Apr 27 2020 01:27 AM - edited Apr 27 2020 01:30 AM
Apr 27 2020 01:27 AM - edited Apr 27 2020 01:30 AM
I've looked for this answer online and have come across the "systemreset -factoryreset" command which works, but it comes up with the prompt asking if I want to keep my files or remove everything, I want to remove everything, but without the prompt.
We are not doing this from any pre-exiting images, and our laptops are running the pre-loaded Windows 10 Pro install, we are just using the in-built Windows 10 "reset this PC" feature as we have no MDM configured. We just want the laptops to be totally reset so they don't contain any company information, we're not bothered about completing the OOBE once they are wiped.
We are trying to accomplish this remotely as our users are all at home, so I need to automate it and have no user involvement in the process, I just want it to factory reset, and bring the laptop up to the off-the-shelf state configuration. We have the facility to push commands and scripts to the laptops so was hoping to do this via powershell.
Does anyone know if this is possible?
Jan 06 2022 06:47 PM
Jan 16 2022 02:34 AM
It's much smarter to employ Unified Write Filters alongside siloed provisioning packages with the associated STIG tools / SCAP profiles (NIST's National Checklist Program for Windows Server 2019, which does work for the desktop SKUs.)
You could also accomplish this with the push-button reset feature built-into WinRE (by writing a custom WinRE application,) and then locate that somewhere on a separate recovery partition on the drive. It could be easier to just network boot with a fresh image, or selectively block changes inside / outside the Windows Namespace via the Unified Write Filter (ie. Blocking writes or virtualizing some part of the drive in memory temporarily, vs deleting everything after data is written to the drive, etc.)
"Bare metal recovery" -> https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/bare-metal-recovery?view=windows-11 "Deploy push-button reset features using Auto-apply folders" -> https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/deploy-pbr-features-using-auto-apply?view=windows-11 "Add a custom tool to the Windows RE Advanced startup menu" -> https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-a-custom-tool-to-the-windows-re-boot-options-menu?view=windows-11 "Unified Write Filter (UWF) feature" -> https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/unified-write-filter "Sdelete / Sdelete64 / Sdelete64a" -> https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete "Microsoft Windows Server 2019 Ver 2, Rel 2 Checklist Details" -> https://ncp.nist.gov/checklist/914 "STIG Viewing Tools" -> https://public.cyber.mil/stigs/srg-stig-tools/ Misc: "Capture, apply, and work with Windows images" -> https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/work-with-windows-images "Sysprep (Generalize) a Windows installation" -> https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/sysprep--generalize--a-windows-installation "Use Answer Files with Sysprep" -> https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/use-answer-files-with-sysprep "ScanState Syntax" -> https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-scanstate-syntax "Sample scripts" -> https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-deployment-sample-scripts-sxs "Siloed provisioning packages" -> https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/siloed-provisioning-packages "Capture and apply a Windows image using a single .WIM file" -> https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/capture-and-apply-windows-using-a-single-wim "Compact OS Size comparisons" -> https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/compact-os#size-comparisons
Jan 16 2022 02:54 AM
I would just make a program that uses the PowerShell API / ConPTY API, and have it make the changes for you unattended utilizing the servicing stack. Normally you change the policy with a SCAP profile based on the NIST one, which you could pick and choose various options from the accepted defaults located in the Microsoft Security Compliance Toolkit 1.x (which is the most common way of doing it, being sure to harden services and the network stack at the same time.) The first step obviously is to start out with a fresh image, capture the programs inside / outside the Windows Namespace using a virtual machine, reboot the VM after you capture each SPP / provisioning package, apply them individually, along with the drivers, registry patches, and an XML answer file via sysprep (audit mode,) / manufacturing mode (This is for the recovery image.) You could even edit the WinRE portion of the recovery image at the same time so when you apply it, it automatically has a custom program that resets it upon reboot (if you don't want to utilize SCAP profiles / or a template.) Another example is WinPE resets itself after 72 hours and has a similar setup (albeit with a limited version of .NET 4.0 and no WPF forms.) It is totally possible anyways, and a lot of organizations already do this...
