We should optionally allow for NOT installing an agent after the wipe.
Currently you can use Immy to generate a PPKG that resets the machine and installs the agent afterwards but sometimes these machines are being retired and an agent is not desireable.
We can do this in the short term by using PowerShell to wipe the machine, there are scripts out there that can call the underlying windows reset API.
Long term, rather than downloading and uploading a PPKG, we should either generate the PPKG dynamically or build it into ImmyMDM as that is how this API is supposed to be called.
Iâm looking to remote wipe a stolen device. It would even be nice to have a company named lost/stolen devices that we could transfer a device to and then onboard it with a provisioning package that wipes it.
This would be very easy to facilitate as long as the device is autopilot registered. When it hits the internet and we have it on the stolen list we can have it block enrollment. (Assuming it was already wiped).
In the short term you could create a deployment with a remote wipe ppkg that you target to the devices in question. Perhaps with a stolen tag
In the scenario Iâm looking at, I donât even mind it re-enrolling in Immy briefly just so I can confirm the wipe goes through. In this case, the machine isnât autopilot registered so Iâm counting on Immy to phone in if it reaches internet and begin provisioning with a reset.
I followed directions from support and pushed the package at the given machine, but I did also make a lost/stolen tenant for it to drop into once itâs provisioned. My thinking was that we could also transfer a device to this tenant and tell it to onboard upon connection in future scenarios as well.
I would think the most common use case is it would take me longer to troubleshoot your issue than to re-load windows. Would like a quick way to reinstall windows a-la-autopilot and have Immy auto-install itself and re-onboard the machine
Found this which is supposedly how intune does the remote wipe but you can do it without intune. Seems like we could modify it to the setting that keeps the existing provisioning package in place and ImmyBot would just re-install itself from the provisioning package?
This is most certainly something we plan to implement. For those of you following along, it is currently possible to download a PPKG from Immy with the Reset Windows option checked and then upload it back to Immyâs Apply Provisioning Package task. This works, but it is very clunky.
The script that @Brent_Kenreich provided is PowerShell manually tweaking the MDM API in Windows. Since we are actively working on ImmyMDM, it seems fitting that we should implement this functionality into ImmyMDM as we will be interacting with those APIs directly.
I was actually looking for this feature, now that I know itâs possible from this thread, it would be great to have it at a click of a button.
Pretty much every time a device changes itâs user, weâre resetting it with Intune before setting it up to get rid of any underlying windows issues.
This does not always work/trigger via Intune. Youâd wait hours just to come back to an error that this device could not be reset.
Having Immy doing this would be great and hopefully less buggy.