Marking an endpoint as retired in the asset register changes a single row in a table; it does not persuade the device to relinquish the bytes it already holds. The residual exposure tends to come in three layers. The first layer is plaintext content sitting in the working directories \u2014 desktop folders, downloads, application caches \u2014 where contract attachments, quotes, and design drafts accumulate over years of normal use. The second layer is credential cache: the offline mailbox of the mail client, the corporate passwords remembered by the browser, the long-lived tokens minted for VPN concentrators and source repositories. The third layer is content protected by disk encryption whose keys still live inside the TPM or the local keystore; as long as the operating system can boot and a local login completes, the very transparency of disk encryption makes the data easier to read, not harder. The moment the device is kept by a former employee, handed over to a relative, parked at a repair shop, or simply lost in a public space, all three layers fall outside enterprise control. The Ping64 remote wipe module exists precisely to close the gap between an asset that has left and the data that has not, by turning the wipe action into a managed task in the console rather than a one-off script or a verbal request to operations. Before stepping into specific scenarios, the different shapes of “uncontrolled” need to be untangled, otherwise the same level of force is applied to endpoints that deserve very different treatment.<\/p>\n
Long-Offline Devices, Ownership Reconciliation, and Choosing the Right Scope<\/strong><\/h4>\nRetirement is not a single shape. The Ping64 remote wipe task offers two trigger modes \u2014 execute now and execute at a specified time \u2014 and the choice between them maps directly to how lost the endpoint actually is. For an employee who has just submitted notice and whose endpoint still checks in every day, the administrator can comfortably follow the standard flow: freeze ownership in hardware assets first, then create the wipe task and let it fire at a chosen time on the chosen day. For an endpoint that has been off the corporate network for weeks and only reconnects intermittently, the better approach is to publish the task ahead of time and let the time basis fall on the endpoint’s local clock so that the task fires as soon as the device comes back, rather than missing the brief window. Ownership reconciliation is the easily forgotten piece of pre-work. If the hardware asset record still lists the original user, the report number generated by the wipe task will be tied to the wrong person, and an audit reviewer reading that record months later will see noise rather than a clean trail. Updating ownership and status in hardware assets before the wipe is filed is what keeps the resulting report defensible.<\/p>\n
Scope selection deserves the same attention. The Ping64 wipe wizard opens with a “select type” step that exposes three actions: reset the operating system while preserving user data, delete all files and reset the system, and erase all data with a best-effort attempt to reset the system afterwards. The first option suits the case where a returned device is being prepared for a new user and the goal is to remove configuration drift and software residue without losing handover material. The second is the standard offboarding choice \u2014 both corporate content and the operating system are returned to factory state. The third is reserved for theft, resale, and devices that will not be physically recovered; it overwrites more aggressively, takes considerably longer, and may leave the machine unbootable, which in those scenarios is acceptable. When Ping64 full-disk encryption is in play, the more aggressive wipe also damages the encrypted volume’s metadata so that even pulling the disk and mounting it elsewhere does not yield readable content. Finally there is the receipt: an online endpoint reports back immediately, an offline endpoint reports back the moment it reconnects, and the Ping64 task list captures the transition from pending to running to succeeded or failed, attaching a report number to each execution. That report number is what the compliance team and the legal team will eventually quote. With those decisions made up front, the rest is mechanical work in the console.<\/p>\n
Running a Full Remote Wipe Inside the Ping64 Console<\/strong><\/h4>\nWhat follows is the end-to-end path a security administrator can take, anchored on pages, buttons, and result views that exist in the Ping64 console. Each step pairs the place to act, the thing to configure, the targets affected, and the way to verify it landed.<\/p>\n
![\"Ping64](\"https:\/\/www.nsecsoft.com\/en\/wp-content\/uploads\/2026\/04\/Ping64-hardware.png\")
<\/p>\n
