Posts: 14,250 +159
In brief: Windows users looking to run Microsoft’s Intune disk wipe function might want to reconsider. Microsoft MVP Rudy Ooms recently discovered that performing a remote or local wipe on Windows 10 21H2 or Windows 11 21H2 leaves behind personal data in the Windows.old folder.
According to Microsoft, performing the wipe function “removes all personal and company data and settings” from a device.
Sorry for ruining your Sunday, but performing a remote or local Wipe on Windows 10 21H2 also leaves the userdata readable in the Windows.old folder#intune #mem #msintune #mempowered— Rudy Ooms | MVP 🇳🇱 (@Mister_MDM) February 20, 2022
Upon further testing, Ooms found the operation did work as advertised with Windows version 21H1 but not 21H2. Worse yet, it didn’t take much work to be able to read the left-behind files and access potentially sensitive data as BitLocker protection is also removed. Not good.
Ooms created a PowerShell Script to address the issue until Microsoft can introduce a formal patch. It's available to download in his blog post on the issue should you be interested.
The fiasco brings up a good question. We’ve discussed data backup strategies in the past, but what is your data wiping strategy? Do you rely on software tools to wipe and repurpose or take a hardware-centric approach?
I personally have no problem with handing down old hardware, but I always pull the storage drive and replace it with a new unit as it’s just not worth the risk in my opinion. Once I’m certain I’ve backed up everything I need, I’ll format the old drive before physically destroying it.
Turns out, they’re great for target practice.
Image credit Pixabay