Wiping a Microsoft Surface prior to e-recycling

[britechguy]

Just curious whether there might be a secret for these devices that I'm not aware of. A client just replaced two surfaces with an LG Gram, and both are of an age where upgrading to Windows 11 is not possible.

My usual method for wiping a machine is to do a clean reinstall of Windows (10, in this case) and escaping out to diskpart and issuing a "clean all" command. I have no idea if it's possible just to open a Command Prompt/PowerShell as admin and issuing a "clean all" under diskpart and having it blow everything away without any need to reinstall anything. The machines can be bricks, but clean bricks, prior to e-recycling.

 

[GTP]

Why not install Linux + Boinc and use them for crunching data for BOINC Projects?
They can be useful being added the worldwide "pool" for finding cures for cancer etc.

Set up a Gridcoin Wallet on one of them (not both because the wallet tracks all your PC's) and make some gridcoin for crunching data.

 

[symbatech]

What I usually do is create a new local user account and make it an administrator with no password, log into that and delete the prior user account(s) and any extraneous folders in the root, then close any running programs and run Cipher /w:C from an elevated command prompt to overwrite all deleted data from the drive. It takes a while depending on the size and type of drive, but I just set it aside and do something else while it's running.

 

[britechguy]

Thanks for the responses.

I just have no interest in going the Linux + BOINC path, but if anyone were to want these two surfaces after they've been wiped, I'm happy to see if the client will give them to me and send them to you for shipping cost. Just as I don't do social media, I don't do cybercurrency, either.

I'm putting together a step-by-step "how to wipe" tutorial using Windows 11, and you forget just how many things are "second nature" to those of us who do this sort of thing all the time that have to be included as steps. It makes the process seem much more complicated than it actually is once you've done it even one time.

Never knew about the cipher command, and it's really handy because it avoids having to do a completely clean reinstall of Windows but also does a complete wipe of all unallocated space.

At first I thought I'd use my tutorial for doing a completely clean reinstall of Windows 10 or 11, but then I realized that knowing how to boot into BIOS is something most people don't know, and there's no "generic instructions" for that step that are broadly applicable to every machine out there.

 

[britechguy]

@symbatech

Right now I'm running that cipher command on my spare laptop, from the sole account, so I have an accurate screenshot of what it looks like during its run and after completion.

Microsoft's own documentation is not 100% clear, but I took it that the cipher command you gave, even when you specify the C drive as the volume, still only wipes unallocated space, so if you've removed all other users except the one you created to do the wipe, effectively all user data from the former account(s) on the machine will be zero-fill wiped, but the OS remains as is as does the space allocated when the local account with administrator privilege that's being used for wiping was created. I'm going on what is said on this Microsoft Learn page, Use Cipher.exe to overwrite deleted data in Windows:
----
To overwrite deleted data on a volume by using Cipher.exe, use the /w switch with the cipher command:
.
.
.
Type cipher /w:<directory>, and then press ENTER, where &lt;directory&gt; is any folder in the volume that you want to clean. For example, the cipher /w:C command causes all deallocated space on drive C to be overwritten.
.
.
.
Data that isn't allocated to files or folders is overwritten. The data is permanently removed. It can take a long time if you overwrite a large amount of space.
----

Since I'm still getting the "marching dots" as cipher is writing out 0x00 to the unallocated space, and my existing account on that testing box is remaining intact, I suspect that's correct. I did disconnect from WiFi and quit OneDrive though just in case before starting the cipher command. And since the first thing the cipher command puts out is, "To remove as much data as possible, please close all other applications while running CIPHER /W," it makes sense to quit OneDrive if one so happens to be running the command from a Windows ID that also happens to be using OneDrive (not that the OneDrive data should be impacted, as it would still be allocated, though much could return to cloud-only status, I suppose).

 

[Philippe]

The machines can be bricks, but clean bricks, prior to e-recycling.

The easy way: hammer...
(My way for non-reusable hdd & ssd).

 

[britechguy]

@Philippe:

Definitely an option, but not one I tend to use simply because it's literally messier.

Also, if I think someone might repurpose a functional machine as a Linux box, I'm happy to get it into the state where it can be safely handed off to "any random person on the street" who might wish to do so.

But you're absolutely right if the intent is only e-recycling. For a Microsoft Surface I imagine just a couple of strategically placed hammer blows would do it!

 

[symbatech]

@britechguy I've never had an issue with the cipher command deleting anything it shouldn't as it only overwrites areas of the drive that are already flagged by the system as 'available to overwrite'. I donate a lot of older, still-usable-but-not-11-compatible stuff, and this is the procedure that I use on all of them. Since it's pretty much hands-off once you execute the command, it's easier and faster IMO than doing a secure wipe and reinstalling an OS.

 

[britechguy]

@symbatech

I've actually put together an entire tutorial, with screenshots, using the technique you suggest. All I'm waiting on right now is the cipher pass where it writes 0xFF after having done 0x00 to complete. I just want to have the message text that shows up when cipher has finished before I put the finishing touches on it.

I agree that for the typical user, your method is a much more approachable way than doing a completely clean reinstall of Windows is.

Even on an SSD that's only 512GB, cipher has already taken several hours and just did the 00 to FF flip no more than 20 minutes ago. Things did speed up after I quit OneDrive, but it's still not a fast process. I'm noting that in the tutorial and telling people it's best to kick this off and either walk away and don't check for hours or just do it before going to bed. One thing I have noticed, though, is that it appears that cipher will not keep the machine from going to sleep, which is a shame. I've tweaked my "when on AC power" settings to sleep never, and I think the fact that the machine did go to sleep slowed down what's already a slow process.

 

[Markverhyden]

If you FDE all you have to do is wipe the first few blocks that contain the keys. Doesn't matter about the data. Make sure BL has completed. Then start a normal W10 restore making sure to remove all data, let it run for a few minutes and Bob's yer Uncle.

Now if you have to produce a cert saying you wiped it per a certain standard then you have to do that. Since removing them can be problematic booting from something like DBAN would make it easier.

 

[britechguy]

@Markverhyden

The thing is, I'm writing this for "the average user" and never presuming that the drives were encrypted to begin with.

Having done "late in the game encryption (or decryption)" with BitLocker the speed is on a par with the cipher command. It's interesting that a cipher wipe is 3 passes: zero fill, one fill, random number fill.

I guess it's conceivably possible that some trace of the deleted accounts user data could be floating in some of the blocks allocated for creating the local admin account being used to wipe the deallocated space, but there are limits to what I'm worried about. This is aimed at the home user, not someone who's looking for certificates of destruction. And it seems way more than just "good enough" for that purpose.

 

[sapphirescales]

I boot into Windows To Go and zero fill the SSD using the HDD Low Level Format Tool. It's quick and easy. Then I can restore an image if I want to using Active@ Disk Image. I'd personally restore a blank Windows 11 image and list them on Craigslist for a few bucks, "official" support be damned. Lots of people have a use for older technology. I just wouldn't warranty or support these units through my business due to their age and lack of official Windows 11 support. But someone could easily get a year or two out of these and be willing to pay $100 or so.

 

[GTP]

if anyone were to want these two surfaces after they've been wiped, I'm happy to see if the client will give them to me and send them to you for shipping cost.

Hmmm I wonder how much it would cost to ship them to Adelaide?

 

[britechguy]

Just in case anyone might have use for it with their own residential/micro-business clients: How to Completely Wipe Your Computer.docx