Step 1 Freeze Ownership in Hardware Assets<\/strong><\/p>\nOpen the left-hand navigation in the Ping64 console, expand endpoint management, and choose hardware assets. Locate the target machine in the list by endpoint name, IP, or owning department, then open the hardware information detail page. Confirm that the current owner, group, operating system, and last-online timestamp match the offboarding or loss record. If ownership has drifted, update the owner and status on this page so that the device is marked as offboarded or retired before any wipe task is filed. The intent of this step is to make sure the report number that the upcoming wipe task generates is tied to the right person, so that audit trails do not implicate the wrong owner months later. The verification is to return to the hardware assets list, filter by the new owner, and confirm the endpoint surfaces in the retired or offboarded view with a last-online timestamp consistent with the wipe window the administrator plans to use.<\/p>\n
Step 2 Create the Wipe Task in the Remote Wipe Module<\/strong><\/p>\nSwitch the left-hand navigation to remote wipe under endpoint management to land on the task list page. Click the new task action in the top right; the console opens the create remote wipe task wizard. The first wizard step is type selection. Apply the choice already made in the previous section: pick reset system only when the device is going back into the pool, pick delete all files and reset for normal offboarding, and pick erase all data with reset attempt for lost or stolen devices. The object of this step is the policy intent that is about to be issued, and the verification is to read the description that appears on the right-hand preview to confirm it matches the chosen scope before clicking next.<\/p>\n
Step 3 Pick the Endpoints and Set the Wipe Time<\/strong><\/p>\nThe second wizard step is endpoint selection, which fixes the targets the task will act on. Use the endpoint picker to filter by department tree or endpoint name, tick the target machines, and the bottom-right of the wizard will show the count of selected endpoints together with the online\/offline split. For lost-device cases an offline count above zero is exactly the point of the exercise. Move to the third step for wipe details. Enter a task name that will be searchable in the task list and in audit views later. Choose the execution mode: execute now is appropriate for endpoints reliably online inside the corporate network, while execute at a specified time, with the time basis switched to use the endpoint’s local clock, suits cross-time-zone or long-offline endpoints because it eliminates the risk of missing the window because of clock drift between server and device. Click create to commit. The objects affected by this step are the endpoints that were ticked, and the verification is to return to the remote wipe task list, see the new task at the top, confirm its status reads pending, and confirm its task type matches the scope that was selected.<\/p>\n
Step 4 Track Receipts and File the Wipe Report<\/strong><\/p>\nClick the task name in the Ping64 remote wipe task list to open the remote wipe detail page. The page shows one execution row per endpoint with endpoint name, department, IP, operating system, start time, end time, status, and report number. Online endpoints typically move quickly from running to succeeded, while offline endpoints stay at pending until they reconnect to Ping64. The detail page exposes print report and export report actions that produce a receipt carrying the report number, suitable for compliance archiving on a per-endpoint basis. For any endpoint that records a failed status, cross-reference the endpoint logs module under endpoint management to identify the failure cause and decide whether to reissue the task or to switch to an offline disposition. The verification marker for this step is concrete: every targeted endpoint has a final status row in the detail page bound to a report number, and the report can actually be exported.<\/p>\n
Step 5 The Alternative Path for Long-Offline and Unrecoverable Devices<\/strong><\/p>\nNot every task reaches a receipt. For endpoints that are effectively beyond recovery \u2014 missing for months without a reconnect, sold on the second-hand market, or simply withheld by an unwilling former employee \u2014 the administrator should leave the Ping64 remote wipe task in pending and start an alternative path in parallel. The first alternative is to lean on Ping64 full-disk encryption. Open data encryption and then the full-disk encryption module, revoke the encryption key bound to that endpoint, and clear the key cache on the server side; even if the device returns to a network later, it will not be able to unlock the local encrypted volume. The second alternative is to mark the endpoint as lost in hardware assets and freeze its sync and communication permissions, ensuring it cannot reach corporate resources should it ever come back. Finally, query the Ping64 audit center for the three categories of records related to the device \u2014 the remote wipe task, the key revocation, and the asset status change \u2014 and file all three together in the incident disposition report. This alternative path does not depend on whether the wipe ultimately lands; it severs access from the enterprise side and produces a defensible conclusion for the compliance and legal teams.<\/p>\n
