Factory Reset Windows 10 without user intervention

Claire_4 

I would just make a program that uses the PowerShell API / ConPTY API, and have it make the changes for you unattended utilizing the servicing stack. Normally you change the policy with a SCAP profile based on the NIST one, which you could pick and choose various options from the accepted defaults located in the Microsoft Security Compliance Toolkit 1.x (which is the most common way of doing it, being sure to harden services and the network stack at the same time.) The first step obviously is to start out with a fresh image, capture the programs inside / outside the Windows Namespace using a virtual machine, reboot the VM after you capture each SPP / provisioning package, apply them individually, along with the drivers, registry patches, and an XML answer file via sysprep (audit mode,) / manufacturing mode (This is for the recovery image.) You could even edit the WinRE portion of the recovery image at the same time so when you apply it, it automatically has a custom program that resets it upon reboot (if you don't want to utilize SCAP profiles / or a template.) Another example is WinPE resets itself after 72 hours and has a similar setup (albeit with a limited version of .NET 4.0 and no WPF forms.) It is totally possible anyways, and a lot of organizations already do this...

Development tools:

Visual Studio Channels and Release Rhythm -> https://docs.microsoft.com/en-us/visualstudio/productinfo/release-rhythm
Visual Studio Product Lifecycle and Servicing -> https://docs.microsoft.com/en-us/visualstudio/productinfo/vs-servicing
Older versions of Visual Studio -> https://docs.microsoft.com/en-us/visualstudio/productinfo/vs-servicing#older-versions-of-visual-studio
Visual Studio Older Downloads -> https://visualstudio.microsoft.com/vs/older-downloads/

VS 2017: https://aka.ms/vs/15/release/vs_community.exe
VS 2019: https://aka.ms/vs/16/release/vs_community.exe
VS 2022: https://aka.ms/vs/17/release/vs_community.exe

vs_Community.exe --quiet --wait --layout "C:\VS22_Offline" --lang en-US --add Microsoft.VisualStudio.Workload.CoreEditor --add Microsoft.VisualStudio.Workload.ManagedDesktop;includeOptional --add Microsoft.VisualStudio.Workload.NativeCrossPlat;includeOptional --add Microsoft.VisualStudio.Workload.NetCrossPlat;includeRecommended --add Microsoft.VisualStudio.Workload.NativeMobile;includeOptional --add Microsoft.VisualStudio.Workload.NativeDesktop;includeOptional --add Microsoft.VisualStudio.Workload.Universal;includeOptional --add Microsoft.Component.HelpViewer

Update the layout to the most current version of the product -> https://docs.microsoft.com/en-us/visualstudio/install/create-a-network-installation-of-visual-studio?view=vs-2022#update-the-layout-to-the-most-current-version-of-the-product

vs_Community.exe --quiet --wait --layout "C:\VS22_Offline" --useLatestInstaller

Remove older versions from a layout -> https://docs.microsoft.com/en-us/visualstudio/install/create-a-network-installation-of-visual-studio?view=vs-2022#remove-older-versions-from-a-layout

Example: "C:\VS22_Offline\vs_Community.exe" --quiet --wait --layout "C:\VS22_Offline" --clean "C:\VS22_Offline\Archive\d675ef22-858d-47cc-b333-ec38c2d6745f\Catalog.json"

"%ProgramFiles%\WinRAR\Rar.exe" a -r -k -htb -mc31:d+e+ "C:\ISO\VS22_Offline.rar" -r "C:\VS22_Offline\*.*"

"Use command-line parameters to install Visual Studio" -> https://docs.microsoft.com/en-us/visualstudio/install/use-command-line-parameters-to-install-visual-studio?view=vs-2022

"Bootstrapper commands and command-line parameters" -> https://docs.microsoft.com/en-us/visualstudio/install/use-command-line-parameters-to-install-visual-studio?view=vs-2022#bootstrapper-commands-and-command-line-parameters

"Create an offline installation of Visual Studio" -> https://docs.microsoft.com/en-us/visualstudio/install/create-an-offline-installation-of-visual-studio?view=vs-2022

"Visual Studio Community component directory" -> https://docs.microsoft.com/en-us/visualstudio/install/workload-component-id-vs-community?view=vs-2022

"Automate installs by using settings in a response file" -> https://docs.microsoft.com/en-us/visualstudio/install/automated-installation-with-response-file?view=vs-2022

"Command-line arguments for the Help Content Manager" -> https://docs.microsoft.com/en-us/visualstudio/help-viewer/command-line-arguments?view=vs-2022

"Microsoft Help Viewer SDK" -> https://docs.microsoft.com/en-us/visualstudio/extensibility/internals/microsoft-help-viewer-sdk?view=vs-2022

"Help API Reference" -> https://docs.microsoft.com/en-us/previous-versions/windows/desktop/helpapi/help-api-reference

"Help Viewer 2.0 Code Examples" -> https://marketplace.visualstudio.com/items?itemName=RobChandlerHelpMVP.HelpViewer20CodeExamples

Language documentation -> https://docs.microsoft.com/en-us/visualstudio/windows/?view=vs-2022&preserve-view=true#language-documentation
C++ Language Reference -> https://docs.microsoft.com/en-us/cpp/cpp/cpp-language-reference?view=msvc-160
C# Language Reference -> https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/
F# Language Reference -> https://docs.microsoft.com/en-us/dotnet/fsharp/language-reference/
Visual Basic Language Reference -> https://docs.microsoft.com/en-us/dotnet/visual-basic/language-reference/
Razor syntax reference for ASP.NET Core -> https://docs.microsoft.com/en-us/aspnet/core/mvc/views/razor?view=aspnetcore-5.0

