1

I'm an MSP with a client across the country who is selling one of their branches. The computers they have (some Windows 7 and some Windows 10) are also being acquired. The computers are on a domain with a specific company image, in Active Directory, and have a lot of personal data and user accounts.

Currently I have a Powershell script that can run and manually remove most of the data. Sometimes this leaves things behind, creating security risks,and isn't time efficient (takes a couple of hours requiring occasional inputs).

So the question: How could I remotely wipe computers that I manage?

My colleague is convinced that utilizing sysprep should serve our purpose, but these machines have already been "sysprepped" before and I haven't had much luck on a local device. The people at the property are entirely computer illiterate, so sending a USB with an image and having them do it is out of the question.

I've been trying to use PowerShell to serve my purpose, but something always seems to go incorrectly (not deleting local user accounts, not renaming the PC, not being removed from the domain, etc). I'm more of a C# and Python guy without too much experience in PowerShell besides minor scripts to automate minor tasks.

Ultimately, I would like to script the following:

  • Remove the computer from the domain
  • Rename the computer to something generic
  • Remove the user accounts and create a standard for the new user
  • Erase all of the data

Here's a general idea of what I've tried thus far:

Remove-Computer -UnjoinDomainCredential domain\user

Rename-Computer -NewName "PC123" -DomainCredential domain\user

PS C:> Remove-LocalUser -Name "companyadmin"

systemreset -cleanpc

Should I continue focusing on PowerShell, and if so, any tips how this can be achieved? Should I take another look at sysprep? Or is there something else that I can utilize to remotely wipe managed devices. It doesn't have to be OOBE or anything, I just need them wiped with all of the company information.

Thank you for reading, and thank you ahead of time for any suggestions.

Improve this question
3
  • "systemreset -cleanpc" I believe this will not work for Windows 7 systems.
    – Moab
    Commented Jun 12, 2019 at 20:21
  • Thank you for the heads up. We're getting everyone over to Windows 10, so if the code I end up using works then it should hold me for awhile.
    – LaughableParadox
    Commented Jun 12, 2019 at 20:33
  • Provided you have admin rights, you could try PSEXEC (part of the PSTOOLS free toolkit). It would enable you to run remote command to the machines on your network, such as listing files, deleting them, etc. You can execute any windows command (provided you are admin). A sample command to check the directory c:\ of a workstation would be PSEXEC \\workstation -s cmd /c dir c:\
    – Luis Alberto Barandiaran
    Commented Jun 12, 2019 at 20:56

1 Answer 1

Reset to default
0

Wiping a computer from all its data requires :

  • Resetting it to factory condition
  • Wiping all data

For the first, you could either instruct your users in how to reset their computers, of you could use Microsoft's Refresh Windows utility (see writeup).

For the second, you should wipe all unused disk space, since it can be used to recover deleted files. See for example the article 8 Free Tools to Securely Wipe Free Disk Space Preventing Recovery.

Improve this answer
3
  • many ssd drives encrypt all data and offers so called "secure erase", it will destroy master key. data cant be recovered and takes only a second to erase. problem with this is that pc must have secondary disk for factory system image for easy reistall.
    – Sampo Sarrala
    Commented Jun 12, 2019 at 21:30
  • @SampoSarrala - The method SSDs use to wipe themselves can be unreliable. The best method might be to remotely enable BitLocker before using the Refresh utility. The only reason I suggest BitLocker is due to the fact it can be enabled in this situation, it's effective, provided you encrypt the free space on the drive then Refresh the machine effectively losing the key in the process. I would use a local machine to work out the kinks in the process though.
    – Ramhound
    Commented Jun 12, 2019 at 23:13
  • If they're Windows and corporate boxes they should be using BitLocker.
    – Alan B
    Commented May 21 at 10:09

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .