![]() ![]() Otherwise, you could end up with 0 kb filesĪlso attaching the VHDX to another VM I had on that same Hyper-V server gives us the possibility to open those files!!!! That’s very very very bad! we can copy that sensitive information to our own device! 3.3 “Wipe device, and continue to wipe….AKA DoWipeProtected” *Please note: When using OneDrive Files on-demand functionality, only the files that are marked as “ Always Keep on this device” are accessible. *It’s possible to open all of the files!!!! How the hell should that be possible? I am wiping the device and choosing to NOT retain data!!!!!, so why is there still sensitive data on it? So I wanted to see what happens when we performed a Remote wipe on a device that was previously Bitlocker Enabled and just used Shift+f10 to get a system CMD?Īs shown below. Let’s continue because the errors I got when locally opening the VHDX were a little bit weird in my opinion. Opening the file gave us this message: “The System couldn’t get access to the file”īut I am not done yet, let’s see what happens when we fire up the VM itself and start opening the file with the use of Shift+F10 at the login screen or just attach the VHDX to a different VM. With this first attempt, it really looked like the files couldn’t be opened because copying gave use the error: 0x80070780 I am opening this VHDX from my HyperV 2016 test serverĪs shown above… in the Windows.old folder there is still old user data with all our OneDrive KFM data left in it? I guess the warning that Microsoft gives us: “This removes all personal and company data and settings from this device” is not totally true with Windows 11“īut let’s find out if we are able to open those files? Because having those files still on the device is 1 but having the possibility to open it is 2. Let’s take a look first at how it looks when we mount the VHDX from a VM in which I tested this Remote Wipe. Bitlocker protection is also removed! So we end up with some sensitive data on a non-encrypted hard Disk? But that’s not a big deal if BitLocker was still enabled but we all know what happens when we perform a remote wipe of the device…. Locally opening the VHDXĪfter wiping the device which was installed with Window 11 21H2 and previously encrypted with Bitlocker, we noticed that the old personal user data folder was moved to Windows. Each time the Virtual Machine was 100% done enrolling with Bitlockerģ.2 Using Shift+F10 at the sign-in screenģ.3 Wipe device, and continue to wipe…. I will divide this part into multiple subparts because I wanted to know what happens when performing a Remote Wipe on a Windows 11 VM in different kinds of situations. ![]() So what happens when we execute the same Remote Wipe from Intune on a Windows 11 device? We will notice something different! Of course, we are making sure we don’t select the option to retain the user data option Looking at the picture above, that is what you expect to happen when performing a remote WIPE! 3.Remote Wiping Windows 11īut the device in question was installed with Windows 11. Luckily this folder is very empty when performing a remote wipe from Intune on a Windows 10 Device! Also, we could notice a Windows.old folder in the root. After taking a look at what’s left on the hard disk we will notice it is no longer encrypted with Bitlocker. ![]() When performing a remote wipe from Intune on a Windows 10 21H1 device and we don’t select the retain data option, your device will be reinstalled and “wiped” as expected. So we made sure we didn’t select anything, let me show what happened! I will show you what happens and of course, the differences when you perform a remote wipe on Windows 10 and Windows 11. “ All data, apps and settings will be removed” So what happens when we DIDN’T select anything and DIDN’T select the option to retain enrollment and the user data? Microsoft is telling us: So you decide to perform a remote wipe to make sure the device is wiped clean!Īs shown above, when performing a remote wipe you will be prompted with multiple options. ![]() But as explained in the blog above we have multiple options to perform a remote wipe. This company is located a couple of 100 miles away so sending someone in to reimage the device was a no-go at this time. Luckily she is using OneDrive with Known Folder Move activated, so setting up her old notebook is going to be a piece of cake but what about her old device? She tells you, she just received her brand new notebook and wanted to pass her old device (almost brand new) to a colleague of hers. Imagine the day you receive a Phone call from a CFO for a company you work for. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |