Windows Device Erase Script

Problem Overview

When a Windows device is lost, stolen, decommissioned, or repurposed, IT professionals need a reliable way to erase sensitive data. This script automates secure device erasure, reducing the risk of unauthorized access to corporate or personal information. It ensures that credentials, system logs, and other sensitive data are removed quickly and efficiently.

Description

This script securely wipes critical user and system data, including:

• User Data Removal – Recursively deletes all user files and profiles.
• Credential & Network Erasure – Removes saved VPN credentials, Wi-Fi profiles, SSH keys, and Windows credential manager entries.
• Browser & Application Data Wipe – Clears Chrome, Outlook, and other locally stored application data.
• System Restore & Logs Cleanup – Disables system restore, deletes all restore points, and clears all event logs.
• Full Drive Wipe – Attempts to wipe all fixed drives, ensuring no residual data remains.

This script is highly destructive and should only be used in scenarios where complete data removal is required.

Script

<#
This resource is provided as a convenience for Level users. We cannot 
guarantee it will work in all environments. Please test before deploying 
to your production environment. We welcome contributions to our community 
library

Level Library
https://level.io/library/script-windows-device-erase-script
#>


# WARNING: Dangerous operation - Recursively delete files and directories for all users
Get-ChildItem -Path "C:\Users" -Recurse | Remove-Item -Force -Recurse
Get-CimInstance -ClassName Win32_UserProfile | Where-Object { -not $_.Special } | Remove-CimInstance

# Clear Browser Data (Example for Chrome, modify for other browsers as needed)
Remove-Item "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\*" -Recurse -Force

# Clear Outlook Data (Modify the path if different)
Remove-Item "$env:APPDATA\Microsoft\Outlook\*" -Recurse -Force

# Remove VPN Credentials (Example for a specific VPN client, modify as needed)
Remove-Item "Path\To\VPN\Credentials\Store" -Force

# Remove Saved Wi-Fi Networks
netsh wlan delete profile name="*"

# Remove Windows Credentials
cmdkey /list | ForEach-Object {if ($_ -like "*Target:*") {cmdkey /delete:($_ -replace " ","" -replace "Target:","")}}

# Remove SSH Keys (if applicable)
Remove-Item "$env:USERPROFILE\.ssh\*" -Force -Recurse

# Clear all System Restore Points.
Disable-ComputerRestore -Drive "C:\"
vssadmin Delete Shadows /All /Quiet

# Clear all event logs.
Get-EventLog -LogName * | ForEach { Clear-EventLog -LogName $_.Log }

# WARNING: Highly destructive operation. Proceed with caution.
# The script will attempt to wipe all fixed drives.
Get-WmiObject -Class Win32_LogicalDisk | Where-Object { $_.DriveType -eq 3 } | ForEach-Object {
    $drive = $_.DeviceID
    Write-Host "Wiping $drive..."
    Remove-Item "$drive\*" -Recurse -Force
}

Use Cases

• Lost or Stolen Device Protection – Erase compromised devices remotely.
• Decommissioning Old Hardware – Securely wipe devices before disposal or repurposing.
• Security Incident Response – Remove sensitive data quickly in case of a breach.
• Regulatory Compliance – Ensure data is erased per security policies and compliance requirements.
• Automated IT Asset Management – Integrate with Level’s automation to trigger wipes under specific conditions.

Recommendations

• Pair with Lost/Stolen Endpoint Automation – Automate execution when a device is flagged as missing.
• Test Before Deployment – Run in a controlled environment before use in production.
• Use with Caution – This script is irreversible and will completely erase all user data.
• Modify for Specific Needs – Customize paths for browser data, VPN credentials, or other application data if needed.

FAQ

• Can I recover data after running this script?
  ‍No. This script is designed to permanently delete files and wipe drives. Data recovery is highly unlikely.

• Does this script format the drive?
  ‍No, but it recursively deletes all data on fixed drives. A full format would require additional disk-wiping utilities.

• Can this be executed remotely?
  ‍Yes, it can be triggered remotely via Level’s automation framework.

• What if I only want to erase specific user data but not the entire drive?
  ‍Modify the script to exclude the full drive wipe section and target only specific folders.

• Will this remove BitLocker encryption?
  ‍No, BitLocker-protected drives remain encrypted, but data inside them will be deleted.

• Is this script compliant with security regulations like GDPR or HIPAA?
  ‍While it securely erases data, compliance depends on your organization’s policies. For complete compliance, consider additional secure wipe methods.