deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

RemoteWipe CSP

Browse Source
This commit is contained in:
Vinay Pamnani 2023-02-17 17:21:25 -05:00
parent 36be35cd75
commit 2e1afb9ed1
2 changed files with 745 additions and 268 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

509
windows/client-management/mdm/remotewipe-csp.md
View File

@ -1,104 +1,487 @@
--- ---
title: RemoteWipe CSP title: RemoteWipe CSP
description: Learn how the RemoteWipe configuration service provider (CSP) can be used by mobile operators DM server or enterprise management server to remotely wipe a device. description: Learn more about the RemoteWipe CSP.
ms.reviewer: author: vinaypamnani-msft
manager: aaroncz manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.topic: article ms.date: 02/17/2023
ms.localizationpriority: medium
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 08/13/2018
--- ---
<!-- Auto-Generated CSP Document -->
<!-- RemoteWipe-Begin -->
# RemoteWipe CSP # RemoteWipe CSP
The table below shows the applicability of Windows: <!-- RemoteWipe-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely reset a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely reset after being lost or stolen. Enterprise IT Professionals can update these settings by using the Exchange Server.
<!-- RemoteWipe-Editable-End -->
|Edition|Windows 10|Windows 11| <!-- RemoteWipe-Tree-Begin -->
|--- |--- |--- | The following example shows the RemoteWipe configuration service provider in tree format.
|Home|Yes|Yes|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely reset a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely reset after being lost or stolen.
The following example shows the RemoteWipe configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning. Enterprise IT Professionals can update these settings by using the Exchange Server.
```text
./Device/Vendor/MSFT/RemoteWipe
--- AutomaticRedeployment
------ doAutomaticRedeployment
------ LastError
------ Status
--- doWipe
--- doWipeCloud
--- doWipeCloudPersistProvisionedData
--- doWipeCloudPersistUserData
--- doWipePersistProvisionedData
--- doWipePersistUserData
--- doWipeProtected
``` ```
./Vendor/MSFT <!-- RemoteWipe-Tree-End -->
RemoteWipe
----doWipe <!-- Device-AutomaticRedeployment-Begin -->
----doWipePersistProvisionedData ## AutomaticRedeployment
----doWipeProtected
----doWipePersistUserData <!-- Device-AutomaticRedeployment-Applicability-Begin -->
----AutomaticRedeployment | Scope | Editions | Applicable OS |
--------doAutomaticRedeployment |:--|:--|:--|
--------LastError | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
--------Status <!-- Device-AutomaticRedeployment-Applicability-End -->
<!-- Device-AutomaticRedeployment-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/RemoteWipe/AutomaticRedeployment
``` ```
<!-- Device-AutomaticRedeployment-OmaUri-End -->
<a href="" id="dowipe"></a>**doWipe** <!-- Device-AutomaticRedeployment-Description-Begin -->
Exec on this node starts a remote reset of the device. A remote reset is equivalent to running "Reset this PC > Remove everything" from the Settings app, with **Clean Data** set to No and **Delete Files** set to Yes. The return status code indicates whether the device accepted the Exec command. If a doWipe reset is started and then interrupted, the PC will attempt to roll-back to the pre-reset state. If the PC can't be rolled-back, the recovery environment will take no additional actions and the PC could be in an unusable state and Windows will have to be reinstalled. <!-- Description-Source-DDF -->
Node for the Autopilot Reset operation.
