<div>
Last I heard, Microsoft has made no claim nor put effort into making their built in reset complaint with any sort of government standard. &nbsp;You'll want to use a reputable shredding service or appropriate hardware to accomplish that task. &nbsp;If you are doing large numbers of devices, there are dedicated hardware devices (inexpensive even) that can identify, wipe, and create a label for a compatible printer to verify the full wipe.
</div>


<div>
I agree. Windows 10 Reset does not fully delete everything so you should not depend upon it. As Cliff notes, use a file shredding program.
</div>


<div>
Or simply run a script after the reset:<br />
Cipher /w:c:<br />
If what cipher does is enough for you (read the documentation).
</div>


<div>
The desire is to be able to donate or resell these assets with the OS intact after a wipe, but prevent any access to proprietary or sensitive data. Microsoft claims that choosing the &quot;Remove Everything&quot; option for a Windows 10 reset makes it more difficult to retrieve any data from the HDD, but doesn't provide specificity as to the method used or its depth. Is there a recommended application or process for leaving the recovery partition intact in this scenario?
</div>


<div>
Thanks for the suggestion McKnife, I will investigate Cipher further.
</div>


<div>
If you care about your data, don't worry about leaving the OS intact. Just wipe and then donate. &nbsp;All it takes is one virus-infected machine where the virus was left on the recovery partition to leave you in a huge liability situation otherwise. While aside from SOX, it is still a legitimate corporate risk.<br />
<br />
If you are in the business of reselling second-hand computers then Microsoft has partner program to legally get licenses for reselling second-hand PCs. Do that so what you resell is clean and legal.<br />
<br />
And if you aren't in your business, forego the reselling aspect. That's not your business model. &nbsp;Donate to an outfit that does the above and is a Microsoft partner. Then they'll handle getting the devices licensed and won't need the recovery partition.<br />
<br />
Either way, I wouldn't try to do both of your goals. It costs more than its worth.
</div>


<div>
It appears that the &quot;Remove Everything&quot; option for resetting Windows 10 may be performing Cipher /W: during the process if you select to fully clean the drive. I have a ticket open with MS support, but tier 1 could not verify this. Can anyone verify this is the case?
</div>


<div>
Data wipe during the reset process of Windows 10 is not enough for what purpose you are looking forward.<br />
<br />
As Cliff and John already cleared for you, that only shredding tool can do so.<br />
<br />
For the same you can rely on Kernel File Shredder software. It has advanced shredding algorithms for different pass shredding. Visit <a href="https://www.nucleustechnologies.com/kernel-file-shredder.html" rel="ugc">https://www.nucleustechnologies.com/kernel-file-shredder.html</a>&nbsp;to know more about the software and download the demo version.
</div>


<div>
&quot;...if you select to fully clean the drive&quot; - where is that option? I don't see it, nor is it documented. No, it will not use cipher on its own.
</div>


<div>
That was taken directly from Microsoft's description, see the last bullet item below:<br />
<br />
Remove everything &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />

<ul>
<li>Reinstalls Windows 10 and removes all your personal files.</li>
<li>Removes apps and drivers you installed.</li>
<li>Removes changes you made to settings.</li>
<li>Removes any apps your PC manufacturer installed. (If your PC came with Windows 10, apps from your PC manufacturer will be reinstalled.)</li>
<li>If you're planning to donate, recycle, or sell your PC, use this option and choose to fully clean the drive. This might take an hour or two, but it makes it harder for other people to recover files you've removed.</li>
</ul>
<br />
This was found at: <a href="https://support.microsoft.com/en-us/help/12415/windows-10-recovery-options" rel="ugc">https://support.microsoft.com/en-us/help/12415/windows-10-recovery-options</a>
</div>


<div>
All of which is true. It makes it *harder* but that isn't the same as impossible. &nbsp;For the average home user or even many small businesses, it is &quot;good enough.&quot; &nbsp;But you explicitly asked about Sox compliance. And while Sarbanes-Oxley doesn't specifically call out data wipe standards, you can he held liable if you didn't treat financial files as sensitive data and do a deeper scrub. &nbsp;There *are* a few data-wipe standards out there. And if windows met them, Microsoft would have listed that almost guaranteed. &nbsp;They are big about listing complaint standards in their products wherever they can.<br />
<br />
So &nbsp;if you got sued &nbsp;and you went to court and you had to testify what data-wipe standard you met, could you?<br />
<br />
Or would you rather boy a program/device that meets standards such as DoD 5220 or NIST SP-800, so if called upon, you can testify to that?<br />
<br />
I stand by my previous answer. When it comes to government Co plane, don't mess around. &quot;I read it on the internet&quot; doesn't hold up in court or in front of a grand jury. If you are subject to SOX, do what you have to in order to exceed any standards you might be called to defend.
</div>


<div>
The last post was meant more as a reference to McKnife. As far as government wiping would be concerned; &nbsp;a government (DoD) wipe is likely outside of our need and not necessarily in scope with my question. As well, our risk is very nearly negligible. <br />
<br />
Those are decisions above my paygrade however, I am seeking answers about the depth of the process performed during a reset when choosing &quot;Remove Everything&quot;, so I may provide that information to our CIO to make a decision regarding our specific need here. I think in this instance the CIO would be deciding if the process would meet due diligence standards in an attempt to remain compliant, but we need the specifics regarding the process in order to make this call. As you have mentioned, SOX only stipulates an effort be made and does not specify details as granular as which process was observed during such an effort. Risk reward is determined by the individual entity's needs in this scenario. <br />
<br />
That being said; can anyone lend any specific information regarding the data wipe process used during the Windows 10 reset process when &quot;Remove Everything&quot; has been selected with a fully clean option?<br />
<br />
Thanks!
</div>