Turning Retirement into an Auditable Security Asset<\/strong><\/p>\nRemote wipe is not a one-shot reaction; it is the last gate in the lifecycle of a managed endpoint. By turning the wipe into a task with a chosen scope and an archivable receipt, Ping64 lets the security team record how every offboarded endpoint was treated and lets it cite a specific report number and execution time during annual audits, regulatory reviews, and employee disputes. Combined with ownership freezing in hardware assets, execution tracing in the UEM logs, and key revocation in full-disk encryption, Ping64 stops “data offboarding” from depending on the conscientiousness of any single operator and instead places it on the standard navigation flow and the trail mechanisms inside the console. When the organization grows into harder shapes \u2014 cross-border deployments, mergers and acquisitions, shared workstations \u2014 the same triplet of remote wipe, scope selection, and the long-offline alternative path still applies, with only the trigger cadence and archival expectations adjusting. The loop that Ping64 settles inside the console is what finally pulls the last mile of a lost endpoint back into a range that is visible, controllable, and demonstrable, and it is what gives the security administrator a stable footing when the next unknown risk arrives.<\/p>\n","protected":false},"excerpt":{"rendered":"
When an endpoint disappears from the corporate network, […]<\/p>\n","protected":false},"author":2,"featured_media":1170,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1235","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-default"],"_links":{"self":[{"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/posts\/1235","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/comments?post=1235"}],"version-history":[{"count":1,"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/posts\/1235\/revisions"}],"predecessor-version":[{"id":1237,"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/posts\/1235\/revisions\/1237"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/media\/1170"}],"wp:attachment":[{"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/media?parent=1235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/categories?post=1235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/tags?post=1235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
What follows is the end-to-end path a security administrator can take, anchored on pages, buttons, and result views that exist in the Ping64 console. Each step pairs the place to act, the thing to configure, the targets affected, and the way to verify it landed.<\/p>\n
<\/p>\n
Step 1 Freeze Ownership in Hardware Assets<\/strong><\/p>\n Open the left-hand navigation in the Ping64 console, expand endpoint management, and choose hardware assets. Locate the target machine in the list by endpoint name, IP, or owning department, then open the hardware information detail page. Confirm that the current owner, group, operating system, and last-online timestamp match the offboarding or loss record. If ownership has drifted, update the owner and status on this page so that the device is marked as offboarded or retired before any wipe task is filed. The intent of this step is to make sure the report number that the upcoming wipe task generates is tied to the right person, so that audit trails do not implicate the wrong owner months later. The verification is to return to the hardware assets list, filter by the new owner, and confirm the endpoint surfaces in the retired or offboarded view with a last-online timestamp consistent with the wipe window the administrator plans to use.<\/p>\n Step 2 Create the Wipe Task in the Remote Wipe Module<\/strong><\/p>\n Switch the left-hand navigation to remote wipe under endpoint management to land on the task list page. Click the new task action in the top right; the console opens the create remote wipe task wizard. The first wizard step is type selection. Apply the choice already made in the previous section: pick reset system only when the device is going back into the pool, pick delete all files and reset for normal offboarding, and pick erase all data with reset attempt for lost or stolen devices. The object of this step is the policy intent that is about to be issued, and the verification is to read the description that appears on the right-hand preview to confirm it matches the chosen scope before clicking next.<\/p>\n Step 3 Pick the Endpoints and Set the Wipe Time<\/strong><\/p>\n The second wizard step is endpoint selection, which fixes the targets the task will act on. Use the endpoint picker to filter by department tree or endpoint name, tick the target machines, and the bottom-right of the wizard will show the count of selected endpoints together with the online\/offline split. For lost-device cases an offline count above zero is exactly the point of the exercise. Move to the third step for wipe details. Enter a task name that will be searchable in the task list and in audit views later. Choose the execution mode: execute now is appropriate for endpoints reliably online inside the corporate network, while execute at a specified time, with the time basis switched to use the endpoint’s local clock, suits cross-time-zone or long-offline endpoints because it eliminates the risk of missing the window because of clock drift between server and device. Click create to commit. The objects affected by this step are the endpoints that were ticked, and the verification is to return to the remote wipe task list, see the new task at the top, confirm its status reads pending, and confirm its task type matches the scope that was selected.