Remote Wipe

Feature Requests
1

Introduce the ability to remotely wipe a machine.

We should optionally allow for NOT installing an agent after the wipe.

Currently you can use Immy to generate a PPKG that resets the machine and installs the agent afterwards but sometimes these machines are being retired and an agent is not desireable.

We can do this in the short term by using PowerShell to wipe the machine, there are scripts out there that can call the underlying windows reset API.

Long term, rather than downloading and uploading a PPKG, we should either generate the PPKG dynamically or build it into ImmyMDM as that is how this API is supposed to be called.

2

I’m looking to remote wipe a stolen device. It would even be nice to have a company named lost/stolen devices that we could transfer a device to and then onboard it with a provisioning package that wipes it.

1 Like
3

This would be very easy to facilitate as long as the device is autopilot registered. When it hits the internet and we have it on the stolen list we can have it block enrollment. (Assuming it was already wiped).

In the short term you could create a deployment with a remote wipe ppkg that you target to the devices in question. Perhaps with a stolen tag

4

In the scenario I’m looking at, I don’t even mind it re-enrolling in Immy briefly just so I can confirm the wipe goes through. In this case, the machine isn’t autopilot registered so I’m counting on Immy to phone in if it reaches internet and begin provisioning with a reset.
I followed directions from support and pushed the package at the given machine, but I did also make a lost/stolen tenant for it to drop into once it’s provisioned. My thinking was that we could also transfer a device to this tenant and tell it to onboard upon connection in future scenarios as well.

5

I would think the most common use case is it would take me longer to troubleshoot your issue than to re-load windows. Would like a quick way to reinstall windows a-la-autopilot and have Immy auto-install itself and re-onboard the machine

6

Found this which is supposedly how intune does the remote wipe but you can do it without intune. Seems like we could modify it to the setting that keeps the existing provisioning package in place and ImmyBot would just re-install itself from the provisioning package?

https://techcommunity.microsoft.com/t5/windows-deployment/factory-reset-windows-10-without-user-intervention/m-p/1339823>
$namespaceName= “root\cimv2\mdm\dmmap”$className= “MDM_RemoteWipe”$methodName= “doWipeMethod”$session= New-CimSession$params= New-ObjectMicrosoft.Management.Infrastructure.CimMethodParametersCollection
$param= [Microsoft.Management.Infrastructure.CimMethodParameter]::Create(“param”,“”,“String”,“In”)$params.Add($param)$instance= Get-CimInstance-Namespace $namespaceName-ClassName $className-Filter"ParentID=‘./Vendor/MSFT’ and InstanceID=‘RemoteWipe’"$session.InvokeMethod($namespaceName,$instance,$methodName,$params)

8

Hey Brent,

This is most certainly something we plan to implement. For those of you following along, it is currently possible to download a PPKG from Immy with the Reset Windows option checked and then upload it back to Immy’s Apply Provisioning Package task. This works, but it is very clunky.

The script that @Brent_Kenreich provided is PowerShell manually tweaking the MDM API in Windows. Since we are actively working on ImmyMDM, it seems fitting that we should implement this functionality into ImmyMDM as we will be interacting with those APIs directly.

9

This works for me

  1. Generate a PPKG installer with the “Reset Windows” option turned on
  2. Log into a LOCAL ADMIN on the machine
  3. Drop the PPKG on the desktop and run it
  4. Click add
  5. Wait 1-2 minutes and you should get a message saying the computer is going to restart
  6. It will wipe and show back up in ImmyBot in 1-2 hours.
10

This would be an awesome feature, regardless of stolen, lost device, etc!

11

I was actually looking for this feature, now that I know it’s possible from this thread, it would be great to have it at a click of a button.

Pretty much every time a device changes it’s user, we’re resetting it with Intune before setting it up to get rid of any underlying windows issues.
This does not always work/trigger via Intune. You’d wait hours just to come back to an error that this device could not be reset.

Having Immy doing this would be great and hopefully less buggy.

12

Remote wipe task i’m using, run as system:

param(
    [string]$namespaceName = "root\cimv2\mdm\dmmap",
    [ValidateSet("MDM_RemoteWipe")]
    [string]$className = "MDM_RemoteWipe",
    [ValidateSet("doWipeMethod", "doWipePersistProvisionedDataMethod", "doWipePersistUserDataMethod", "doWipeProtectedMethod")]
    [string]$methodName = "doWipeMethod"
)

$resultObject = [PSCustomObject]@{
    Success      = $false
    ReturnValue  = $null
    ErrorMessage = ""
}

try {
    $session = New-CimSession
    $params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection
    $param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create("param", "", "String", "In")
    $params.Add($param)

    $instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT' and InstanceID='RemoteWipe'"
    if ($instance -eq $null) {
        $resultObject.ErrorMessage = "WMI instance not found."
        return $resultObject
    }

    $result = $session.InvokeMethod($namespaceName, $instance, $methodName, $params)
    $resultObject.Success = $true
    $resultObject.ReturnValue = $result.ReturnValue
}
catch {
    $resultObject.ErrorMessage = "An error occurred: $_"
}

return $resultObject
13

I also added this a while ago in my own repo, same thing just targets the dll instead of using WMI.