<!-- Device-AutomaticRedeployment-Description-End -->
When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. <!-- Device-AutomaticRedeployment-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-AutomaticRedeployment-Editable-End -->
Supported operation is Exec. <!-- Device-AutomaticRedeployment-DFProperties-Begin -->
**Description framework properties**:
<a href="" id="dowipepersistprovisioneddata"></a>**doWipePersistProvisionedData** | Property name | Property value |
Exec on this node specifies that provisioning packages in the `%SystemDrive%\ProgramData\Microsoft\Provisioning` folder will be retained and then applied to the OS after the reset. |:--|:--|
| Format | node |
| Access Type | Get |
<!-- Device-AutomaticRedeployment-DFProperties-End -->
When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. <!-- Device-AutomaticRedeployment-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-AutomaticRedeployment-Examples-End -->
Supported operation is Exec. <!-- Device-AutomaticRedeployment-End -->
The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command. <!-- Device-AutomaticRedeployment-doAutomaticRedeployment-Begin -->
### AutomaticRedeployment/doAutomaticRedeployment
<a href="" id="doWipeProtected"></a>**doWipeProtected** <!-- Device-AutomaticRedeployment-doAutomaticRedeployment-Applicability-Begin -->
Added in Windows 10, version 1703. Exec on this node performs a remote reset on the device and also fully cleans the internal drive. Drives that are cleaned with doWipeProtected aren't expected to meet industry or government standards for data cleaning. In some device configurations, this command may leave the device unable to boot. The return status code indicates whether the device accepted the Exec command, but not whether the reset was successful. | Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
<!-- Device-AutomaticRedeployment-doAutomaticRedeployment-Applicability-End -->
The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which can be easily circumvented by simply power cycling the device, if a reset that uses doWipeProtected is interrupted, upon restart it will clean the PC's disk partitions. Because doWipeProtected will clean the partitions in case of failure or interruption, use doWipeProtected in lost/stolen device scenarios. <!-- Device-AutomaticRedeployment-doAutomaticRedeployment-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/RemoteWipe/AutomaticRedeployment/doAutomaticRedeployment
```
<!-- Device-AutomaticRedeployment-doAutomaticRedeployment-OmaUri-End -->
Supported operation is Exec. <!-- Device-AutomaticRedeployment-doAutomaticRedeployment-Description-Begin -->
<!-- Description-Source-DDF -->
Exec on this node triggers Autopilot Reset operation. This works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Azure AD and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard.
<!-- Device-AutomaticRedeployment-doAutomaticRedeployment-Description-End -->
<a href="" id="doWipePersistUserData"></a>**doWipePersistUserData** <!-- Device-AutomaticRedeployment-doAutomaticRedeployment-Editable-Begin -->
Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device, and persist user accounts and data. This setting is equivalent to selecting "Reset this PC > Keep my files" when manually starting a reset from the Settings app. The return status code shows whether the device accepted the Exec command. <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-AutomaticRedeployment-doAutomaticRedeployment-Editable-End -->
<a href="" id="automaticredeployment"></a>**AutomaticRedeployment** <!-- Device-AutomaticRedeployment-doAutomaticRedeployment-DFProperties-Begin -->
Added in Windows 10, version 1809. Node for the Autopilot Reset operation. **Description framework properties**:
<a href="" id="doautomaticredeployment"></a>**AutomaticRedeployment/doAutomaticRedeployment** | Property name | Property value |
Added in Windows 10, version 1809. Exec on this node triggers Autopilot Reset operation. This node works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Azure AD and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard. |:--|:--|
| Format | chr (string) |
| Access Type | Exec |
<!-- Device-AutomaticRedeployment-doAutomaticRedeployment-DFProperties-End -->
<a href="" id="lasterror"></a>**AutomaticRedeployment/LastError** <!-- Device-AutomaticRedeployment-doAutomaticRedeployment-Examples-Begin -->
Added in Windows 10, version 1809. Error value, if any, associated with Autopilot Reset operation (typically an HRESULT). <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-AutomaticRedeployment-doAutomaticRedeployment-Examples-End -->
<a href="" id="status"></a>**AutomaticRedeployment/Status** <!-- Device-AutomaticRedeployment-doAutomaticRedeployment-End -->
Added in Windows 10, version 1809. Status value indicating current state of an Autopilot Reset operation.
Supported values: <!-- Device-AutomaticRedeployment-LastError-Begin -->
### AutomaticRedeployment/LastError
- 0: Never run (not started). The default state. <!-- Device-AutomaticRedeployment-LastError-Applicability-Begin -->
- 1: Complete. | Scope | Editions | Applicable OS |
- 10: Reset has been scheduled. |:--|:--|:--|
- 20: Reset is scheduled and waiting for a reboot. | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
- 30: Failed during CSP Execute ("Exec" in SyncML). <!-- Device-AutomaticRedeployment-LastError-Applicability-End -->
- 40: Failed: power requirements not met.
- 50: Failed: reset internals failed during reset attempt.
## Related topics <!-- Device-AutomaticRedeployment-LastError-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/RemoteWipe/AutomaticRedeployment/LastError
```
<!-- Device-AutomaticRedeployment-LastError-OmaUri-End -->
[Configuration service provider reference](index.yml) <!-- Device-AutomaticRedeployment-LastError-Description-Begin -->
<!-- Description-Source-DDF -->
Error value, if any, associated with Automatic Redeployment operation (typically an HRESULT).
