Forum Discussion
Factory Reset Windows 10 without user intervention
You can use the MDM WMI Bridge Provider to do what you want. This way you do exactly the same as intune would do.
You have to execute the following PowerShell script as SYSTEM. Administrator ist not enough!
To accomplish this, you can either execute the script with task scheduler or use psexec.exe to run powershell as system (psexec -s powershell.exe -file c:\pathtoscript\script.ps1).
$namespaceName = "root\cimv2\mdm\dmmap"
$className = "MDM_RemoteWipe"
$methodName = "doWipeMethod"
$session = New-CimSession
$params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection
$param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create("param", "", "String", "In")
$params.Add($param)
$instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT' and InstanceID='RemoteWipe'"
$session.InvokeMethod($namespaceName, $instance, $methodName, $params)
$methodname can bei either "doWipeMethod" or "doWipeProtectedMethod". The later one will also wipe all data from the disks, especially if you want to refurbish the devices. The downside is that "doWipeProtectedMethod" can leave some clients (depending on configuration and hardware) in an unbootable state.
Additionally "doWipeMethod" can be canceled by the user (power cycle for example), "doWipeProtectedMethod" cannot be canceled. It automatically resumes after a reboot until done. The higher risk ist worth it most of the time. If you want to be sure that the devices will be in a usable state after the wipe, use "doWipeMethod" instead.
- JordanVegasNov 17, 2020Copper Contributor
Hey, I am also planning to use this script and I have a question.
will this script wipe all the disks connected or only C:/
if it indeed only wipes C:/ would you kindly modify it to wipe all the disks?
Best regards, Jordan.
- dretzerNov 18, 2020Iron Contributor
The MDM wipe method above wipes all fixed disks, no modification necessary. I'm not sure about removable disks, but all fixed disks (C:, D:, ...) will be cleaned.
If it is important to fully wipe the data from the disks (i.e. non-recoverable) you should make sure that all disks are bitlocker encrypted. Only with encryption you can be sure that no data is recoverable with this method.
- JordanVegasNov 19, 2020Copper Contributor
dretzer thank you very much for your response!!
- DJK463Feb 03, 2021Copper Contributor
dretzer
Hi,
I'm trying to use the script you referred to above (and also seemed to have wrote) using the following Kaseya Agent Procedure: https://automationexchange.kaseya.com/products/963
It seems to go through Kaseya correctly, first image, but when I run the script through powershell directly, I receive the error in 2nd image.
Would you be able to help me with this? We are trying to wipe a bunch of computers as quickly as possible and this was the most promising option we saw.
Thanks for the help and the work!- dretzerFeb 04, 2021Iron Contributor
Hi.
You are trying to run the script with not enough privileges. The needed WMI methods can only be invoked with SYSTEM privileges. Membership in "Administrators" is not enough.
To execute a PowerShell script manually with SYSTEM privileges, you can, for example, use psexec.exe from Microsoft Sysinternals:
PsExec - Windows Sysinternals | Microsoft Docs
Place the .exe file and the .ps1 file in the same directory and execute psexec.exe with administrative privileges the following way (replace the paths as necessary):
C:\Scripts\psexec.exe -accepteula -S powershell.exe -command C:\Scripts\wipe.ps1
Another way, which you can do remotely and without psexec (group policy for example), would be to create a scheduled task running as SYSTEM and executing the script. You can then execute the task on demand or with a time/date schedule.
- DJK463Feb 09, 2021Copper Contributor
dretzer I realized the computer I was running it on didn't have a recovery partition so even running the "systemreset -cleanpc" command wasn't working.
Kaseya allows you to run scripts as System - so even though I was running locally in picture - I was trying as System most of the time.
Thanks for the help either way.
- divadiow2Feb 09, 2021Copper Contributor
is this exactly what a fresh start initiates or is this the wipe function, as seen in intune?
I'd like to start the exact no-retension of user data fresh wipe using PS, silently
- divadiow2Feb 09, 2021Copper Contributor
how annoying. all reset functions I've tried, including the powershell on this thread, resets to include the OEM stuff I want rid of. If you Fresh Start from intune, theyre not present.
I'm trying to avoid having to enrol a load of devices only to fresh start them. If I can avoid the initial enrolment and kick off a total fresh start from the beginning, that would be good.
- dretzerFeb 09, 2021Iron Contributor
The "OEM stuff" is found in C:\Recovery\*. If you remove all contents in this folder before you initiate the device reset, it should restore a clean windows installation without any "OEM stuff". Keep in mind though, that certain driver packages will be migrated to the new installation. Sometimes these can contain additional software packages included in the device driver package (for example audio control panels from the audio driver).
- red-four-nine-parkJan 07, 2022Copper ContributorThat is great Thank You! Is there a way to dis-enroll / remove device record from intune, before this script is run?
- ArkadiiChoFeb 17, 2022Copper Contributor
Hi there,
Recently cloud download option became available for factory reset and I'm wondering if it's possible to use DoWipeProtectedMethod and download OS image from the cloud. As I understood with provided PS script, factory reset uses local files for OS reinstallation?
Thank you!
- red-four-nine-parkFeb 17, 2022Copper ContributorI think the cloud option is only present in Windows RE?
I know that if you enter Windows RE by repeatedly hard powering off during boot, you can then reset using cloud download.
Does anyone know a way to access it through PowerShell?
- GCHS_mbackNov 22, 2022Copper Contributor
dretzer Can that tool be user with an unattended.xml? I am trying to remotely wipe the device and have it skip the setup screen and login and maybe even install a program (remote management software).
- shockotechcomMay 23, 2023Brass ContributorSuper useful thanks!