Wipe your device script without Intune

Wipe your device script without Intune

Howto wipe/reset your Windows 10 Device, the scripted way without Intune.

Of course you can run: Systemreset.exe or do a reset manually. Some time ago I tested the possibility to reset your device with the MDM Bridge WMI Provider.

It works great… But starting Powershell as admin and elevating the PowerShell session to the system account, was time taking. Also, I wanted to export the autopilot info at the same time without prompting for a username and password. So I created a Powershell Script to do the same with only 1 UAC prompt.

The powershell script has 3 parts

  1. Reset Device WMI Part
  2. Autopilot export and Email (or auto-upload) part
  3. Downloading Sysinternal Tools and extracting it

It just simply starts the script… creates 2 scripts. Runs the first script as admin (UAC prompt) and after the first script, it runs the second script (Reset Device) as system.

It’s not the nicest script… but it gets the job done. You can also create a Flow to automate the autopilot part instead. And you can also create a nice “GUI” instead of the script… :), to make it look better.

#Default settings

set-executionpolicy -scope currentuser unrestricted -force
$ErrorActionPreference= ‘silentlycontinue’
$global:ProgressPreference = ‘SilentlyContinue’
$tenantname = “tenantname.onmicrosoft.com”
New-Item -Path c:\programdata\customscripts -ItemType Directory -Force -Confirm:$false | out-null

#MDM WMI Bridge part
$reset =
$namespaceName = “root\cimv2\mdm\dmmap”
$className = “MDM_RemoteWipe”
$methodName = “doWipeMethod”
$session = New-CimSession
$params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection
$param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create(“param”, “”, “String”, “In”)
$instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter “ParentID=’./Vendor/MSFT’ and InstanceID=’RemoteWipe'”
$session.InvokeMethod($namespaceName, $instance, $methodName, $params)

#export Autopilot info and email it part
$start =
$ProgressPreference = “SilentlyContinue”
$ErrorActionPreference= ‘silentlycontinue’
$OriginalPref = $ProgressPreference
New-Item -Path c:\programdata\customscripts -ItemType Directory -Force -Confirm:$false | out-null
install-packageprovider -name nuget -minimumversion -force | out-null
Save-Script -Name Get-WindowsAutoPilotInfo -Path c:\ProgramData\CustomScripts -force | out-null
Autopilot Info Uploaden
Upload-WindowsAutopilotDeviceInfo -TenantName $tenantname -OrderIdentifier “AADUserDriven” -Verbose
start-sleep -s 10
c:\ProgramData\CustomScripts\Get-WindowsAutoPilotInfo.ps1 -OutputFile c:\ProgramData\CustomScripts\MyComputer.csv
$EmailBody = $event
$EmailFrom = “$PCName@domeinnaam.nl”
$EmailTo = “autopilot@domeinnaam.nl”
$EmailSubject = “Autopilot CSV”
$SMTPServer = “tennantname.onmicrosoft.com”
Write-host “Sending Email”
Send-MailMessage -From $EmailFrom -To $EmailTo -Subject $EmailSubject -SmtpServer $SMTPServer -Attachments c:\ProgramData\CustomScripts\mycomputer.csv

#Start PowerShell session as system
Start-Process -FilePath “c:\ProgramData\CustomScripts\pstools\psexec.exe” -windowstyle hidden -ArgumentList ‘-i -s cmd /c “powershell.exe -ExecutionPolicy Bypass -file c:\programdata\customscripts\reset.ps1″‘

#Export script to programdata folder
Out-File -FilePath $(Join-Path $env:ProgramData CustomScripts\reset.ps1) -Encoding unicode -Force -InputObject $reset -Confirm:$false
Out-File -FilePath $(Join-Path $env:ProgramData CustomScripts\start.ps1) -Encoding unicode -Force -InputObject $start -Confirm:$false

#Accepteula Psexec

reg.exe ADD HKCU\Software\Sysinternals /v EulaAccepted /t REG_DWORD /d 1 /f | out-null

#Sysinternals download part
invoke-webrequest -uri: “https://download.sysinternals.com/files/SysinternalsSuite.zip” -outfile “c:\programdata\customscripts\pstools.zip” | out-null
Expand-Archive c:\programdata\customscripts\pstools.zip -DestinationPath c:\programdata\customscripts\pstools -force | out-null

#Start Powershell Script as Admin
Start-Process powershell -ArgumentList ‘-noprofile -file c:\programdata\customscripts\start.ps1’ -verb RunAs

One thought on “Wipe your device script without Intune

Leave a Reply

Your email address will not be published. Required fields are marked *