<!-- Device-AutomaticRedeployment-LastError-Description-End -->
  <!-- Device-AutomaticRedeployment-LastError-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-AutomaticRedeployment-LastError-Editable-End -->
  <!-- Device-AutomaticRedeployment-LastError-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | int |
| Access Type | Get |
| Default Value | 0 |
<!-- Device-AutomaticRedeployment-LastError-DFProperties-End -->
<!-- Device-AutomaticRedeployment-LastError-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-AutomaticRedeployment-LastError-Examples-End -->
<!-- Device-AutomaticRedeployment-LastError-End -->
<!-- Device-AutomaticRedeployment-Status-Begin -->
### AutomaticRedeployment/Status
<!-- Device-AutomaticRedeployment-Status-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
<!-- Device-AutomaticRedeployment-Status-Applicability-End -->
<!-- Device-AutomaticRedeployment-Status-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/RemoteWipe/AutomaticRedeployment/Status
```
<!-- Device-AutomaticRedeployment-Status-OmaUri-End -->
<!-- Device-AutomaticRedeployment-Status-Description-Begin -->
<!-- Description-Source-DDF -->
Status value indicating current state of an Automatic Redeployment operation. 0: Never run (not started). The default state. 1: Complete. 10: Reset has been scheduled. 20: Reset is scheduled and waiting for a reboot. 30: Failed during CSP Execute ("Exec" in SyncML). 40: Failed: power requirements not met. 50: Failed: reset internals failed during reset attempt.
<!-- Device-AutomaticRedeployment-Status-Description-End -->
<!-- Device-AutomaticRedeployment-Status-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-AutomaticRedeployment-Status-Editable-End -->
<!-- Device-AutomaticRedeployment-Status-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | int |
| Access Type | Get |
| Default Value | 0 |
<!-- Device-AutomaticRedeployment-Status-DFProperties-End -->
<!-- Device-AutomaticRedeployment-Status-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-AutomaticRedeployment-Status-Examples-End -->
<!-- Device-AutomaticRedeployment-Status-End -->
<!-- Device-doWipe-Begin -->
## doWipe
<!-- Device-doWipe-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later |
<!-- Device-doWipe-Applicability-End -->
<!-- Device-doWipe-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/RemoteWipe/doWipe
```
<!-- Device-doWipe-OmaUri-End -->
<!-- Device-doWipe-Description-Begin -->
<!-- Description-Source-DDF -->
Exec on this node will perform a remote wipe on the device. The return status code shows whether the device accepted the Exec command. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element.
<!-- Device-doWipe-Description-End -->
<!-- Device-doWipe-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
A remote reset is equivalent to running **Reset this PC** > **Remove everything** from the **Settings** app, with **Clean Data** set to No and **Delete Files** set to Yes. If a doWipe reset is started and then interrupted, the PC will attempt to roll-back to the pre-reset state. If the PC can't be rolled-back, the recovery environment will take no additional actions and the PC could be in an unusable state and Windows will have to be reinstalled.
<!-- Device-doWipe-Editable-End -->
<!-- Device-doWipe-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Exec |
<!-- Device-doWipe-DFProperties-End -->
<!-- Device-doWipe-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-doWipe-Examples-End -->
<!-- Device-doWipe-End -->
<!-- Device-doWipeCloud-Begin -->
## doWipeCloud
<!-- Device-doWipeCloud-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
<!-- Device-doWipeCloud-Applicability-End -->
<!-- Device-doWipeCloud-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/RemoteWipe/doWipeCloud
```
<!-- Device-doWipeCloud-OmaUri-End -->
<!-- Device-doWipeCloud-Description-Begin -->
<!-- Description-Source-DDF -->
Exec on this node will perform a cloud-based remote wipe on the device. The return status code shows whether the device accepted the Exec command.
<!-- Device-doWipeCloud-Description-End -->
<!-- Device-doWipeCloud-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-doWipeCloud-Editable-End -->
<!-- Device-doWipeCloud-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Exec |
<!-- Device-doWipeCloud-DFProperties-End -->
<!-- Device-doWipeCloud-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-doWipeCloud-Examples-End -->
<!-- Device-doWipeCloud-End -->
<!-- Device-doWipeCloudPersistProvisionedData-Begin -->
## doWipeCloudPersistProvisionedData
<!-- Device-doWipeCloudPersistProvisionedData-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
<!-- Device-doWipeCloudPersistProvisionedData-Applicability-End -->
<!-- Device-doWipeCloudPersistProvisionedData-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/RemoteWipe/doWipeCloudPersistProvisionedData
```
<!-- Device-doWipeCloudPersistProvisionedData-OmaUri-End -->
<!-- Device-doWipeCloudPersistProvisionedData-Description-Begin -->
<!-- Description-Source-DDF -->
Exec on this node will back up provisioning data to a persistent location and perform a cloud-based remote wipe on the device. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command.
