Forum Discussion
Factory Reset Windows 10 without user intervention
I've looked for this answer online and have come across the "systemreset -factoryreset" command which works, but it comes up with the prompt asking if I want to keep my files or remove everything, I want to remove everything, but without the prompt.
We are not doing this from any pre-exiting images, and our laptops are running the pre-loaded Windows 10 Pro install, we are just using the in-built Windows 10 "reset this PC" feature as we have no MDM configured. We just want the laptops to be totally reset so they don't contain any company information, we're not bothered about completing the OOBE once they are wiped.
We are trying to accomplish this remotely as our users are all at home, so I need to automate it and have no user involvement in the process, I just want it to factory reset, and bring the laptop up to the off-the-shelf state configuration. We have the facility to push commands and scripts to the laptops so was hoping to do this via powershell.
Does anyone know if this is possible?
Thanks
26 Replies
- MousefluffIron Contributor
I would just make a program that uses the PowerShell API / ConPTY API, and have it make the changes for you unattended utilizing the servicing stack. Normally you change the policy with a SCAP profile based on the NIST one, which you could pick and choose various options from the accepted defaults located in the Microsoft Security Compliance Toolkit 1.x (which is the most common way of doing it, being sure to harden services and the network stack at the same time.) The first step obviously is to start out with a fresh image, capture the programs inside / outside the Windows Namespace using a virtual machine, reboot the VM after you capture each SPP / provisioning package, apply them individually, along with the drivers, registry patches, and an XML answer file via sysprep (audit mode,) / manufacturing mode (This is for the recovery image.) You could even edit the WinRE portion of the recovery image at the same time so when you apply it, it automatically has a custom program that resets it upon reboot (if you don't want to utilize SCAP profiles / or a template.) Another example is WinPE resets itself after 72 hours and has a similar setup (albeit with a limited version of .NET 4.0 and no WPF forms.) It is totally possible anyways, and a lot of organizations already do this...
Development tools: Visual Studio Channels and Release Rhythm -> https://docs.microsoft.com/en-us/visualstudio/productinfo/release-rhythm Visual Studio Product Lifecycle and Servicing -> https://docs.microsoft.com/en-us/visualstudio/productinfo/vs-servicing Older versions of Visual Studio -> https://docs.microsoft.com/en-us/visualstudio/productinfo/vs-servicing#older-versions-of-visual-studio Visual Studio Older Downloads -> https://visualstudio.microsoft.com/vs/older-downloads/ VS 2017: https://aka.ms/vs/15/release/vs_community.exe VS 2019: https://aka.ms/vs/16/release/vs_community.exe VS 2022: https://aka.ms/vs/17/release/vs_community.exe vs_Community.exe --quiet --wait --layout "C:\VS22_Offline" --lang en-US --add Microsoft.VisualStudio.Workload.CoreEditor --add Microsoft.VisualStudio.Workload.ManagedDesktop;includeOptional --add Microsoft.VisualStudio.Workload.NativeCrossPlat;includeOptional --add Microsoft.VisualStudio.Workload.NetCrossPlat;includeRecommended --add Microsoft.VisualStudio.Workload.NativeMobile;includeOptional --add Microsoft.VisualStudio.Workload.NativeDesktop;includeOptional --add Microsoft.VisualStudio.Workload.Universal;includeOptional --add Microsoft.Component.HelpViewer Update the layout to the most current version of the product -> https://docs.microsoft.com/en-us/visualstudio/install/create-a-network-installation-of-visual-studio?view=vs-2022#update-the-layout-to-the-most-current-version-of-the-product vs_Community.exe --quiet --wait --layout "C:\VS22_Offline" --useLatestInstaller Remove older versions from a layout -> https://docs.microsoft.com/en-us/visualstudio/install/create-a-network-installation-of-visual-studio?view=vs-2022#remove-older-versions-from-a-layout Example: "C:\VS22_Offline\vs_Community.exe" --quiet --wait --layout "C:\VS22_Offline" --clean "C:\VS22_Offline\Archive\d675ef22-858d-47cc-b333-ec38c2d6745f\Catalog.json" "%ProgramFiles%\WinRAR\Rar.exe" a -r -k -htb -mc31:d+e+ "C:\ISO\VS22_Offline.rar" -r "C:\VS22_Offline\*.