Development tools: Visual Studio Channels and Release Rhythm -> https://docs.microsoft.com/en-us/visualstudio/productinfo/release-rhythm Visual Studio Product Lifecycle and Servicing -> https://docs.microsoft.com/en-us/visualstudio/productinfo/vs-servicing Older versions of Visual Studio -> https://docs.microsoft.com/en-us/visualstudio/productinfo/vs-servicing#older-versions-of-visual-studio Visual Studio Older Downloads -> https://visualstudio.microsoft.com/vs/older-downloads/ VS 2017: https://aka.ms/vs/15/release/vs_community.exe VS 2019: https://aka.ms/vs/16/release/vs_community.exe VS 2022: https://aka.ms/vs/17/release/vs_community.exe vs_Community.exe --quiet --wait --layout "C:\VS22_Offline" --lang en-US --add Microsoft.VisualStudio.Workload.CoreEditor --add Microsoft.VisualStudio.Workload.ManagedDesktop;includeOptional --add Microsoft.VisualStudio.Workload.NativeCrossPlat;includeOptional --add Microsoft.VisualStudio.Workload.NetCrossPlat;includeRecommended --add Microsoft.VisualStudio.Workload.NativeMobile;includeOptional --add Microsoft.VisualStudio.Workload.NativeDesktop;includeOptional --add Microsoft.VisualStudio.Workload.Universal;includeOptional --add Microsoft.Component.HelpViewer Update the layout to the most current version of the product -> https://docs.microsoft.com/en-us/visualstudio/install/create-a-network-installation-of-visual-studio?view=vs-2022#update-the-layout-to-the-most-current-version-of-the-product vs_Community.exe --quiet --wait --layout "C:\VS22_Offline" --useLatestInstaller Remove older versions from a layout -> https://docs.microsoft.com/en-us/visualstudio/install/create-a-network-installation-of-visual-studio?view=vs-2022#remove-older-versions-from-a-layout Example: "C:\VS22_Offline\vs_Community.exe" --quiet --wait --layout "C:\VS22_Offline" --clean "C:\VS22_Offline\Archive\d675ef22-858d-47cc-b333-ec38c2d6745f\Catalog.json" "%ProgramFiles%\WinRAR\Rar.exe" a -r -k -htb -mc31:d+e+ "C:\ISO\VS22_Offline.rar" -r "C:\VS22_Offline\*.*" "Use command-line parameters to install Visual Studio" -> https://docs.microsoft.com/en-us/visualstudio/install/use-command-line-parameters-to-install-visual-studio?view=vs-2022 "Bootstrapper commands and command-line parameters" -> https://docs.microsoft.com/en-us/visualstudio/install/use-command-line-parameters-to-install-visual-studio?view=vs-2022#bootstrapper-commands-and-command-line-parameters "Create an offline installation of Visual Studio" -> https://docs.microsoft.com/en-us/visualstudio/install/create-an-offline-installation-of-visual-studio?view=vs-2022 "Visual Studio Community component directory" -> https://docs.microsoft.com/en-us/visualstudio/install/workload-component-id-vs-community?view=vs-2022 "Automate installs by using settings in a response file" -> https://docs.microsoft.com/en-us/visualstudio/install/automated-installation-with-response-file?view=vs-2022 "Command-line arguments for the Help Content Manager" -> https://docs.microsoft.com/en-us/visualstudio/help-viewer/command-line-arguments?view=vs-2022 "Microsoft Help Viewer SDK" -> https://docs.microsoft.com/en-us/visualstudio/extensibility/internals/microsoft-help-viewer-sdk?view=vs-2022 "Help API Reference" -> https://docs.microsoft.com/en-us/previous-versions/windows/desktop/helpapi/help-api-reference "Help Viewer 2.0 Code Examples" -> https://marketplace.visualstudio.com/items?itemName=RobChandlerHelpMVP.HelpViewer20CodeExamples Language documentation -> https://docs.microsoft.com/en-us/visualstudio/windows/?view=vs-2022&preserve-view=true#language-documentation C++ Language Reference -> https://docs.microsoft.com/en-us/cpp/cpp/cpp-language-reference?view=msvc-160 C# Language Reference -> https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/ F# Language Reference -> https://docs.microsoft.com/en-us/dotnet/fsharp/language-reference/ Visual Basic Language Reference -> https://docs.microsoft.com/en-us/dotnet/visual-basic/language-reference/ Razor syntax reference for ASP.NET Core -> https://docs.microsoft.com/en-us/aspnet/core/mvc/views/razor?view=aspnetcore-5.0 ^ These are not the best