<!-- Device-doWipeCloudPersistProvisionedData-Description-End -->
<!-- Device-doWipeCloudPersistProvisionedData-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-doWipeCloudPersistProvisionedData-Editable-End -->
<!-- Device-doWipeCloudPersistProvisionedData-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Exec |
<!-- Device-doWipeCloudPersistProvisionedData-DFProperties-End -->
<!-- Device-doWipeCloudPersistProvisionedData-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-doWipeCloudPersistProvisionedData-Examples-End -->
<!-- Device-doWipeCloudPersistProvisionedData-End -->
<!-- Device-doWipeCloudPersistUserData-Begin -->
## doWipeCloudPersistUserData
<!-- Device-doWipeCloudPersistUserData-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
<!-- Device-doWipeCloudPersistUserData-Applicability-End -->
<!-- Device-doWipeCloudPersistUserData-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/RemoteWipe/doWipeCloudPersistUserData
```
<!-- Device-doWipeCloudPersistUserData-OmaUri-End -->
<!-- Device-doWipeCloudPersistUserData-Description-Begin -->
<!-- Description-Source-DDF -->
Exec on this node will perform a cloud-based remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.
<!-- Device-doWipeCloudPersistUserData-Description-End -->
<!-- Device-doWipeCloudPersistUserData-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Device-doWipeCloudPersistUserData-Editable-End -->
<!-- Device-doWipeCloudPersistUserData-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Exec |
<!-- Device-doWipeCloudPersistUserData-DFProperties-End -->
<!-- Device-doWipeCloudPersistUserData-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-doWipeCloudPersistUserData-Examples-End -->
<!-- Device-doWipeCloudPersistUserData-End -->
<!-- Device-doWipePersistProvisionedData-Begin -->
## doWipePersistProvisionedData
<!-- Device-doWipePersistProvisionedData-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later |
<!-- Device-doWipePersistProvisionedData-Applicability-End -->
<!-- Device-doWipePersistProvisionedData-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/RemoteWipe/doWipePersistProvisionedData
```
<!-- Device-doWipePersistProvisionedData-OmaUri-End -->
<!-- Device-doWipePersistProvisionedData-Description-Begin -->
<!-- Description-Source-DDF -->
Exec on this node will back up provisioning data to a persistent location and perform a remote wipe on the device. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command.
<!-- Device-doWipePersistProvisionedData-Description-End -->
<!-- Device-doWipePersistProvisionedData-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
Provisioning packages are persisted in `%SystemDrive%\ProgramData\Microsoft\Provisioning` directory.
<!-- Device-doWipePersistProvisionedData-Editable-End -->
<!-- Device-doWipePersistProvisionedData-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Exec |
<!-- Device-doWipePersistProvisionedData-DFProperties-End -->
<!-- Device-doWipePersistProvisionedData-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-doWipePersistProvisionedData-Examples-End -->
<!-- Device-doWipePersistProvisionedData-End -->
<!-- Device-doWipePersistUserData-Begin -->
## doWipePersistUserData
<!-- Device-doWipePersistUserData-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
<!-- Device-doWipePersistUserData-Applicability-End -->
<!-- Device-doWipePersistUserData-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/RemoteWipe/doWipePersistUserData
```
<!-- Device-doWipePersistUserData-OmaUri-End -->
<!-- Device-doWipePersistUserData-Description-Begin -->
<!-- Description-Source-DDF -->
Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.
<!-- Device-doWipePersistUserData-Description-End -->
<!-- Device-doWipePersistUserData-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
This setting is equivalent to selecting **Reset this PC** > **Keep my files** when manually starting a reset from the Settings app.
