Secure Wipe with logging using ConfigMgr Task Sequence

First off, I want to give credit where Due, I first borrowed this idea from Jeremy @ syswow
- http://syswow.blogspot.com/2012/05/secure-dod-drive-wiping-with-sccm.html

Then Modified it to give feed back to our Service Desk, and keep a record on the Server
Also changed it from one 1 step to run 7 passes, to having 7 steps run a single pass, so when you look at the TS Progress, you know what pass it is on.
Look back to his blog for more details, as he explains the sdelete command and parameters used.

0AFFBE3901D4EFF97157F1DD6499471F03058598

Overview of TS

  1. Restart to WinPE (x86)
  2. Bios Settings - We have it clear our Bios Password, since they machines will be going recycle
  3. Wipe Drive Section
  4. Copy SDELETE - Copies the Files the "OS" to be used (sdelete.reg, diskpart-clean.txt, and batch file used at end)
        Run Command Line - xcopy.exe ".\*.*" "%WinDir%" /E /C /Q /H /R /Y /I
  5. Accept the EULA - adds registry key to OS Registry
        regedit /s sdelete.reg
        Start in: %WinDir%
  6. Format and Partition Disk - Runs a TS format Step
  7. 7-13 - Runs a Pass of sdelete (Running 7 separate passes so you can label each pass, so the someone watching knows what pass they are on)
        Run Command Line - sdelete.exe -p 1 -c -z
  8. Diskpart - Clean - Removes any Paritions and leaves the drive a blank
        Run Command Line - diskpart -s X:\Windows\diskpart-clean.txt
  9. Map Drive L: - Report Share - This maps a Drive, granting access for the Next Step to save a file on the Network
        Run Command Line - net use l: \\server.fqdn\share$\DiskWipeResults /user:domain\username password
  10. Posts information once Wipe is completed, and saves logs on the Servers
        Run Command Line - x:\Windows\JobComplete.bat
        2 Logs are Modified.  It first will create a log for the indivdual machine, which can be printed and attached to the machine
                                        It then appends to a log showing all computers that have undergone this process

Screen Captures:

Step: Copy SDelete
18D27D7BCC6DDAC31E417912C0E99725D2A9AF26

Step: Accept the EULA
303273F7C8EB8B8560A1D1D8C9BFEF837FE6B2AE

Step Format and Partition Disk
16E2E07DEC4BB25934688525D14CD832F6E9A578

Step: Wipe Disk Pass 1 - 7
E5D5EACB27C4FA67EF3E4452D4529184AAAA4F7A

Step: DiskPart - Clean
BFC18BF18E817ED11476A318ABBB6B056B07D7E4

Step: Map Drive l: (requires an account with permissions to the share specified.  Recommend a Service Account that is locked down to only that share, and does not have logon rights)
D33C5BC6E89BAC7D5EBEB22A81A94DA13162140B

Step: The HDD has been Wiped Clean
3D5371ED79DC4F45CE45D6C003B347929BE3C28D

Capture of Process:

4160BC3D7D0470A159428D9A4D575DC7971FB5DA

BA2BA894CF812FED1A4F9C495E22A563F7993AE3

Logs on Server:
Creates a DiskWipe-SERIAL.txt file &  Appends to the DiskWipeResults.txt file.

14581C8FD05883522E163764DCE8E4B04E329769

DiskWipe-Serial.txt:
1643D07272475EB1A54B8A6E647C62BDBD325B6E

DiskWipeResults.txt:
It will then append the next computer, and so on to keep a running log of all.
D195347F57E1D1068C3BC25F9782F54FDE3BD4C3

Files Needed: (Also available in LINK at bottom)

JobComplete.bat file:
------

Echo off
for /F "skip=2 tokens=2 delims=," %%A in ('wmic systemenclosure get serialnumber /FORMAT:csv') do (set "serial=%%A")
set serial=%serial:~-15%

for /F "skip=2 tokens=2 delims=," %%A in ('wmic csproduct get vendor /FORMAT:csv') do (set "compvendor=%%A")

for /F "skip=2 tokens=2 delims=," %%A in ('wmic csproduct get name /FORMAT:csv') do (set "compname=%%A")

for /F "skip=2 tokens=2 delims=," %%A in ('wmic CPU get name /FORMAT:csv') do (set "CPUname=%%A")

for /F "skip=2 tokens=2 delims=," %%A in ('wmic computersystem get totalphysicalmemory /FORMAT:csv') do (set "memory=%%A")
set /a memory = memory / 1048576

for /F "skip=2 tokens=2 delims=," %%A in ('wmic diskdrive get size /FORMAT:csv') do (set "hddsize=%%A")
set hdd=%hddsize:~0,-4%
set /a hdd=hdd/1048576

set TimeStamp=%DATE:~10,4%%DATE:~4,2%%DATE:~7,2%

REM Creates Network Log File
echo. >>l:\DiskWipeResults.txt
echo Date:       %TimeStamp% >>l:\DiskWipeResults.txt
echo Serial:     %serial% >>l:\DiskWipeResults.txt
echo Vendor:     %compvendor% >>l:\DiskWipeResults.txt
echo Model:      %compname% >>l:\DiskWipeResults.txt
echo CPU Type \ Speed:   %CPUname% >>l:\DiskWipeResults.txt
echo Memory:    %Memory%MB >>l:\DiskWipeResults.txt
echo HDD Size:   %hdd%GB >>l:\DiskWipeResults.txt
echo ____________________________________________________________ >>l:\DiskWipeResults.txt

