Secure Wipe with SDELETE revisited

So many years ago I blogged about using sdelete to run a secure wipe task task squence.

Secure Wipe with logging using ConfigMgr Task Sequence – GARYTOWN ConfigMgr Blog

Since then, I’ve updated it a bit, and I’m reposting and uploading the Task Sequence.

There are no packages associated with it, all content it needs is downloaded from the internet. If the devices you’re wiping don’t have internet, you’ll have to redo a bit to put the contents into packages.

Secure Wipe Task Sequence (2202 downloads )

Task Sequence in Console

  • If Starting from Windows
    • Suspend Bitlocker
    • Restart into WinPE
  • Wipe Drive
    • Gather – This gathers a lot of information about the device into task sequence variables, which will get used in BGInfo and in the SDELETE step
    • Steps for BGInfo
      • Partition Disk 0 – BIOS – Quick – Does a Quick format of the drive
      • Partition Disk 0 – UEFI – Quick – Does a Quick format of the drive
      • BGInfo Populate – Run PowerShell that tags a bunch of info for BGInfo Template to consume
      • Set BGInfo Background – Run PowerShell that downloads BGInfo.zip from Microsoft, extracts, then downloads the BGInfo Template from my Github, and launches – recommend you copy the template and modify to your content, and host it somewhere else.
    • Full Format if NOT VM
      • Partition Disk 0 – BIOS – Quick – Does a Full format of the drive (For Fun)
      • Partition Disk 0 – UEFI – Quick – Does a Full format of the drive (For Fun)
    • Secure Delete Free Space (SDELETE) – Runs PowerShell that downloads SDELETE from Microsoft and runs it for 7 passes.
    • Popup if Success… lets you know all is well
    • Popup if Fail… lets you know all is not well.

Task Sequence Running

Scripts

These are all embedded scripts, so if you import the TS, they will be there, otherwise they are on GitHub too

garytown/BGInfoRegBuilderTS.ps1 at master · gwblok/garytown · GitHub

garytown/BGINFO_DL_Launch.ps1 at master · gwblok/garytown · GitHub

garytown/SecureWipeSDELETE.ps1 at master · gwblok/garytown · GitHub

GARYTOWN.COM

1 thought on “Secure Wipe with SDELETE revisited”

  1. Works flawlessly here. Great work Gary! I added a step to wipe the TPM chip on my HP devices and set bios to factory defaults. This is done with the old tool BiosConfigUtility64.exe from HP.

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.