# Execution bypass to allow running the script on machines with restricted execution policy
Set-ExecutionPolicy Bypass -Scope Process
# Set the namespace, class, and method names
$namespaceName = "root\cimv2\mdm\dmmap"
$className = "MDM_RemoteWipe"
$methodName = "doWipeMethod"
Write-Host "Starting the remote wipe process..."
# Create a new CIM session to connect to the target machine
$session = New-CimSession
# Check if session is created successfully
if (-not $session) {
Write-Host "Failed to create a CIM session."
exit 1
}
# Create a new collection of CIM method parameters and add a parameter to it
$params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection
$param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create("param", "", "String", "In")
$params.Add($param)
# Get the instance of the specified class from the target machine
$instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT' and InstanceID='RemoteWipe'"
# Check if instance is fetched successfully
if (-not $instance) {
Write-Host "Failed to fetch the CIM instance."
exit 1
}
Write-Host "Invoking the remote wipe method..."
# Invoke the specified method on the specified instance with the specified parameters
$result = $session.InvokeMethod($namespaceName, $instance, $methodName, $params)
# Check the result based on the expected return value for success
switch ($result.ReturnValue) {
0 {
Write-Host "The remote wipe process has been initiated successfully."
}
default {
Write-Host "Failed to initiate the remote wipe process. Return code: $($result.ReturnValue)"
}
}Script data
Language - PowerShell
Run as - System / Root User
Script timeout duration - 30 Mins
Read me
$methodname can be either "doWipeMethod" or "doWipeProtectedMethod". The later one will also wipe all data from the disks, especially if you want to refurbish the devices. The downside is that "doWipeProtectedMethod" can leave some clients (depending on configuration and hardware) in an unbootable state. Additionally "doWipeMethod" can be canceled by the user (power cycle for example), "doWipeProtectedMethod" cannot be canceled. It automatically resumes after a reboot until done. The higher risk isn't worth it most of the time. If you want to be sure that the devices will be in a usable state after the wipe, use "doWipeMethod" instead. Description of the Script: This script is designed to initiate a remote wipe process on target machines with restricted execution policy. It utilizes the CIM (Common Information Model) infrastructure to perform the remote wipe. The script is written in PowerShell. The script first sets the execution policy to "Bypass" for the current process to ensure it can run without restrictions. Then, it defines the necessary namespace, class, and method names for the remote wipe operation. The remote wipe process begins with the creation of a new CIM session using the "New-CimSession" cmdlet, which connects to the target machine. It then prepares a collection of CIM method parameters and adds a parameter named "param" of type "String" to it. Next, it retrieves the instance of the specified class ("MDM_RemoteWipe") from the target machine using the "Get-CimInstance" cmdlet, applying the appropriate filter. After that, the script invokes the "doWipeMethod" on the instance using the previously prepared parameters. The results of the method invocation are stored in the variable "$result". Finally, the script checks the return value of the method. If the return value is 0, it indicates that the remote wipe process has been initiated successfully, and a corresponding message is displayed. If the return value is not 0, it indicates that the remote wipe process failed, and the script displays an error message along with the actual return code. Overall, this script enables the initiation of a remote wipe process on machines to remove sensitive data or perform other management tasks in an RMM (Remote Monitoring and Management) style, with console output and proper error handling. Comments are included within the script to provide clarity and understanding of the code's functionality.