Apr 27 2020 01:27 AM - edited Apr 27 2020 01:30 AM
I've looked for this answer online and have come across the "systemreset -factoryreset" command which works, but it comes up with the prompt asking if I want to keep my files or remove everything, I want to remove everything, but without the prompt.
We are not doing this from any pre-exiting images, and our laptops are running the pre-loaded Windows 10 Pro install, we are just using the in-built Windows 10 "reset this PC" feature as we have no MDM configured. We just want the laptops to be totally reset so they don't contain any company information, we're not bothered about completing the OOBE once they are wiped.
We are trying to accomplish this remotely as our users are all at home, so I need to automate it and have no user involvement in the process, I just want it to factory reset, and bring the laptop up to the off-the-shelf state configuration. We have the facility to push commands and scripts to the laptops so was hoping to do this via powershell.
Does anyone know if this is possible?
Thanks
Apr 27 2020 07:27 AM - edited Apr 27 2020 07:29 AM
The systemreset command will show interface to user and it is behavior by design , however if you are able to manage devices using Configuration Manager, you could do it using Full Wipe, take a look at:
https://docs.microsoft.com/en-us/mem/configmgr/mdm/deploy-use/wipe-lock-reset-devices
You could remotely wipe device using Windows Intune too:
https://docs.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe
Apr 27 2020 07:57 AM
@Reza_Ameri-Archived Thanks for your reply.
Unfortunately we do not use configuration manager, nor do we have capacity to register devices on InTune currently.
We can run exe's/powershell scripts, that sort of thing on the laptops so we're hoping to use something like that to achieve this.
Apr 28 2020 10:04 AM
From what I know there is no script to run it in silence mode and wipe system and it is behavior by design, so let say if there is possibility to do so, cybercriminals might run that script and user will lose Windows but it is available in Configuration Manager or Intune, it means PC is being managed by trusted administrator.
Apr 29 2020 08:27 PM
If you have the ability to pull down content, you can pull down Windows 1909 Installer, then run the command to upgrade and clean the system. The entire thing can be scripted.
Apr 30 2020 12:37 AM - edited Apr 30 2020 12:46 AM
You can use the MDM WMI Bridge Provider to do what you want. This way you do exactly the same as intune would do.
You have to execute the following PowerShell script as SYSTEM. Administrator ist not enough!
To accomplish this, you can either execute the script with task scheduler or use psexec.exe to run powershell as system (psexec -s powershell.exe -file c:\pathtoscript\script.ps1).
$namespaceName = "root\cimv2\mdm\dmmap"
$className = "MDM_RemoteWipe"
$methodName = "doWipeMethod"
$session = New-CimSession
$params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection
$param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create("param", "", "String", "In")
$params.Add($param)
$instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT' and InstanceID='RemoteWipe'"
$session.InvokeMethod($namespaceName, $instance, $methodName, $params)
$methodname can bei either "doWipeMethod" or "doWipeProtectedMethod". The later one will also wipe all data from the disks, especially if you want to refurbish the devices. The downside is that "doWipeProtectedMethod" can leave some clients (depending on configuration and hardware) in an unbootable state.
Additionally "doWipeMethod" can be canceled by the user (power cycle for example), "doWipeProtectedMethod" cannot be canceled. It automatically resumes after a reboot until done. The higher risk ist worth it most of the time. If you want to be sure that the devices will be in a usable state after the wipe, use "doWipeMethod" instead.
Nov 17 2020 08:38 AM
Hey, I am also planning to use this script and I have a question.
will this script wipe all the disks connected or only C:/
if it indeed only wipes C:/ would you kindly modify it to wipe all the disks?
Best regards, Jordan.
Nov 18 2020 02:37 AM
The MDM wipe method above wipes all fixed disks, no modification necessary. I'm not sure about removable disks, but all fixed disks (C:, D:, ...) will be cleaned.
If it is important to fully wipe the data from the disks (i.e. non-recoverable) you should make sure that all disks are bitlocker encrypted. Only with encryption you can be sure that no data is recoverable with this method.
Nov 19 2020 01:58 PM
@dretzer thank you very much for your response!!
Feb 03 2021 02:39 PM - edited Feb 03 2021 04:51 PM
@dretzer
Hi,
I'm trying to use the script you referred to above (and also seemed to have wrote) using the following Kaseya Agent Procedure: https://automationexchange.kaseya.com/products/963
It seems to go through Kaseya correctly, first image, but when I run the script through powershell directly, I receive the error in 2nd image.
Would you be able to help me with this? We are trying to wipe a bunch of computers as quickly as possible and this was the most promising option we saw.
Thanks for the help and the work!
Feb 04 2021 02:50 AM
Hi.
You are trying to run the script with not enough privileges. The needed WMI methods can only be invoked with SYSTEM privileges. Membership in "Administrators" is not enough.
To execute a PowerShell script manually with SYSTEM privileges, you can, for example, use psexec.exe from Microsoft Sysinternals:
PsExec - Windows Sysinternals | Microsoft Docs
Place the .exe file and the .ps1 file in the same directory and execute psexec.exe with administrative privileges the following way (replace the paths as necessary):
C:\Scripts\psexec.exe -accepteula -S powershell.exe -command C:\Scripts\wipe.ps1
Another way, which you can do remotely and without psexec (group policy for example), would be to create a scheduled task running as SYSTEM and executing the script. You can then execute the task on demand or with a time/date schedule.
Feb 09 2021 03:36 AM - edited Feb 09 2021 03:40 AM
is this exactly what a fresh start initiates or is this the wipe function, as seen in intune?
I'd like to start the exact no-retension of user data fresh wipe using PS, silently
Feb 09 2021 06:31 AM
how annoying. all reset functions I've tried, including the powershell on this thread, resets to include the OEM stuff I want rid of. If you Fresh Start from intune, theyre not present.
I'm trying to avoid having to enrol a load of devices only to fresh start them. If I can avoid the initial enrolment and kick off a total fresh start from the beginning, that would be good.
Feb 09 2021 06:47 AM
The "OEM stuff" is found in C:\Recovery\*. If you remove all contents in this folder before you initiate the device reset, it should restore a clean windows installation without any "OEM stuff". Keep in mind though, that certain driver packages will be migrated to the new installation. Sometimes these can contain additional software packages included in the device driver package (for example audio control panels from the audio driver).
Feb 09 2021 06:55 AM
@dretzer I realized the computer I was running it on didn't have a recovery partition so even running the "systemreset -cleanpc" command wasn't working.
Kaseya allows you to run scripts as System - so even though I was running locally in picture - I was trying as System most of the time.
Thanks for the help either way.
Feb 09 2021 10:46 AM
yes. thanks. I get less HP stuff restored after a reset if I delete C:\Recevery before, but still some bits I do not want. where is it getting these last bits from that performing a fresh start from intune seems to ignore? I want omit these too
Feb 10 2021 01:34 AM
I think I'm wrong. A fresh start from intune still brings back some HP stuff. Which would make sense if there's some stuff HP have embedded in the image, and some stuff is in the recovery folder.
Might have to look into manual cloud reinstall at shift-f10 on first boot on each machine or a bootable USB with an unattended xml to just blow the hard drive away and start again without user interaction.
sigh
Feb 10 2021 03:20 AM
May 18 2021 07:05 AM
Dec 20 2021 12:47 PM
I'm writing a series of MDM scripts for our off-domain devices. I was able to incorporate this into my scripts so that we can remote wipe any of our off-domain laptops at will.
Thank you for the clearly written code and description!