<!-- Device-doWipePersistUserData-Editable-End -->
<!-- Device-doWipePersistUserData-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Exec |
<!-- Device-doWipePersistUserData-DFProperties-End -->
<!-- Device-doWipePersistUserData-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-doWipePersistUserData-Examples-End -->
<!-- Device-doWipePersistUserData-End -->
<!-- Device-doWipeProtected-Begin -->
## doWipeProtected
<!-- Device-doWipeProtected-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
<!-- Device-doWipeProtected-Applicability-End -->
<!-- Device-doWipeProtected-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/RemoteWipe/doWipeProtected
```
<!-- Device-doWipeProtected-OmaUri-End -->
<!-- Device-doWipeProtected-Description-Begin -->
<!-- Description-Source-DDF -->
Exec on this node will perform a remote wipe on the device and fully clean the internal drive. In some device configurations, this command may leave the device unable to boot. The return status code shows whether the device accepted the Exec command. The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which can be easily circumvented by simply power cycling the device, doWipeProtected will keep trying to reset the device until it's done.
<!-- Device-doWipeProtected-Description-End -->
<!-- Device-doWipeProtected-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
> [!NOTE]
> Because doWipeProtected will clean the partitions in case of failure or interruption, use doWipeProtected in lost/stolen device scenarios.
<!-- Device-doWipeProtected-Editable-End -->
<!-- Device-doWipeProtected-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Exec |
<!-- Device-doWipeProtected-DFProperties-End -->
<!-- Device-doWipeProtected-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Device-doWipeProtected-Examples-End -->
<!-- Device-doWipeProtected-End -->
<!-- RemoteWipe-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- RemoteWipe-CspMoreInfo-End -->
<!-- RemoteWipe-End -->
## Related articles
[Configuration service provider reference](configuration-service-provider-reference.md)

504
windows/client-management/mdm/remotewipe-ddf-file.md
View File

@ -1,225 +1,319 @@
--- ---
title: RemoteWipe DDF file title: RemoteWipe DDF file
description: Learn about the OMA DM device description framework (DDF) for the RemoteWipe configuration service provider. description: View the XML file containing the device description framework (DDF) for the RemoteWipe configuration service provider.
ms.reviewer: author: vinaypamnani-msft
manager: aaroncz manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.topic: article ms.date: 02/17/2023
ms.localizationpriority: medium
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 08/13/2018
--- ---
<!-- Auto-Generated CSP Document -->
# RemoteWipe DDF file # RemoteWipe DDF file
This topic shows the OMA DM device description framework (DDF) for the **RemoteWipe** configuration service provider. DDF files are used only with OMA DM provisioning XML. The following XML file contains the device description framework (DDF) for the RemoteWipe configuration service provider.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the DDF for Windows 10, version 1809.
```xml ```xml
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN" <!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN" "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM"> <MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<VerDTD>1.2</VerDTD> <VerDTD>1.2</VerDTD>
<MSFT:Diagnostics>
</MSFT:Diagnostics>
<Node>
<NodeName>RemoteWipe</NodeName>
<Path>./Device/Vendor/MSFT</Path>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>The root node for remote wipe function.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.0</MSFT:CspVersion>
<MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;</MSFT:EditionAllowList>
</MSFT:Applicability>
</DFProperties>
<Node> <Node>
<NodeName>RemoteWipe</NodeName> <NodeName>doWipe</NodeName>
<Path>./Vendor/MSFT</Path> <DFProperties>
<DFProperties> <AccessType>
<AccessType> <Exec />
<Get /> </AccessType>
</AccessType> <Description>Exec on this node will perform a remote wipe on the device. The return status code shows whether the device accepted the Exec command. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element.</Description>
<DFFormat> <DFFormat>
<node /> <chr />
</DFFormat> </DFFormat>
<Occurrence> <Occurrence>
<One /> <One />
</Occurrence> </Occurrence>
<Scope> <Scope>
<Permanent /> <Permanent />
</Scope> </Scope>
<DFType> <DFType>
<MIME>com.microsoft/1.1/MDM/RemoteWipe</MIME> <MIME />
</DFType> </DFType>
<Description>The root node for remote wipe function.</Description> <MSFT:Applicability>
</DFProperties> <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;</MSFT:EditionAllowList>
<Node> </MSFT:Applicability>
<NodeName>doWipe</NodeName> </DFProperties>
<DFProperties>
<AccessType>
<Exec />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<Description>Exec on this node will perform a remote wipe on the device. The return status code shows whether the device accepted the Exec command.</Description>
</DFProperties>
</Node>
<Node>
<NodeName>doWipePersistProvisionedData</NodeName>
<DFProperties>
<AccessType>
<Exec />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<Description>Exec on this node will back up provisioning data to a persistent location and perform a remote wipe on the device. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command.</Description>
</DFProperties>
</Node>
<Node>