REM Creates Network Label for Machine
echo Vendor:     %compvendor% >>l:\DiskWipe-%serial%.txt
echo Model:      %compname% >>l:\DiskWipe-%serial%.txt
echo Serial:     %serial% >>l:\DiskWipe-%serial%.txt
echo CPU Type \ Speed:   %CPUname% >>l:\DiskWipe-%serial%.txt
echo Memory:    %Memory%MB >>l:\DiskWipe-%serial%.txt
echo HDD Size:   %hdd%GB >>l:\DiskWipe-%serial%.txt
echo. >>l:\DiskWipe-%serial%.txt
echo Asset Tag:  ____________________ >>l:\DiskWipe-%serial%.txt
echo. >>l:\DiskWipe-%serial%.txt
echo DoD 5220.22-M sanitization Wipe using MS SDELETE - 7 Passes >>l:\DiskWipe-%serial%.txt
echo Date Sanitzed: %TimeStamp% >>l:\DiskWipe-%serial%.txt
echo. >>l:\DiskWipe-%serial%.txt
echo. >>l:\DiskWipe-%serial%.txt
echo Sanitized and Verified By:  ______________________________ >>l:\DiskWipe-%serial%.txt

REM Creates Local Log file that displays at end of Process

echo Disk Wipe Complete, Please Record Data for Records >>X:\Windows\JobComplete.txt
echo This computer has finished with a DoD 5220.22-M sanitization of the local hard drive. >>X:\Windows\JobComplete.txt
echo Please close this file and turn off the computer. >>X:\Windows\JobComplete.txt
echo. >>X:\Windows\JobComplete.txt
echo Date:       %TimeStamp% >>X:\Windows\JobComplete.txt
echo Serial:     %serial% >>X:\Windows\JobComplete.txt
echo Vendor:     %compvendor% >>X:\Windows\JobComplete.txt
echo Model:      %compname% >>X:\Windows\JobComplete.txt
echo CPU Type \ Speed:   %CPUname% >>X:\Windows\JobComplete.txt
echo Memory:    %Memory%MB >>X:\Windows\JobComplete.txt
echo HDD Size:   %hdd%GB >>X:\Windows\JobComplete.txt
X:\Windows\JobComplete.txt

-------

sdelete.reg file:
-------
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Sysinternals\SDelete]
"EulaAccepted"=dword:00000001
--------

Package Contents (Scripts and Files used): http://garytown.com/Downloads/SDelete.zip
Sdelete download: http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx

9 thoughts on “Secure Wipe with logging using ConfigMgr Task Sequence

  • February 5, 2016 at 10:22 am
    Permalink

    Great article - needs one change to work in CONFIGMGR R2 Sp1 and greater.

    SDelete -p C: -c -s -z /AcceptEULA

    Reply
    • February 5, 2016 at 12:31 pm
      Permalink

      I'm currently running ConfigMgr R2 SP1, with Window 10 x86 WinPE, and it is working without adding the /AcceptEULA. The Step to accept EULA takes care of it. I'm running the TS right now to confirm that it is working... on Wipe Disk Pass 1, might be awhile before it finishes. But so far so good.

      Reply
  • June 12, 2016 at 3:18 pm
    Permalink

    Thx, great article.
    I've added a JobStart.bat to write startdate and starttime to txt files and in JobComplete read starttime to compare the white duration. Also I've added mic csproduct get version (lenovo device names are in version).

    Br
    Pat

    Reply
  • February 13, 2017 at 10:12 am
    Permalink

    I had to change the SDelete command to:
    sdelete64.exe -p 1 -c C: -z

    It was requiring a drive letter to work.

    Reply
    • February 13, 2017 at 11:13 am
      Permalink

      Did you have the "Start in" part set to c:\?

      Reply
    • February 14, 2017 at 10:46 am
      Permalink

      Thanks, I appreciate the information. I haven't used this method since we went with Active Killdisk. (Business Requirement, I can't say it's actually any better, it's definitely more complicated).

      Reply
  • June 14, 2017 at 5:56 am
    Permalink

    Hi Guys, can any one give me a indication as to how long this process took to complete? I am using SDelete.exe 1.61 and it has been running for 4 hours now, still on Pass 2

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *