Factory Reset Windows 10 without user intervention

Copper Contributor

I've looked for this answer online and have come across the "systemreset -factoryreset" command which works, but it comes up with the prompt asking if I want to keep my files or remove everything, I want to remove everything, but without the prompt. 

 

We are not doing this from any pre-exiting images, and our laptops are running the pre-loaded Windows 10 Pro install, we are just using the in-built Windows 10 "reset this PC" feature as we have no MDM configured. We just want the laptops to be totally reset so they don't contain any company information, we're not bothered about completing the OOBE once they are wiped.

 

We are trying to accomplish this remotely as our users are all at home, so I need to automate it and have no user involvement in the process, I just want it to factory reset, and bring the laptop up to the off-the-shelf state configuration. We have the facility to push commands and scripts to the laptops so was hoping to do this via powershell.

 

Does anyone know if this is possible?

 

Thanks

27 Replies

The systemreset command will show interface to user and it is behavior by design , however if you are able to manage devices using Configuration Manager, you could do it using Full Wipe, take a look at:
https://docs.microsoft.com/en-us/mem/configmgr/mdm/deploy-use/wipe-lock-reset-devices

You could remotely wipe device using Windows Intune too:

https://docs.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe 

 

@Reza_Ameri-Archived Thanks for your reply.

 

Unfortunately we do not use configuration manager, nor do we have capacity to register devices on InTune currently. 

 

We can run exe's/powershell scripts, that sort of thing on the laptops so we're hoping to use something like that to achieve this. 

@Claire_4 

 

From what I know there is no script to run it in silence mode and wipe system and it is behavior by design, so let say if there is possibility to do so, cybercriminals might run that script and user will lose Windows but it is available in Configuration Manager or Intune, it means PC is being managed by trusted administrator.

 

@Claire_4 

If you have the ability to pull down content, you can pull down Windows 1909 Installer, then run the command to upgrade and clean the system.  The entire thing can be scripted.

 

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-opt...

 

 

You can use the MDM WMI Bridge Provider to do what you want. This way you do exactly the same as intune would do.

 

You have to execute the following PowerShell script as SYSTEM. Administrator ist not enough!

To accomplish this, you can either execute the script with task scheduler or use psexec.exe to run powershell as system (psexec -s powershell.exe -file c:\pathtoscript\script.ps1).

 

 

 

 

$namespaceName = "root\cimv2\mdm\dmmap"
$className = "MDM_RemoteWipe"
$methodName = "doWipeMethod"

$session = New-CimSession

$params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection
$param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create("param", "", "String", "In")
$params.Add($param)

$instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT' and InstanceID='RemoteWipe'"
$session.InvokeMethod($namespaceName, $instance, $methodName, $params)

 

 

 

 

$methodname can bei either "doWipeMethod" or "doWipeProtectedMethod". The later one will also wipe all data from the disks, especially if you want to refurbish the devices. The downside is that "doWipeProtectedMethod" can leave some clients (depending on configuration and hardware) in an unbootable state.

Additionally "doWipeMethod" can be canceled by the user (power cycle for example), "doWipeProtectedMethod" cannot be canceled. It automatically resumes after a reboot until done. The higher risk ist worth it most of the time. If you want to be sure that the devices will be in a usable state after the wipe, use "doWipeMethod" instead.

 

@Claire_4 

@dretzer 

Hey, I am also planning to use this script and I have a question.

will this script wipe all the disks connected or only C:/

if it indeed only wipes C:/ would you kindly modify it to wipe all the disks?

Best regards, Jordan.

The MDM wipe method above wipes all fixed disks, no modification necessary. I'm not sure about removable disks, but all fixed disks (C:, D:, ...) will be cleaned.

If it is important to fully wipe the data from the disks (i.e. non-recoverable) you should make sure that all disks are bitlocker encrypted. Only with encryption you can be sure that no data is recoverable with this method.

@JordanVegas 

@dretzer thank you very much for your response!!

@dretzer 

Hi,

I'm trying to use the script you referred to above (and also seemed to have wrote) using the following Kaseya Agent Procedure: https://automationexchange.kaseya.com/products/963

It seems to go through Kaseya correctly, first image, but when I run the script through powershell directly, I receive the error in 2nd image.

Would you be able to help me with this? We are trying to wipe a bunch of computers as quickly as possible and this was the most promising option we saw.

Thanks for the help and the work!


Hi.

 

You are trying to run the script with not enough privileges. The needed WMI methods can only be invoked with SYSTEM privileges. Membership in "Administrators" is not enough.

 

To execute a PowerShell script manually with SYSTEM privileges, you can, for example, use psexec.exe from Microsoft Sysinternals:

PsExec - Windows Sysinternals | Microsoft Docs

 

Place the .exe file and the .ps1 file in the same directory and execute psexec.exe with administrative privileges the following way (replace the paths as necessary):

C:\Scripts\psexec.exe -accepteula -S powershell.exe -command C:\Scripts\wipe.ps1

 

Another way, which you can do remotely and without psexec (group policy for example), would be to create a scheduled task running as SYSTEM and executing the script. You can then execute the task on demand or with a time/date schedule.

@DJK463 

is this exactly what a fresh start initiates or is this the wipe function, as seen in intune?

@dretzer 

 

I'd like to start the exact no-retension of user data fresh wipe using PS, silently

how annoying. all reset functions I've tried, including the powershell on this thread, resets to include the OEM stuff I want rid of. If you Fresh Start from intune, theyre not present.

 

I'm trying to avoid having to enrol a load of devices only to fresh start them. If I can avoid the initial enrolment and kick off a total fresh start from the beginning, that would be good.

The "OEM stuff" is found in C:\Recovery\*. If you remove all contents in this folder before you initiate the device reset, it should restore a clean windows installation without any "OEM stuff". Keep in mind though, that certain driver packages will be migrated to the new installation. Sometimes these can contain additional software packages included in the device driver package (for example audio control panels from the audio driver).

 

@divadiow2 

@dretzer I realized the computer I was running it on didn't have a recovery partition so even running the "systemreset -cleanpc" command wasn't working. 

Kaseya allows you to run scripts as System - so even though I was running locally in picture - I was trying as System most of the time.

Thanks for the help either way.

yes. thanks. I get less HP stuff restored after a reset if I delete C:\Recevery before, but still some bits I do not want. where is it getting these last bits from that performing a fresh start from intune seems to ignore? I want omit these too

 

 

@dretzer 

I think I'm wrong. A fresh start from intune still brings back some HP stuff. Which would make sense if there's some stuff HP have embedded in the image, and some stuff is in the recovery folder. 

 

Might have to look into manual cloud reinstall at shift-f10 on first boot on each machine or a bootable USB with an unattended xml to just blow the hard drive away and start again without user interaction.

 

sigh

cloud reinstall still resulted in HP stuff being present, despite nothing set to be kept.

now building an autounattend xml so bootable USB can be used with a fresh 20H2 Jan 2021 install to blow away partitions and install fresh default. simples
I just came across this question (while I was looking for something else) but I needed to do the same with a lot of domain joined devices some time ago... it did is job.... kinda (except the surfaces)

https://call4cloud.nl/2020/10/remote-wipe-the-next-level/

@dretzer 

I'm writing a series of MDM scripts for our off-domain devices. I was able to incorporate this into my scripts so that we can remote wipe any of our off-domain laptops at will.

 

Thank you for the clearly written code and description!