Skip to main content

Wiping Remote Machines

R
Forum|alt.badge.img

Hi Everyone,


A large request from my team was the ability to remote wipe machines. As we all know our remote work force is getting larger and sometimes it is hard to get an asset back. Below is a Worklet I created that will wipe a machine with no user interaction. Be CAREFUL and do not run this on your machine. Once it starts it will take a few seconds to run. I recommend creating a group called YourCompanyName - Tech Worklets or Remote Wipe. Then assign machines to the policy that you want to remotely wipe. I would then recommend removing them after a few minutes.


$namespaceName = “root\cimv2\mdm\dmmap”

$className = “MDM_RemoteWipe”

$methodName = “doWipeMethod”


$session = New-CimSession


$params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection

$param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create(“param”, “”, “String”, “In”)

$params.Add($param)


$instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter “ParentID=’./Vendor/MSFT’ and InstanceID=‘RemoteWipe’”

$session.InvokeMethod($namespaceName, $instance, $methodName, $params)

    15 replies

    A
    • Anonymous
    • 0 replies
    • August 20, 2021

    Hey, @Ronald_Freed – that’s a good one/looks legit! Thanks for the warnings, also - to reiterate: THIS WILL WIPE YOUR REMOTE DEVICES, Y’ALL. I can see some interesting use-cases, but take Ronald’s warning(s) seriously…it’ll definitely be a pain to accidentally wipe an endpoint or fifty. 🤘

    R
    1 person likes this
    • R
      Ronald_Freed
    S
    Forum|alt.badge.img
    • srheins
    • Pro
    • 49 replies
    • August 23, 2021

    I tried your script and got the following error:


    At C:\ProgramData\amagent\execDir294130823\execcmd339520570.ps1:8 char:75 + … rosoft.Management.Infrastructure.CimMethodParameter]::Create(�?oparam … + ~ Missing ‘)’ in method call. At C:\ProgramData\amagent\execDir294130823\execcmd339520570.ps1:8 char:75 + … gement.Infrastructure.CimMethodParameter]::Create(�?oparam�??, �?o�?? … + ~~~~~~~~~~~ Unexpected token ‘�?oparam�??’ in expression or statement. At C:\ProgramData\amagent\execDir294130823\execcmd339520570.ps1:8 char:86 + … ement.Infrastructure.CimMethodParameter]::Create(�?oparam�??, �?o�??, … + ~ Missing argument in parameter list. At C:\ProgramData\amagent\execDir294130823\execcmd339520570.ps1:8 char:118 + … MethodParameter]::Create(�?oparam�??, �?o�??, �?oString�??, �?oIn�??) + ~ Unexpected token ‘)’ in expression or statement. + CategoryInfo : ParserError: (🙂 [], ParentContainsErrorRecordException + FullyQualifiedErrorId : MissingEndParenthesisInMethodCall COMMAND TIMED OUT.

    Lantz
    • Lantz
    • Novice
    • 8 replies
    • August 24, 2021

    This is awesome! Thanks!

    M
    Forum|alt.badge.img
    • Mrichards
    • Power User
    • 58 replies
    • August 24, 2021

    We also use this, works really well if you wanna lock a termed user out but retain the data


    MFKDGAF
    • MFKDGAF
    • Novice
    • 6 replies
    • August 26, 2021

    @Mrichards What are the prerequisites for running this script?

    I did try running it on a test machine but ran in to some errors such as winrm not being configured and the script not being able to disable cached creds or change local account passwords. I’m assuming not being able to change the local account passwords has something to do with the system.web.security.membership.

    R
    Forum|alt.badge.img
    • Ronald_Freed
    • Author
    • Novice
    • 9 replies
    • August 27, 2021

    exit 0

    T
    • Tina.Perry
    • Rookie
    • 4 replies
    • September 8, 2021

    Anyone managed to get this working?

    R
    Forum|alt.badge.img
    • Ronald_Freed
    • Author
    • Novice
    • 9 replies
    • September 8, 2021

    Hi Tina. Please make sure the Evaluation Code is set to exit 0 and then enter the code above in the Remediation Code.


    Thanks,

    Ronald Freed

    T
    • Tina.Perry
    • Rookie
    • 4 replies
    • September 8, 2021

    Thank you 🙂

    R
    1 person likes this
    • R
      Ronald_Freed
    0
    Forum|alt.badge.img

    @srheins I am getting the same error, did you ever figure it out?

    S
    Forum|alt.badge.img
    • srheins
    • Pro
    • 49 replies
    • December 2, 2021

    I never got an answer to my question.

    0
    Forum|alt.badge.img

    @Ronald_Freed , any thoughts?

    0
    Forum|alt.badge.img

    @srheins I figured out the problem. The computer (powershell?) doesnt like the formatting for the “” and ‘’ that the automox community page has. Try this.

     

    $namespaceName = "root\cimv2\mdm\dmmap"
$className = "MDM_RemoteWipe"
$methodName = "doWipeMethod"
$session = New-CimSession
$params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection
$param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create("param", "", "String", "In")
$params.Add($param)
$instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT' and InstanceID='RemoteWipe'"
$session.InvokeMethod($namespaceName, $instance, $methodName, $params)

     

    M
    Forum|alt.badge.img

    No luck getting either of these scripts to work. Got the same error as @srheins above. I found somewhere that powershell needs to be run as “system” (running as admin isn’t enough). Has anyone had any luck with this? 

    0
    Forum|alt.badge.img
    michael.king wrote:

    No luck getting either of these scripts to work. Got the same error as @srheins above. I found somewhere that powershell needs to be run as “system” (running as admin isn’t enough). Has anyone had any luck with this? 

     

    The block above your post worked for me. There was a formatting error with the ‘

    Reply


    Terms & ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings