Wiping Remote Machines

Hi Everyone,

A large request from my team was the ability to remote wipe machines. As we all know our remote work force is getting larger and sometimes it is hard to get an asset back. Below is a Worklet I created that will wipe a machine with no user interaction. Be CAREFUL and do not run this on your machine. Once it starts it will take a few seconds to run. I recommend creating a group called YourCompanyName - Tech Worklets or Remote Wipe. Then assign machines to the policy that you want to remotely wipe. I would then recommend removing them after a few minutes.

$namespaceName = “root\cimv2\mdm\dmmap”
$className = “MDM_RemoteWipe”
$methodName = “doWipeMethod”

$session = New-CimSession

$params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection
$param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create(“param”, “”, “String”, “In”)
$params.Add($param)

$instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter “ParentID=’./Vendor/MSFT’ and InstanceID=‘RemoteWipe’”
$session.InvokeMethod($namespaceName, $instance, $methodName, $params)

4 Likes

Hey, @Ronald_Freed – that’s a good one/looks legit! Thanks for the warnings, also - to reiterate: THIS WILL WIPE YOUR REMOTE DEVICES, Y’ALL. I can see some interesting use-cases, but take Ronald’s warning(s) seriously…it’ll definitely be a pain to accidentally wipe an endpoint or fifty. :metal:

1 Like

I tried your script and got the following error:

At C:\ProgramData\amagent\execDir294130823\execcmd339520570.ps1:8 char:75 + … rosoft.Management.Infrastructure.CimMethodParameter]::Create(�?oparam … + ~ Missing ‘)’ in method call. At C:\ProgramData\amagent\execDir294130823\execcmd339520570.ps1:8 char:75 + … gement.Infrastructure.CimMethodParameter]::Create(�?oparam�??, �?o�?? … + ~~~~~~~~~~~ Unexpected token ‘�?oparam�??’ in expression or statement. At C:\ProgramData\amagent\execDir294130823\execcmd339520570.ps1:8 char:86 + … ement.Infrastructure.CimMethodParameter]::Create(�?oparam�??, �?o�??, … + ~ Missing argument in parameter list. At C:\ProgramData\amagent\execDir294130823\execcmd339520570.ps1:8 char:118 + … MethodParameter]::Create(�?oparam�??, �?o�??, �?oString�??, �?oIn�??) + ~ Unexpected token ‘)’ in expression or statement. + CategoryInfo : ParserError: (:slight_smile: [], ParentContainsErrorRecordException + FullyQualifiedErrorId : MissingEndParenthesisInMethodCall COMMAND TIMED OUT.

This is awesome! Thanks!

1 Like

We also use this, works really well if you wanna lock a termed user out but retain the data

1 Like

@Mrichards What are the prerequisites for running this script?
I did try running it on a test machine but ran in to some errors such as winrm not being configured and the script not being able to disable cached creds or change local account passwords. I’m assuming not being able to change the local account passwords has something to do with the system.web.security.membership.

exit 0

Anyone managed to get this working?

Hi Tina. Please make sure the Evaluation Code is set to exit 0 and then enter the code above in the Remediation Code.

Thanks,
Ronald Freed

Thank you :slight_smile:

1 Like