MDM_RemoteWipe: Using MDM Commands Part 1

I remember working at the front desk where I was able to work and fix their device locally. Yeah, that was almost 4-5 years ago. And then technology progressed for a bit and now I’m able to remote wipe with a single click of a button.. yeah.. this button:

Yes, You heard me right, with a click of a button.

Yes, You heard me right, with a click of a button.

So then you ask: Well, okay.. how safe is it? If I send a wipe to Tony Stark’s Computer, because I am now Tony Stark’s Intune Administrator (jk). I want Tony to know that I can be trusted to wipe the device, even if the bad guys try to shut it off. It’s like one of those secret messaging briefcase that auto-detonate after the message.

Okay now back to the reality. Here’s the good news. We can do this by using ProtectedWipe. Well, okay what is protected wipe? Well, let’s review the follow:

Wipe device with Keep, Protected Wipe, and Wipe Device (no checkboxes).

Wipe device with Keep, Protected Wipe, and Wipe Device (no checkboxes).

So Protected Wipe will keep wiping the device even if the power loses. That’s what we need. Now let’s get Mr. Stark the details on how we can do this with a Powershell script.

Wait a minute, a powershell script? Why would we need that?

The assumption is that Tony Stark uses Microsoft Intune. And then I’m the guy that pushes the buttons, but if I’m Tony Stark is on a mission and I’m stuck in traffic or went on a field trip to Utah. Tony Stark has to push that button okay? No doubt, he’d love that option.

So let’s get on it! I saved some time for you, you’re welcome.

We’re going to put this powershell script and package it as win32 app…

$namespaceName = "root\cimv2\mdm\dmmap"

$className = "MDM_RemoteWipe"

$methodName = "doWipeProtectedMethod"

$session = New-CimSession

$params = New-Object Microsoft.Management.Infrastructure.CimMethodParametersCollection

$param = [Microsoft.Management.Infrastructure.CimMethodParameter]::Create("param", "", "String", "In")

$params.Add($param)

try

{

$instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT' and InstanceID='RemoteWipe'"

$session.InvokeMethod($namespaceName, $instance, $methodName, $params)

}

catch [Exception]

{

write-host $_ | out-string

}

If you want to learn more about this method, I’ll be going in-depth in part 2.

Previous
Previous

Automation: Rest API Call to Excel

Next
Next

Unblock QR Code Reader (iOS) in Intune MDM