Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/docs/solutions/windows/scripts
History
Adam Baali 5a660613db
Add and document fallback script for wiping Windows devices (#42230) 
Add fallback wipe script for Windows hosts (#34994)

When Fleet's built-in Windows wipe action fails (MDM command returns
status 500, device not wiped), there is no documented fallback. This PR
adds a script that can be run via Fleet to wipe the device when the
native wipe fails.

## Changes

- `docs/solutions/windows/scripts/wipe-windows-device.ps1` - Fallback
wipe script
- `articles/lock-wipe-hosts.md` - Reference to fallback script added
under Windows wipe section

## What the script does

1. Validates and repairs WinRE if disabled (confirmed root cause of wipe
failures in #34994)
2. Checks Component Store integrity via DISM
3. Suspends BitLocker for one reboot cycle
4. Triggers wipe via WMI-to-CSP bridge (`doWipeProtected`, falls back to
`doWipe`), bypassing the MDM command queue

Fully unattended. No user interaction required. Exits 0 on success, 1 on
failure.

## Context

Every fully unattended Windows wipe method uses the same RemoteWipe CSP.
There is no alternative Windows API. This script adds value by fixing
the root causes before calling the wipe, and by bypassing the MDM
command queue where server-side failures (DB timeouts, auth errors) can
occur.

Closes #34994

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added an administrator-only Windows device wipe utility that performs
staged system checks (recovery environment, system health, and disk
protection), attempts to suspend drive protection for a reboot, invokes
multiple local wipe triggers with fallbacks, creates a timestamped audit
log of actions, and provides clear success/failure summaries with likely
causes and suggested next steps.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: CodeRabbit <noreply@coderabbit.ai>
2026-04-16 11:49:53 -04:00
..
download-cloudflare-warp.ps1 Solutions folder script name cleanup (#38951) 2026-01-29 20:39:20 -05:00
fix-windows-mdm-migration.ps1 Combine Windows MDM migration remediation into single script (#41537) 2026-03-13 08:59:27 +01:00
hide-windows-insider-settings-page.ps1 Solutions folder script name cleanup (#38951) 2026-01-29 20:39:20 -05:00
install-chatgpt.ps1 Windows scripts update (#40107) 2026-02-19 13:58:10 -06:00
prevent-uninstall-or-modification-of-fleet-osquery.ps1 Solutions folder script name cleanup (#38951) 2026-01-29 20:39:20 -05:00
set-screen-saver-grace-period.ps1 Solutions folder script name cleanup (#38951) 2026-01-29 20:39:20 -05:00
toggle-fleetd-debug.ps1 Add fleetd debug script for Windows (#40831) 2026-03-02 15:41:25 -06:00
trigger-scep-enrollment.ps1 Solutions folder script name cleanup (#38951) 2026-01-29 20:39:20 -05:00
turn-on-mdm-notification.ps1 Windows scripts update (#40107) 2026-02-19 13:58:10 -06:00
wipe-windows-device.ps1 Add and document fallback script for wiping Windows devices (#42230) 2026-04-16 11:49:53 -04:00