^ These are not the best references, they are just basic references for this particular toolchain. The C++/C# reference does not necessarily go into great detail with operator overloading or even arrays, which you have to basically purchase books to be able to grasp this more easily, or take training. The reason is obviously that each toolchain has their own implementation, and in some respects you could consult an official reference on C++ or C#, and it will vary a lot in comparison to Microsoft's toolchain (most compilers are like this.) I really only use this for Visual Studio, based on what is acceptable for this IDE, not necessarily all other IDEs. You have to take into account what version of the language they support, and which features from this language are available in this toolchain, which are not, and for what reason (which is not necessarily good or bad. Another thing you have to take into account when porting software anyways.)

Misc:

https://developer.amd.com/resources/developer-guides-manuals/
https://software.intel.com/content/www/us/en/develop/articles/intel-sdm.html
http://www.bitsavers.org/pdf/
https://archive.org/details/MicrosoftProgramersLibraryV1.3
https://archive.org/details/Microsoft_Programmers_Library_CD-ROM_Database_125-099-008_Version_1.1a_CDRM_1621
https://www.oreilly.com/library/view/c-pocket-reference/9780596801762/
https://www.oreilly.com/library/view/c-90-pocket/9781098101121/
https://www.stroustrup.com/index.html
https://www.misra.org.uk/misra-c-plus-plus/
https://www.microsoftpressstore.com/store/browse/programming
https://www.wiley.com/en-us/General+%26+Introductory+Computer+Science/Programming+%26+Software+Development-c-CS50?pq=%7CpublicationDate%7Cbrand%3AWX&size=50

https://www.openhub.net/
https://www.synopsys.com/software-integrity/security-testing.html
https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html
https://www.synopsys.com/software-integrity/security-testing/fuzz-testing.html
https://docs.microsoft.com/en-us/xamarin/android/deploy-test/release-prep/?tabs=windows#protect_app
https://docs.microsoft.com/en-us/visualstudio/ide/dotfuscator/?view=vs-2022
https://opensource.google/projects/oss-fuzz

"If you experience a catastrophic error and can't repair or uninstall Visual Studio, you can run the InstallCleanup.exe tool to remove installation files and product information for all installed instances of Visual Studio 2017, Visual Studio 2022, or Visual Studio 2022." -> https://docs.microsoft.com/en-us/visualstudio/install/remove-visual-studio?view=vs-2022

C:\Program Files (x86)\Microsoft Visual Studio\Installer>installcleanup /?

Usage:  InstallCleanup.exe <mode>
        mode should be one of the following:
                -f | -full:  cleanup all installed assets (default)
                -i | -instance [version]:  cleanup only instance data
                        [version]:  filter to only instances that start with this version string

C:\Program Files (x86)\Microsoft Visual Studio\Installer>installcleanup -f
Detecting Visual Studio Installs:
        Detecting Instances... Done

Removing Installer Assets:
        Uninstalling MSIs... Done
        Deleting AppData Channels... Done
        Deleting LocalAppData Channels... Done
        Deleting User Cache... Done
        Deleting Installer... Done
        Deleting Package Cache... Done
        Deleting Installer Shortcut... Done
        Deleting Installer ARP Entry... Done

C:\Program Files (x86)\Microsoft Visual Studio\Installer>

You can use the MDM WMI Bridge Provider to do what you want. This way you do exactly the same as intune would do.

You have to execute the following PowerShell script as SYSTEM. Administrator ist not enough!

To accomplish this, you can either execute the script with task scheduler or use psexec.exe to run powershell as system (psexec -s powershell.exe -file c:\pathtoscript\script.ps1).

$namespaceName = "root\cimv2\mdm\dmmap"
$className = "MDM_RemoteWipe"
$methodName = "doWipeMethod"

$session = New-CimSession

$params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection
$param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create("param", "", "String", "In")
$params.Add($param)

$instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT' and InstanceID='RemoteWipe'"
$session.InvokeMethod($namespaceName, $instance, $methodName, $params)

$methodname can bei either "doWipeMethod" or "doWipeProtectedMethod". The later one will also wipe all data from the disks, especially if you want to refurbish the devices. The downside is that "doWipeProtectedMethod" can leave some clients (depending on configuration and hardware) in an unbootable state.

Additionally "doWipeMethod" can be canceled by the user (power cycle for example), "doWipeProtectedMethod" cannot be canceled. It automatically resumes after a reboot until done. The higher risk ist worth it most of the time. If you want to be sure that the devices will be in a usable state after the wipe, use "doWipeMethod" instead.

Claire_4 

Claire_4 

If you have the ability to pull down content, you can pull down Windows 1909 Installer, then run the command to upgrade and clean the system.  The entire thing can be scripted.

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options#auto

The systemreset command will show interface to user and it is behavior by design , however if you are able to manage devices using Configuration Manager, you could do it using Full Wipe, take a look at:
https://docs.microsoft.com/en-us/mem/configmgr/mdm/deploy-use/wipe-lock-reset-devices

You could remotely wipe device using Windows Intune too:

https://docs.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe