Testing

Windows 10 Full Device Wipe via PowerShell

Posted on Updated on

One of the new capabilities of Windows 10 is the ability to manage it like a mobile device using Configuration Service Providers.  One of those functions is the ability to perform a full wipe (restore to factory default) of the device using the RemoteWipe CSP.  While this capability can be accomplished using a MDM provider such as Microsoft Intune, you may at some point have the need to demonstrate it without a device being managed.

!!! WARNING !!! CAUTION !!! DISCLAIMER !!!
Using the script below will cause the Windows 10 system to immediately perform a reset of Windows to factory default.  No data and no applications are saved.  Use extreme caution when testing this script.  Setting it up for deployment with a tool (such as ConfigMgr) could come with extreme consequences if incidentally deployed.
!!! WARNING !!! CAUTION !!! DISCLAIMER !!!

Now that you’ve been fully warned, to demonstrate how to use the RemoteWipe and invoke the doWipeMethod, please reference the example script at https://msdn.microsoft.com/en-us/library/windows/desktop/dn948434.aspx.  Also, it could be good to add a user input for a “password” to continue and it can easily be added to front of the script.  For example:

$pass = Read-Host 'Enter the password to perform a full wipe of Windows 10 to factory defaults.'

if ($pass -eq '1-2-3-4-5') {
    write-host -ForegroundColor Green 'Password accepted ... That''s amazing. I''ve got the same combination on my luggage!!' }
else {
    write-host -ForegroundColor Red 'Wrong password, terminating script'
    exit
}

 

Testing Windows 10 Assigned Access

Posted on Updated on

Based upon the information in article Set up a kiosk on Windows 10, it is possible to quickly setup a Windows 10 UWP app to run with Assigned Access.  From that article, I’ve outlined (below) the quick-start steps for testing purposes.

  1. Login to Windows with an account that has local admin rights.
  2. Create a local user account (such as “kiosk”) with a password and do not grant the account local admin privileges.
  3. Sign out of Windows.
  4. Login to Windows with the kiosk user account so that it builds the profile.
  5. If the tablet has physical keyboard capabilities, then change that user to use Tablet Mode and log out.  Otherwise, skip this step.
  6. Login to Windows with the local admin account.
  7. Edit the registry to enable auto login of the kiosk account.
  8. Use the PowerShell script in this article to get the AUMID for the UWP app.
    • If you’re just looking for a quick example, use the MSN News app with ID – Microsoft.BingNews_8wekyb3d8bbwe!AppexNews
  9. Based upon the information in the previous step, run a PowerShell command in this article to set the kiosk user to have assigned access to your UWP app.
  10. Verify that the user was properly assigned to launch the application by:
    • Start > Settings > User accounts > Family and other users
    • Under the “Other Users” section, select “Set up assigned access”
    • Ensure the user shows the application

Also, to sideload a UWP application, see this information: https://msdn.microsoft.com/en-us/windows/uwp/packaging/packaging-uwp-apps#sideload-your-app-package.

More information on best practices for developing UWP apps for Assigned Access: https://msdn.microsoft.com/en-us/library/windows/hardware/mt633799.aspx