Forum Discussion

Claire_4's avatar
Claire_4
Copper Contributor
Apr 27, 2020

Factory Reset Windows 10 without user intervention

I've looked for this answer online and have come across the "systemreset -factoryreset" command which works, but it comes up with the prompt asking if I want to keep my files or remove everything, I want to remove everything, but without the prompt. 

 

We are not doing this from any pre-exiting images, and our laptops are running the pre-loaded Windows 10 Pro install, we are just using the in-built Windows 10 "reset this PC" feature as we have no MDM configured. We just want the laptops to be totally reset so they don't contain any company information, we're not bothered about completing the OOBE once they are wiped.

 

We are trying to accomplish this remotely as our users are all at home, so I need to automate it and have no user involvement in the process, I just want it to factory reset, and bring the laptop up to the off-the-shelf state configuration. We have the facility to push commands and scripts to the laptops so was hoping to do this via powershell.

 

Does anyone know if this is possible?

 

Thanks

26 Replies

  • Mousefluff's avatar
    Mousefluff
    Iron Contributor

    Claire_4 

    I would just make a program that uses the PowerShell API / ConPTY API, and have it make the changes for you unattended utilizing the servicing stack. Normally you change the policy with a SCAP profile based on the NIST one, which you could pick and choose various options from the accepted defaults located in the Microsoft Security Compliance Toolkit 1.x (which is the most common way of doing it, being sure to harden services and the network stack at the same time.) The first step obviously is to start out with a fresh image, capture the programs inside / outside the Windows Namespace using a virtual machine, reboot the VM after you capture each SPP / provisioning package, apply them individually, along with the drivers, registry patches, and an XML answer file via sysprep (audit mode,) / manufacturing mode (This is for the recovery image.) You could even edit the WinRE portion of the recovery image at the same time so when you apply it, it automatically has a custom program that resets it upon reboot (if you don't want to utilize SCAP profiles / or a template.) Another example is WinPE resets itself after 72 hours and has a similar setup (albeit with a limited version of .NET 4.0 and no WPF forms.) It is totally possible anyways, and a lot of organizations already do this...

    Development tools:
    
    Visual Studio Channels and Release Rhythm -> https://docs.microsoft.com/en-us/visualstudio/productinfo/release-rhythm
    Visual Studio Product Lifecycle and Servicing -> https://docs.microsoft.com/en-us/visualstudio/productinfo/vs-servicing
    Older versions of Visual Studio -> https://docs.microsoft.com/en-us/visualstudio/productinfo/vs-servicing#older-versions-of-visual-studio
    Visual Studio Older Downloads -> https://visualstudio.microsoft.com/vs/older-downloads/
    
    VS 2017: https://aka.ms/vs/15/release/vs_community.exe
    VS 2019: https://aka.ms/vs/16/release/vs_community.exe
    VS 2022: https://aka.ms/vs/17/release/vs_community.exe
    
    vs_Community.exe --quiet --wait --layout "C:\VS22_Offline" --lang en-US --add Microsoft.VisualStudio.Workload.CoreEditor --add Microsoft.VisualStudio.Workload.ManagedDesktop;includeOptional --add Microsoft.VisualStudio.Workload.NativeCrossPlat;includeOptional --add Microsoft.VisualStudio.Workload.NetCrossPlat;includeRecommended --add Microsoft.VisualStudio.Workload.NativeMobile;includeOptional --add Microsoft.VisualStudio.Workload.NativeDesktop;includeOptional --add Microsoft.VisualStudio.Workload.Universal;includeOptional --add Microsoft.Component.HelpViewer
    
    Update the layout to the most current version of the product -> https://docs.microsoft.com/en-us/visualstudio/install/create-a-network-installation-of-visual-studio?view=vs-2022#update-the-layout-to-the-most-current-version-of-the-product
    
    vs_Community.exe --quiet --wait --layout "C:\VS22_Offline" --useLatestInstaller
    
    Remove older versions from a layout -> https://docs.microsoft.com/en-us/visualstudio/install/create-a-network-installation-of-visual-studio?view=vs-2022#remove-older-versions-from-a-layout
    
    Example: "C:\VS22_Offline\vs_Community.exe" --quiet --wait --layout "C:\VS22_Offline" --clean "C:\VS22_Offline\Archive\d675ef22-858d-47cc-b333-ec38c2d6745f\Catalog.json"
    
