So many years ago I blogged about using sdelete to run a secure wipe task task squence.
Secure Wipe with logging using ConfigMgr Task Sequence – GARYTOWN ConfigMgr Blog
Since then, I've updated it a bit, and I'm reposting and uploading the Task Sequence.
There are no packages associated with it, all content it needs is downloaded from the internet. If the devices you're wiping don't have internet, you'll have to redo a bit to put the contents into packages.Secure Wipe Task Sequence (65 downloads)
Task Sequence in Console
- If Starting from Windows
- Suspend Bitlocker
- Restart into WinPE
- Wipe Drive
- Gather - This gathers a lot of information about the device into task sequence variables, which will get used in BGInfo and in the SDELETE step
- Steps for BGInfo
- Partition Disk 0 - BIOS - Quick - Does a Quick format of the drive
- Partition Disk 0 - UEFI - Quick - Does a Quick format of the drive
- BGInfo Populate - Run PowerShell that tags a bunch of info for BGInfo Template to consume
- Set BGInfo Background - Run PowerShell that downloads BGInfo.zip from Microsoft, extracts, then downloads the BGInfo Template from my Github, and launches - recommend you copy the template and modify to your content, and host it somewhere else.
- Full Format if NOT VM
- Partition Disk 0 - BIOS - Quick - Does a Full format of the drive (For Fun)
- Partition Disk 0 - UEFI - Quick - Does a Full format of the drive (For Fun)
- Secure Delete Free Space (SDELETE) - Runs PowerShell that downloads SDELETE from Microsoft and runs it for 7 passes.
- Popup if Success... lets you know all is well
- Popup if Fail... lets you know all is not well.
Task Sequence Running
These are all embedded scripts, so if you import the TS, they will be there, otherwise they are on GitHub too
garytown/BGInfoRegBuilderTS.ps1 at master · gwblok/garytown · GitHub
garytown/BGINFO_DL_Launch.ps1 at master · gwblok/garytown · GitHub
garytown/SecureWipeSDELETE.ps1 at master · gwblok/garytown · GitHub