard drive is predicted to fail," or "Here are the results of a diagnostic I just ran so that you [IT department] can contact Dell to troubleshoot a problem on behalf of the employee."
As for WiFi, I'm not sure what happened there either, but it someone wanted to monitor or control your system, killing your WiFi connection would seem adverse to their interests. But if you were connected to wired Ethernet at the same time, then Windows itself will sometimes turn off WiFi when it detects an Ethernet connection to the same network. But obviously I can't say for sure what happened there.
Anyhow, glad to hear that things seem to be functioning normally now that you've performed a fresh reinstall from Microsoft-provided Windows installation media. Hopefully things stay that way.
I appreciate the detailed response and proposed suggestions with regards to my situation.
Unfortunately I wasn't able to phrase my situation eloquently given the fact that I felt an extreme sense of privacy violation, my apologies if I came across crass.
With regards to your post:
" If you want to truly set up your system from scratch, download Windows 10 directly from Microsoft here and use the Media Creation Tool that you'll get from that site to create a bootable USB flash drive that will allow you to install a truly unmodified version of Windows 10. At the step in Windows Setup asking you where to install Windows, choose to delete each existing partition on your disk until the entire disk just shows up as a single "Unallocated space" entry, and install there."
I have done this since the format and it seems system is behaving normally, on side note if I restored from this system to baseline system, would I be able to recreate the access that was previously set to be under organization's control?
"Apart from that, are you absolutely certain nobody else in your home or wherever you are might have turned it on somehow?"
I dont think this is possibility as I had laptop lying on night stand next to me. It literally powered on by itself.
"The fact that Dell Command applications are installed does not mean someone is actively controlling the system. Dell Command applications CAN be used for that purpose, but that doesn't mean somebody is still doing that."
When you say "CAN" would the access level be full system access? e.g be able to access my logged in Google account, Drive, Browsing history and passwords? Or is it system level e.g driver related, BIOS, firmware etc.
"WiFi becoming disabled could have been the result of a background driver update from either Windows Update or Dell Update, or accidentally triggering Airplane Mode."
Its possible Windows update was downloading in back ground, however no changes were being made at time the wifi connection in bottom right appeared as disabled. It was during active Skype call where i was merely talking to the IT officer.
Once again I appreciate feedback you have given thus far, I was not sure how "community" functioned, I am glad you clarified situation.
jphughan
9 Legend
•
14K Posts
1
May 16th, 2020 11:00
@Wizzadry If you used an "Advanced recovery" option that performed a restore from a baseline state on the hard drive itself rather than installing from bootable Windows installation media that you created, then it's possible that the baseline state was customized by your IT department. If you want to truly set up your system from scratch, download Windows 10 directly from Microsoft here and use the Media Creation Tool that you'll get from that site to create a bootable USB flash drive that will allow you to install a truly unmodified version of Windows 10. At the step in Windows Setup asking you where to install Windows, choose to delete each existing partition on your disk until the entire disk just shows up as a single "Unallocated space" entry, and install there.
Apart from that, the only remote access capability I'm aware of that would survive a proper format would be Intel vPro, which is embedded into the firmware and is designed to allow remote control even outside the OS, i.e. including the ability to remotely power the system on (as long as it's connected to power) and even install the OS. But that wouldn't work over the Internet unless you actually opened up the necessary ports for it on your firewall, which would be a very bad idea.
Even if you don't have automatic power-on enabled, do you have the option to return to "Last State" or "Power On" after a loss of power? If so, then that might have triggered that behavior. Otherwise, certain Windows scheduled tasks can be configured to allow waking up your system in order to run if it's asleep and maybe even if it's hibernated (not sure), so that might have caused it. Apart from that, are you absolutely certain nobody else in your home or wherever you are might have turned it on somehow?
For the background change, if it wasn't another person or the normal behavior of the slideshow capability built into Windows, I suppose malware is a possibility.
WiFi becoming disabled could have been the result of a background driver update from either Windows Update or Dell Update, or accidentally triggering Airplane Mode.
The fact that Dell Command applications are installed does not mean someone is actively controlling the system. Dell Command applications CAN be used for that purpose, but that doesn't mean somebody is still doing that.
BitLocker Recovery Key prompts can occur after certain operations such as a BIOS update that might have occurred and would have required a restart. The basic reason is that certain changes to the hardware or firmware state of the system relative to the state trusted by the TPM will cause the TPM's "platform integrity check" to fail, and at that point it will not release the decryption key itself as it normally does, which is why you then get prompted to provide a Recovery Key. If you provide it, then the TPM will "re-seal" to that new state and trust it going forward. Another possible cause would be clearing the TPM, in which case the TPM wouldn't have a key to release in the first place. But if you don't have the correct Recovery Key, then unless you can undo whatever hardware/firmware change caused the prompt to appear in the first place (which isn't an option if the problem is that the TPM was cleared), then the data would effectively be lost and you would indeed have to set up the system from scratch.