references, they are just basic references for this particular toolchain. The C++/C# reference does not necessarily go into great detail with operator overloading or even arrays, which you have to basically purchase books to be able to grasp this more easily, or take training. The reason is obviously that each toolchain has their own implementation, and in some respects you could consult an official reference on C++ or C#, and it will vary a lot in comparison to Microsoft's toolchain (most compilers are like this.) I really only use this for Visual Studio, based on what is acceptable for this IDE, not necessarily all other IDEs. You have to take into account what version of the language they support, and which features from this language are available in this toolchain, which are not, and for what reason (which is not necessarily good or bad. Another thing you have to take into account when porting software anyways.) Misc: https://developer.amd.com/resources/developer-guides-manuals/ https://software.intel.com/content/www/us/en/develop/articles/intel-sdm.html http://www.bitsavers.org/pdf/ https://archive.org/details/MicrosoftProgramersLibraryV1.3 https://archive.org/details/Microsoft_Programmers_Library_CD-ROM_Database_125-099-008_Version_1.1a_CDRM_1621 https://www.oreilly.com/library/view/c-pocket-reference/9780596801762/ https://www.oreilly.com/library/view/c-90-pocket/9781098101121/ https://www.stroustrup.com/index.html https://www.misra.org.uk/misra-c-plus-plus/ https://www.microsoftpressstore.com/store/browse/programming https://www.wiley.com/en-us/General+%26+Introductory+Computer+Science/Programming+%26+Software+Development-c-CS50?pq=%7CpublicationDate%7Cbrand%3AWX&size=50 https://www.openhub.net/ https://www.synopsys.com/software-integrity/security-testing.html https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html https://www.synopsys.com/software-integrity/security-testing/fuzz-testing.html https://docs.microsoft.com/en-us/xamarin/android/deploy-test/release-prep/?tabs=windows#protect_app https://docs.microsoft.com/en-us/visualstudio/ide/dotfuscator/?view=vs-2022 https://opensource.google/projects/oss-fuzz "If you experience a catastrophic error and can't repair or uninstall Visual Studio, you can run the InstallCleanup.exe tool to remove installation files and product information for all installed instances of Visual Studio 2017, Visual Studio 2022, or Visual Studio 2022." -> https://docs.microsoft.com/en-us/visualstudio/install/remove-visual-studio?view=vs-2022 C:\Program Files (x86)\Microsoft Visual Studio\Installer>installcleanup /? Usage: InstallCleanup.exe <mode> mode should be one of the following: -f | -full: cleanup all installed assets (default) -i | -instance [version]: cleanup only instance data [version]: filter to only instances that start with this version string C:\Program Files (x86)\Microsoft Visual Studio\Installer>installcleanup -f Detecting Visual Studio Installs: Detecting Instances... Done Removing Installer Assets: Uninstalling MSIs... Done Deleting AppData Channels... Done Deleting LocalAppData Channels... Done Deleting User Cache... Done Deleting Installer... Done Deleting Package Cache... Done Deleting Installer Shortcut... Done Deleting Installer ARP Entry... Done C:\Program Files (x86)\Microsoft Visual Studio\Installer>
Feb 16 2022 11:40 PM
Recently cloud download option became available for factory reset and I'm wondering if it's possible to use DoWipeProtectedMethod and download OS image from the cloud. As I understood with provided PS script, factory reset uses local files for OS reinstallation?
Feb 17 2022 08:26 AM
Nov 22 2022 11:34 AM
@dretzer Can that tool be user with an unattended.xml? I am trying to remotely wipe the device and have it skip the setup screen and login and maybe even install a program (remote management software).
May 09 2023 03:09 PM
@dretzer So I have has weird success with this. It worked on a machine. Once. The next machine I tried this on gave me a Exception calling "InvokeMethod" with "4" argument(s): "The requested object could not be found."
Any Ideas? Anyone?