<\/p>\n Step 4 Track Receipts and File the Wipe Report<\/strong><\/p>\n Click the task name in the Ping64 remote wipe task list to open the remote wipe detail page. The page shows one execution row per endpoint with endpoint name, department, IP, operating system, start time, end time, status, and report number. Online endpoints typically move quickly from running to succeeded, while offline endpoints stay at pending until they reconnect to Ping64. The detail page exposes print report and export report actions that produce a receipt carrying the report number, suitable for compliance archiving on a per-endpoint basis. For any endpoint that records a failed status, cross-reference the endpoint logs module under endpoint management to identify the failure cause and decide whether to reissue the task or to switch to an offline disposition. The verification marker for this step is concrete: every targeted endpoint has a final status row in the detail page bound to a report number, and the report can actually be exported.<\/p>\n Step 5 The Alternative Path for Long-Offline and Unrecoverable Devices<\/strong><\/p>\n Not every task reaches a receipt. For endpoints that are effectively beyond recovery \u2014 missing for months without a reconnect, sold on the second-hand market, or simply withheld by an unwilling former employee \u2014 the administrator should leave the Ping64 remote wipe task in pending and start an alternative path in parallel. The first alternative is to lean on Ping64 full-disk encryption. Open data encryption and then the full-disk encryption module, revoke the encryption key bound to that endpoint, and clear the key cache on the server side; even if the device returns to a network later, it will not be able to unlock the local encrypted volume. The second alternative is to mark the endpoint as lost in hardware assets and freeze its sync and communication permissions, ensuring it cannot reach corporate resources should it ever come back. Finally, query the Ping64 audit center for the three categories of records related to the device \u2014 the remote wipe task, the key revocation, and the asset status change \u2014 and file all three together in the incident disposition report. This alternative path does not depend on whether the wipe ultimately lands; it severs access from the enterprise side and produces a defensible conclusion for the compliance and legal teams.<\/p>\n Turning Retirement into an Auditable Security Asset<\/strong><\/p>\n Remote wipe is not a one-shot reaction; it is the last gate in the lifecycle of a managed endpoint. By turning the wipe into a task with a chosen scope and an archivable receipt, Ping64 lets the security team record how every offboarded endpoint was treated and lets it cite a specific report number and execution time during annual audits, regulatory reviews, and employee disputes. Combined with ownership freezing in hardware assets, execution tracing in the UEM logs, and key revocation in full-disk encryption, Ping64 stops “data offboarding” from depending on the conscientiousness of any single operator and instead places it on the standard navigation flow and the trail mechanisms inside the console. When the organization grows into harder shapes \u2014 cross-border deployments, mergers and acquisitions, shared workstations \u2014 the same triplet of remote wipe, scope selection, and the long-offline alternative path still applies, with only the trigger cadence and archival expectations adjusting. The loop that Ping64 settles inside the console is what finally pulls the last mile of a lost endpoint back into a range that is visible, controllable, and demonstrable, and it is what gives the security administrator a stable footing when the next unknown risk arrives.<\/p>\n","protected":false},"excerpt":{"rendered":" When an endpoint disappears from the corporate network, […]<\/p>\n","protected":false},"author":2,"featured_media":1170,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1235","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-default"],"_links":{"self":[{"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/posts\/1235","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/comments?post=1235"}],"version-history":[{"count":1,"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/posts\/1235\/revisions"}],"predecessor-version":[{"id":1237,"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/posts\/1235\/revisions\/1237"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/media\/1170"}],"wp:attachment":[{"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/media?parent=1235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/categories?post=1235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nsecsoft.com\/en\/wp-json\/wp\/v2\/tags?post=1235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}