As for you saying, "I require this issue to be escalated and require someone to assist me," first of all this forum is primarily for user-to-user support. There are some Dell Support reps here, but they tend to provide basic troubleshooting and answers to basic questions, and in any case, you simply posting that you "require" assistance isn't going to make anyone feel obligated to fulfill that requirement -- in fact it's probably more likely to provoke the opposite response compared to simply REQUESTING assistance. Same goes for "confronting" your IT department. I've worked in various IT roles for 15 years, and if you had come to me with this set of evidence as your basis for "confronting" me about alleged remote access by my department on a system that had been gifted to you by my department, I'd have a few thoughts, to say the least. If on the other hand you had asked for help resolving some strange behavior you were encountering, I might be inclined to help out, or at least suggest what you could do to wipe your system yourself -- as I did.
So on that note, once again given everything you've experienced, I would start by reinstalling Windows from scratch using bootable media that you yourself created from an application provided directly by Microsoft. If you aren't confident you'd be able to do that yourself, then considering that you're willing to pay, ask a tech-savvy contact or an actual PC repair shop to do this for you.
jphughan
9 Legend
•
14K Posts
0
May 17th, 2020 11:00
@Wizzadry Happy to try to help, and I understand that if you believe someone is spying on you, then that would be highly stressful and uncomfortable. But maybe I have a soft spot here since I work in IT myself, but jumping to confronting your former IT department over alleged spying on you is not something that should ever be done lightly. It's true that IT people in order to do their jobs get a lot of power, and just as with any industry, there will always be some people who abuse that power -- and unfortunately they'll be the ones that everyone hears about, because the world loves a good scandal -- but there are a lot MORE people who take their jobs and the extremely high level of trust that has been placed in them seriously because they have a strong sense of integrity, and those people can be very sensitive to allegations of unprofessional, improper behavior without any clear evidence, or at least evidence that has other much more benign explanations.
As to your questions, I'm not sure I understand what you mean by asking if you could recreate the access that previously allowed your system to be controlled by your organization, partly because I'm not sure why you would WANT to recreate a remote management capability given that that's what you wanted to avoid in the first place. Whether it would even be POSSIBLE for your IT organization to manage that system remotely, and to what degree, would first depend on what sorts of tools they used. But before that could even happen, you'd need to install something or join your computer to their Active Directory domain or something. It wouldn't just "happen".
I haven't studied the Dell Command suite of applications in detail for a while, but last I checked it was focused around deploying enterprise-customized Windows "images" to new systems and managing the distribution and installation of things like driver and firmware updates. I'm pretty sure Dell has not gotten into the business of developing software to allow organizations to spy on their employees. You can read about the various Dell Command applications here. Even Dell Command | Monitor that talks about gathering information seems to be focused on gathering system health and diagnostic information, i.e. "This laptop's hard drive is predicted to fail," or "Here are the results of a diagnostic I just ran so that you [IT department] can contact Dell to troubleshoot a problem on behalf of the employee."
As for WiFi, I'm not sure what happened there either, but it someone wanted to monitor or control your system, killing your WiFi connection would seem adverse to their interests. But if you were connected to wired Ethernet at the same time, then Windows itself will sometimes turn off WiFi when it detects an Ethernet connection to the same network. But obviously I can't say for sure what happened there.
Anyhow, glad to hear that things seem to be functioning normally now that you've performed a fresh reinstall from Microsoft-provided Windows installation media. Hopefully things stay that way.
Wizzadry
1 Rookie
•
2 Posts
0
May 17th, 2020 11:00
I appreciate the detailed response and proposed suggestions with regards to my situation.
Unfortunately I wasn't able to phrase my situation eloquently given the fact that I felt an extreme sense of privacy violation, my apologies if I came across crass.
With regards to your post:
" If you want to truly set up your system from scratch, download Windows 10 directly from Microsoft here and use the Media Creation Tool that you'll get from that site to create a bootable USB flash drive that will allow you to install a truly unmodified version of Windows 10. At the step in Windows Setup asking you where to install Windows, choose to delete each existing partition on your disk until the entire disk just shows up as a single "Unallocated space" entry, and install there."
I have done this since the format and it seems system is behaving normally, on side note if I restored from this system to baseline system, would I be able to recreate the access that was previously set to be under organization's control?
"Apart from that, are you absolutely certain nobody else in your home or wherever you are might have turned it on somehow?"
I dont think this is possibility as I had laptop lying on night stand next to me. It literally powered on by itself.
"The fact that Dell Command applications are installed does not mean someone is actively controlling the system. Dell Command applications CAN be used for that purpose, but that doesn't mean somebody is still doing that."
When you say "CAN" would the access level be full system access? e.g be able to access my logged in Google account, Drive, Browsing history and passwords? Or is it system level e.g driver related, BIOS, firmware etc.
"WiFi becoming disabled could have been the result of a background driver update from either Windows Update or Dell Update, or accidentally triggering Airplane Mode."
Its possible Windows update was downloading in back ground, however no changes were being made at time the wifi connection in bottom right appeared as disabled. It was during active Skype call where i was merely talking to the IT officer.
Once again I appreciate feedback you have given thus far, I was not sure how "community" functioned, I am glad you clarified situation.