    "%ProgramFiles%\WinRAR\Rar.exe" a -r -k -htb -mc31:d+e+ "C:\ISO\VS22_Offline.rar" -r "C:\VS22_Offline\*.*"
    
    "Use command-line parameters to install Visual Studio" -> https://docs.microsoft.com/en-us/visualstudio/install/use-command-line-parameters-to-install-visual-studio?view=vs-2022
    
    "Bootstrapper commands and command-line parameters" -> https://docs.microsoft.com/en-us/visualstudio/install/use-command-line-parameters-to-install-visual-studio?view=vs-2022#bootstrapper-commands-and-command-line-parameters
    
    "Create an offline installation of Visual Studio" -> https://docs.microsoft.com/en-us/visualstudio/install/create-an-offline-installation-of-visual-studio?view=vs-2022
    
    "Visual Studio Community component directory" -> https://docs.microsoft.com/en-us/visualstudio/install/workload-component-id-vs-community?view=vs-2022
    
    "Automate installs by using settings in a response file" -> https://docs.microsoft.com/en-us/visualstudio/install/automated-installation-with-response-file?view=vs-2022
    
    "Command-line arguments for the Help Content Manager" -> https://docs.microsoft.com/en-us/visualstudio/help-viewer/command-line-arguments?view=vs-2022
    
    "Microsoft Help Viewer SDK" -> https://docs.microsoft.com/en-us/visualstudio/extensibility/internals/microsoft-help-viewer-sdk?view=vs-2022
    
    "Help API Reference" -> https://docs.microsoft.com/en-us/previous-versions/windows/desktop/helpapi/help-api-reference
    
    "Help Viewer 2.0 Code Examples" -> https://marketplace.visualstudio.com/items?itemName=RobChandlerHelpMVP.HelpViewer20CodeExamples
    
    Language documentation -> https://docs.microsoft.com/en-us/visualstudio/windows/?view=vs-2022&preserve-view=true#language-documentation
    C++ Language Reference -> https://docs.microsoft.com/en-us/cpp/cpp/cpp-language-reference?view=msvc-160
    C# Language Reference -> https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/
    F# Language Reference -> https://docs.microsoft.com/en-us/dotnet/fsharp/language-reference/
    Visual Basic Language Reference -> https://docs.microsoft.com/en-us/dotnet/visual-basic/language-reference/
    Razor syntax reference for ASP.NET Core -> https://docs.microsoft.com/en-us/aspnet/core/mvc/views/razor?view=aspnetcore-5.0
    
    ^ These are not the best references, they are just basic references for this particular toolchain. The C++/C# reference does not necessarily go into great detail with operator overloading or even arrays, which you have to basically purchase books to be able to grasp this more easily, or take training. The reason is obviously that each toolchain has their own implementation, and in some respects you could consult an official reference on C++ or C#, and it will vary a lot in comparison to Microsoft's toolchain (most compilers are like this.) I really only use this for Visual Studio, based on what is acceptable for this IDE, not necessarily all other IDEs. You have to take into account what version of the language they support, and which features from this language are available in this toolchain, which are not, and for what reason (which is not necessarily good or bad. Another thing you have to take into account when porting software anyways.)
    
    Misc:
    
    https://developer.amd.com/resources/developer-guides-manuals/
    https://software.intel.com/content/www/us/en/develop/articles/intel-sdm.html
    http://www.bitsavers.org/pdf/
    https://archive.org/details/MicrosoftProgramersLibraryV1.3
    https://archive.org/details/Microsoft_Programmers_Library_CD-ROM_Database_125-099-008_Version_1.1a_CDRM_1621
    https://www.oreilly.com/library/view/c-pocket-reference/9780596801762/
    https://www.oreilly.com/library/view/c-90-pocket/9781098101121/
    https://www.stroustrup.com/index.html
    https://www.misra.org.uk/misra-c-plus-plus/
    https://www.microsoftpressstore.com/store/browse/programming
    https://www.wiley.com/en-us/General+%26+Introductory+Computer+Science/Programming+%26+Software+Development-c-CS50?pq=%7CpublicationDate%7Cbrand%3AWX&size=50
    
    https://www.openhub.net/
    https://www.synopsys.com/software-integrity/security-testing.html
    https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html
    https://www.synopsys.com/software-integrity/security-testing/fuzz-testing.html
    https://docs.microsoft.com/en-us/xamarin/android/deploy-test/release-prep/?tabs=windows#protect_app
    https://docs.microsoft.com/en-us/visualstudio/ide/dotfuscator/?view=vs-2022
    https://opensource.google/projects/oss-fuzz
    