<NodeName>doWipeProtected</NodeName>
<DFProperties>
<AccessType>
<Exec />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<Description>Exec on this node will perform a remote wipe on the device, and fully clean the internal drive. In some device configurations, this command may leave the device unable to boot. The return status code shows whether the device accepted the Exec command.</Description>
</DFProperties>
</Node>
<Node>
<NodeName>doWipePersistUserData</NodeName>
<DFProperties>
<AccessType>
<Exec />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<Description>Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.</Description>
</DFProperties>
</Node>
<Node>
<NodeName>AutomaticRedeployment</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>doAutomaticRedeployment</NodeName>
<DFProperties>
<AccessType>
<Get />
<Exec />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>LastError</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>Error value, if any, associated with Automatic Redeployment operation (typically an HRESULT).</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Status</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>Status value indicating current state of an Automatic Redeployment operation. 0: Never run (not started). The default state. 1: Complete. 10: Reset has been scheduled. 20: Reset is scheduled and waiting for a reboot. 30: Failed during CSP Execute ("Exec" in SyncML). 40: Failed: power requirements not met. 50: Failed: reset internals failed during reset attempt.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node> </Node>
<Node>
<NodeName>doWipePersistProvisionedData</NodeName>
<DFProperties>
<AccessType>
<Exec />
</AccessType>
<Description>Exec on this node will back up provisioning data to a persistent location and perform a remote wipe on the device. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>doWipeProtected</NodeName>
<DFProperties>
<AccessType>
<Exec />
</AccessType>
<Description>Exec on this node will perform a remote wipe on the device and fully clean the internal drive. In some device configurations, this command may leave the device unable to boot. The return status code shows whether the device accepted the Exec command. The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which can be easily circumvented by simply power cycling the device, doWipeProtected will keep trying to reset the device until its done.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.1</MSFT:CspVersion>
</MSFT:Applicability>
</DFProperties>
</Node>
<Node>
<NodeName>doWipePersistUserData</NodeName>
<DFProperties>
<AccessType>
<Exec />
</AccessType>
<Description>Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.1</MSFT:CspVersion>
</MSFT:Applicability>
</DFProperties>
</Node>
<Node>
<NodeName>doWipeCloud</NodeName>
<DFProperties>
<AccessType>
<Exec />
</AccessType>
<Description>Exec on this node will perform a cloud-based remote wipe on the device. The return status code shows whether the device accepted the Exec command.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.22621</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.1</MSFT:CspVersion>
</MSFT:Applicability>
</DFProperties>
</Node>
<Node>
<NodeName>doWipeCloudPersistUserData</NodeName>
<DFProperties>
<AccessType>
<Exec />
</AccessType>
<Description>Exec on this node will perform a cloud-based remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.22621</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.1</MSFT:CspVersion>
</MSFT:Applicability>
</DFProperties>
</Node>
<Node>
<NodeName>doWipeCloudPersistProvisionedData</NodeName>
<DFProperties>
<AccessType>
<Exec />
</AccessType>
<Description>Exec on this node will back up provisioning data to a persistent location and perform a cloud-based remote wipe on the device. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.22621</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.1</MSFT:CspVersion>
</MSFT:Applicability>
</DFProperties>
</Node>
<Node>
<NodeName>AutomaticRedeployment</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Node for the Autopilot Reset operation.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName />
</DFType>
<MSFT:Applicability>
<MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
<MSFT:CspVersion>1.1</MSFT:CspVersion>
</MSFT:Applicability>
</DFProperties>
<Node>
<NodeName>doAutomaticRedeployment</NodeName>
<DFProperties>
<AccessType>
<Exec />
</AccessType>
<Description>Exec on this node triggers Autopilot Reset operation. This works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Azure AD and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>LastError</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>Error value, if any, associated with Automatic Redeployment operation (typically an HRESULT).</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Status</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>Status value indicating current state of an Automatic Redeployment operation. 0: Never run (not started). The default state. 1: Complete. 10: Reset has been scheduled. 20: Reset is scheduled and waiting for a reboot. 30: Failed during CSP Execute ("Exec" in SyncML). 40: Failed: power requirements not met. 50: Failed: reset internals failed during reset attempt.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</MgmtTree> </MgmtTree>
``` ```
## Related topics ## Related articles
[RemoteWipe CSP](remotewipe-csp.md) [RemoteWipe configuration service provider reference](remotewipe-csp.md)