*" "Use command-line parameters to install Visual Studio" -> https://docs.microsoft.com/en-us/visualstudio/install/use-command-line-parameters-to-install-visual-studio?view=vs-2022 "Bootstrapper commands and command-line parameters" -> https://docs.microsoft.com/en-us/visualstudio/install/use-command-line-parameters-to-install-visual-studio?view=vs-2022#bootstrapper-commands-and-command-line-parameters "Create an offline installation of Visual Studio" -> https://docs.microsoft.com/en-us/visualstudio/install/create-an-offline-installation-of-visual-studio?view=vs-2022 "Visual Studio Community component directory" -> https://docs.microsoft.com/en-us/visualstudio/install/workload-component-id-vs-community?view=vs-2022 "Automate installs by using settings in a response file" -> https://docs.microsoft.com/en-us/visualstudio/install/automated-installation-with-response-file?view=vs-2022 "Command-line arguments for the Help Content Manager" -> https://docs.microsoft.com/en-us/visualstudio/help-viewer/command-line-arguments?view=vs-2022 "Microsoft Help Viewer SDK" -> https://docs.microsoft.com/en-us/visualstudio/extensibility/internals/microsoft-help-viewer-sdk?view=vs-2022 "Help API Reference" -> https://docs.microsoft.com/en-us/previous-versions/windows/desktop/helpapi/help-api-reference "Help Viewer 2.0 Code Examples" -> https://marketplace.visualstudio.com/items?itemName=RobChandlerHelpMVP.HelpViewer20CodeExamples Language documentation -> https://docs.microsoft.com/en-us/visualstudio/windows/?view=vs-2022&preserve-view=true#language-documentation C++ Language Reference -> https://docs.microsoft.com/en-us/cpp/cpp/cpp-language-reference?view=msvc-160 C# Language Reference -> https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/ F# Language Reference -> https://docs.microsoft.com/en-us/dotnet/fsharp/language-reference/ Visual Basic Language Reference -> https://docs.microsoft.com/en-us/dotnet/visual-basic/language-reference/ Razor syntax reference for ASP.NET Core -> https://docs.microsoft.com/en-us/aspnet/core/mvc/views/razor?view=aspnetcore-5.0 ^ These are not the best references, they are just basic references for this particular toolchain. The C++/C# reference does not necessarily go into great detail with operator overloading or even arrays, which you have to basically purchase books to be able to grasp this more easily, or take training. The reason is obviously that each toolchain has their own implementation, and in some respects you could consult an official reference on C++ or C#, and it will vary a lot in comparison to Microsoft's toolchain (most compilers are like this.) I really only use this for Visual Studio, based on what is acceptable for this IDE, not necessarily all other IDEs. You have to take into account what version of the language they support, and which features from this language are available in this toolchain, which are not, and for what reason (which is not necessarily good or bad. Another thing you have to take into account when porting software anyways.) Misc: https://developer.amd.com/resources/developer-guides-manuals/ https://software.intel.com/content/www/us/en/develop/articles/intel-sdm.html http://www.bitsavers.org/pdf/ https://archive.org/details/MicrosoftProgramersLibraryV1.3 https://archive.org/details/Microsoft_Programmers_Library_CD-ROM_Database_125-099-008_Version_1.1a_CDRM_1621 https://www.oreilly.com/library/view/c-pocket-reference/9780596801762/ https://www.oreilly.com/library/view/c-90-pocket/9781098101121/ https://www.stroustrup.com/index.html https://www.misra.org.uk/misra-c-plus-plus/ https://www.microsoftpressstore.com/store/browse/programming https://www.wiley.com/en-us/General+%26+Introductory+Computer+Science/Programming+%26+Software+Development-c-CS50?pq=%7CpublicationDate%7Cbrand%3AWX&size=50 https://www.openhub.net/ https://www.synopsys.com/software-integrity/security-testing.html https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html https://www.synopsys.com/software-integrity/security-testing/fuzz-testing.html https://docs.microsoft.com/en-us/xamarin/android/deploy-test/release-prep/?tabs=windows#protect_app https://docs.microsoft.com/en-us/visualstudio/ide/dotfuscator/?view=vs-2022 https://opensource.google/projects/oss-fuzz "If you experience a catastrophic error and can't repair or uninstall Visual Studio, you can run the InstallCleanup.exe tool to remove installation files and product information for all installed instances of Visual Studio 2017, Visual Studio 2022, or Visual Studio 2022." -> https://docs.microsoft.com/en-us/visualstudio/install/remove-visual-studio?view=vs-2022 C:\Program Files (x86)\Microsoft Visual Studio\Installer>installcleanup /? Usage: InstallCleanup.exe <mode> mode should be one of the following: -f | -full: cleanup all installed assets (default) -i | -instance [version]: cleanup only instance data [version]: filter to only instances that start with this version string C:\Program Files (x86)\Microsoft Visual Studio\Installer>installcleanup -f Detecting Visual Studio Installs: Detecting Instances... Done Removing Installer Assets: Uninstalling MSIs... Done Deleting AppData Channels... Done Deleting LocalAppData Channels... Done Deleting User Cache... Done Deleting Installer... Done Deleting Package Cache... Done Deleting Installer Shortcut... Done Deleting Installer ARP Entry... Done C:\Program Files (x86)\Microsoft Visual Studio\Installer>
- dretzerIron Contributor
You can use the MDM WMI Bridge Provider to do what you want. This way you do exactly the same as intune would do.
You have to execute the following PowerShell script as SYSTEM. Administrator ist not enough!
To accomplish this, you can either execute the script with task scheduler or use psexec.exe to run powershell as system (psexec -s powershell.exe -file c:\pathtoscript\script.ps1).
$namespaceName = "root\cimv2\mdm\dmmap" $className = "MDM_RemoteWipe" $methodName = "doWipeMethod" $session = New-CimSession $params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection $param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create("param", "", "String", "In") $params.Add($param) $instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT' and InstanceID='RemoteWipe'" $session.InvokeMethod($namespaceName, $instance, $methodName, $params)
$methodname can bei either "doWipeMethod" or "doWipeProtectedMethod". The later one will also wipe all data from the disks, especially if you want to refurbish the devices. The downside is that "doWipeProtectedMethod" can leave some clients (depending on configuration and hardware) in an unbootable state.
Additionally "doWipeMethod" can be canceled by the user (power cycle for example), "doWipeProtectedMethod" cannot be canceled. It automatically resumes after a reboot until done. The higher risk ist worth it most of the time. If you want to be sure that the devices will be in a usable state after the wipe, use "doWipeMethod" instead.
- shockotechcomIron ContributorSuper useful thanks!
- GCHS_mbackCopper Contributor
dretzer Can that tool be user with an unattended.xml? I am trying to remotely wipe the device and have it skip the setup screen and login and maybe even install a program (remote management software).
- gwblokIron Contributor
If you have the ability to pull down content, you can pull down Windows 1909 Installer, then run the command to upgrade and clean the system. The entire thing can be scripted.
- Reza_Ameri-ArchivedBronze Contributor
The systemreset command will show interface to user and it is behavior by design , however if you are able to manage devices using Configuration Manager, you could do it using Full Wipe, take a look at:
https://docs.microsoft.com/en-us/mem/configmgr/mdm/deploy-use/wipe-lock-reset-devicesYou could remotely wipe device using Windows Intune too:
https://docs.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe
- Claire_4Copper Contributor
Reza_Ameri-Archived Thanks for your reply.
Unfortunately we do not use configuration manager, nor do we have capacity to register devices on InTune currently.
We can run exe's/powershell scripts, that sort of thing on the laptops so we're hoping to use something like that to achieve this.
- Reza_Ameri-ArchivedBronze Contributor
From what I know there is no script to run it in silence mode and wipe system and it is behavior by design, so let say if there is possibility to do so, cybercriminals might run that script and user will lose Windows but it is available in Configuration Manager or Intune, it means PC is being managed by trusted administrator.