    "If you experience a catastrophic error and can't repair or uninstall Visual Studio, you can run the InstallCleanup.exe tool to remove installation files and product information for all installed instances of Visual Studio 2017, Visual Studio 2022, or Visual Studio 2022." -> https://docs.microsoft.com/en-us/visualstudio/install/remove-visual-studio?view=vs-2022
    
    C:\Program Files (x86)\Microsoft Visual Studio\Installer>installcleanup /?
    
    Usage:  InstallCleanup.exe <mode>
            mode should be one of the following:
                    -f | -full:  cleanup all installed assets (default)
                    -i | -instance [version]:  cleanup only instance data
                            [version]:  filter to only instances that start with this version string
    
    C:\Program Files (x86)\Microsoft Visual Studio\Installer>installcleanup -f
    Detecting Visual Studio Installs:
            Detecting Instances... Done
    
    Removing Installer Assets:
            Uninstalling MSIs... Done
            Deleting AppData Channels... Done
            Deleting LocalAppData Channels... Done
            Deleting User Cache... Done
            Deleting Installer... Done
            Deleting Package Cache... Done
            Deleting Installer Shortcut... Done
            Deleting Installer ARP Entry... Done
    
    C:\Program Files (x86)\Microsoft Visual Studio\Installer>

     

  • dretzer's avatar
    dretzer
    Iron Contributor

    You can use the MDM WMI Bridge Provider to do what you want. This way you do exactly the same as intune would do.

     

    You have to execute the following PowerShell script as SYSTEM. Administrator ist not enough!

    To accomplish this, you can either execute the script with task scheduler or use psexec.exe to run powershell as system (psexec -s powershell.exe -file c:\pathtoscript\script.ps1).

     

     

     

     

    $namespaceName = "root\cimv2\mdm\dmmap"
    $className = "MDM_RemoteWipe"
    $methodName = "doWipeMethod"
    
    $session = New-CimSession
    
    $params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection
    $param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create("param", "", "String", "In")
    $params.Add($param)
    
    $instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT' and InstanceID='RemoteWipe'"
    $session.InvokeMethod($namespaceName, $instance, $methodName, $params)

     

     

     

     

    $methodname can bei either "doWipeMethod" or "doWipeProtectedMethod". The later one will also wipe all data from the disks, especially if you want to refurbish the devices. The downside is that "doWipeProtectedMethod" can leave some clients (depending on configuration and hardware) in an unbootable state.

    Additionally "doWipeMethod" can be canceled by the user (power cycle for example), "doWipeProtectedMethod" cannot be canceled. It automatically resumes after a reboot until done. The higher risk ist worth it most of the time. If you want to be sure that the devices will be in a usable state after the wipe, use "doWipeMethod" instead.

     

    Claire_4 

    • SeaGoose's avatar
      SeaGoose
      Copper Contributor

      dretzer So I have has weird success with this.  It worked on a machine. Once.  The next machine I tried this on gave me a Exception calling "InvokeMethod" with "4" argument(s): "The requested object could not be found."
      Any Ideas? Anyone?

       

    • GCHS_mback's avatar
      GCHS_mback
      Copper Contributor

      dretzer Can that tool be user with an unattended.xml? I am trying to remotely wipe the device and have it skip the setup screen and login and maybe even install a program (remote management software).

    • Claire_4's avatar
      Claire_4
      Copper Contributor

      Reza_Ameri-Archived Thanks for your reply.

       

      Unfortunately we do not use configuration manager, nor do we have capacity to register devices on InTune currently. 

       

      We can run exe's/powershell scripts, that sort of thing on the laptops so we're hoping to use something like that to achieve this. 

      • Reza_Ameri-Archived's avatar
        Reza_Ameri-Archived
        Bronze Contributor

        Claire_4 

         

        From what I know there is no script to run it in silence mode and wipe system and it is behavior by design, so let say if there is possibility to do so, cybercriminals might run that script and user will lose Windows but it is available in Configuration Manager or Intune, it means PC is being managed by trusted administrator.

         

Resources