Surely, in the course of your computer life, you will have used the recovery tool a few times Windows which can be found in “Settings” -> “Advanced Options” -> “Reset your PC”, choosing to remove personal files before reinstalling the operating system. Obviously, if this operation is carried out simply for pure maintenance, for example to have a clean system after several months of use, there are no major problems, but often this feature is also used when you decide to sell or donate your device. to other people. In the latter situation, it is especially important that all personal files are actually removed and deleted.
Unfortunately, Rudy Ooms, Microsoft MVP, discovered the tool featured in Windows 10 And Windows 11 21H2 it doesn’t do its job perfectly, both locally and remotely. The man later tested the functionality in other versions of the operating system, verifying that, instead, in Windows 10 and Windows 11 21H1 the operation was carried out correctly. In the table below you can see a summary of the results obtained.
| Action in Windows 10/11 | Results |
|---|---|
| Remote cancellation 21H2 | User data not removed from Windows.old |
| Deletion of protected files remotely 21H2 | User data not removed from Windows.old |
| Local cancellation 21H2 | User data not removed from Windows.old |
| Local deletion of files in the cloud 21H2 | User data not removedi from Windows.old |
| Deleting protected files locally 21H2 | User data not removed from Windows.old |
| Remote reset 21H2 | User data not removed from Windows.old |
| All cancel and restore actions in 21H1 | User data removed from Windows.old |
As you can read, the main problem concerns the failure to remove the directory called “Windows.old” which contains all the previous personal files present before the restore. Furthermore, even in the case of an SSD or hard disk protected with Bitlocker, when the recovery is carried out Bitlocker is removed and all the files are moved to the Windows.old folder, now no longer encrypted and therefore readable by anyone. Finally, files synced to OneDrive marked with the “always keep on this device” option were also included in Windows.old.
Sorry for ruining your Sunday, but performing a remote or local Wipe on Windows 10 21H2 also leaves the userdata readable in the Windows.old folder#intune #mem #msintune #mempowered
https://t.co/439FCyh59M– Rudy Ooms | MVP (@Mister_MDM) February 20, 2022
Pending a fix from Microsoft, Ooms has created one PowerShell script to be launched before carrying out the operation. The next time you perform a system restore with deletion of personal files, make sure that the Windows.old folder is not present on the main disk or on other storage devices connected to the device.