<div>
But therein lies my point. Windows is closed-source. So unless Microsoft publishes information (and they haven't) then nobody can answer your question with certainty. And since they don't claim to adhere to any standard, they can change that at any time. &nbsp;*THAT* is what you should tell your CIO. &nbsp;Again, &quot;I heard it on the internet&quot; is not a suitable answer in most cases. &nbsp;Whether in a lawsuit or to a superior.<br />
<br />
As for the rest, while the DoD standard *sounds* like overkill, it isn't. It was developed for government use, but has since become a de-facto standard. &nbsp;Whether you buy a $50 program that adheres to the standard or (my recommendation) a device from Amazon for $200 that adheres to the standard, then you *know* your drive is wiped properly and those are minimal investments. &nbsp;Unless you are seriously underpaid, you probably have spent more in wages researching and reading/writing on this topic on EE by now. &nbsp;<br />
<br />
With that said, even if you don't want to invest in that kind of thing, that's where shredding services come in.<br />
<br />
SOX may not specify any standards, but if someone decides to sue (and disgruntled employees are great for this), and any minimal discovery shows you chose to rely on windows to wipe the drive instead of using a shredding service or doing a verified wipe, you're cooked. And any legal discovery will discover this thread. &nbsp;Digital forensics is common-place now. &nbsp;There's a point where you have to do a reasonable risk/reward matrix.<br />
<br />
What is the risk of using windows to wipe?<br />
What is the risk and cost of using a better system?<br />
What is the reward of using windows?<br />
What is the reward of using a better system?<br />
<br />
If you can honestly say that your company is better using windows, then I really have to wonder why you came here asking for assistance. It seems as though you made up your mind before coming here.
</div>


<div>
&quot;...specific information regarding the data wipe process used during the Windows 10 reset process when &quot;Remove Everything&quot; has been selected with a fully clean option?&quot; - you could at least try and start task manager from that setup stage while it is doing the &quot;full clean&quot;. Press shift F10 and a command prompt will open. There, type taskmgr and task manager will open. Now see if a process cipher.exe is active.
</div>


<div>
Cliff,<br />
<br />
Thanks for your input! First, I did not come here to ask for assistance with anything. Second, Your opinions are valid, but out of scope as I mentioned before. My hope of posting here was to expedite an <u>answer</u> in case anyone here had experience with this already. If they have, they may be able to provide a more definitive answer/explanation while I am still awaiting a response from Microsoft directly. <br />
<br />
I came seeking information only (which you clearly do not have) and I am not certain why you interjected again. I did not ask for any suggestions on methods to be used here, or for thoughts on Pros/Cons. Also, as an IT professional of 25+ years, I do not RELY on anything learned from the internet with out further independent verification.<br />
<br />
McKnife, <br />
<br />
Thanks for the constructive suggestion, I will check on this during the next reset procedure performed.<br />
<br />
If anyone else has any specific information regarding my initial inquiry for details regarding the process in question, I would welcome that information.
</div>


<div>
McKnife,<br />
<br />
Thanks for the information and doing the extra footwork here. I have not yet received an answer from Microsoft Support, but I will validate this with their response should I ever receive one. You have been very helpful, I appreciate all of your input!
</div>


<div>
Even I agree with the voices of Cliff Galiher &amp;&nbsp;John Hurst, you can't be 100% sure of complete data destruction/erasure using Windows 10 reset option.<br />
<br />
Choosing optimum data destruction method may vary from individual to individual. Also, It largely depends on the confidentially of your information.<br />
<br />
As mentioned by the questioner, the process should compliance with SOX audit. Why can't you try DIY data erasure software? Most of the modern tool is fulfilling your criteria. Also its a nice alternative to shredding service. Few of the software mentioned by various experts are Jetico, BitRaser, and WhiteCanyon.
</div>


<div>
Thanks all for your contributions!
</div>


<div>
<div class="content wysiwyg-content">
We would like more information on the data wipe performed during the Windows 10 reset process, specifically the level of data wipe performed during the &quot;Remove Everything&quot; and &quot;Restore Factory Settings&quot; options. We need specific information to verify that the process is sufficient for compliance with SOX auditing.
</div>
</div>


We would like more information on the data wipe performed during the Windows 10 reset process, specifically the level of data wipe performed during the "Remove Everything" and "Restore Factory Settings" options. We need specific information to verify that the process is sufficient for compliance with SOX auditing.

Windows 10 Reset Options for Data Wipe

Windows 10 is a personal computer operating system featuring the "universal application architecture" (UAP); apps can be designed to run across multiple devices with nearly identical code, including PCs, tablets, smartphones, embedded systems, Xbox One, Surface Hub and HoloLens. Windows 10 also includes a virtual desktop system, a window and desktop management feature called Task View, the Microsoft Edge web browser, support for fingerprint and face recognition login, voice-based search (Cortana), new security features for enterprise environments, and DirectX 12 and WDDM 2.0 to improve the operating system's graphics capabilities for games.

Windows 10

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.