For those of you who have Active Kill Disk, and want to automate it with ConfigMgr, this is how I’ve done it. This is very similar to the sdelete TS I made, however sdelete was not approved by our security team, so I had to reinvent with Active Kill disk. Active Kill Disk did offer some additional functionality, so I’ve redone this post with Active Kill Disk for those of you who might want to try this.
- First, install Active Kill Disk and Register it on a Test Computer
- On your Source Server, create a Folder where you will keep the Package Contents
- Copy the Files from your test machine to your Package Folder
- C:\Program Files\LSoft Technologies\Active@ KillDisk Suite X.X (Use 9.2 and above to support x64 Boot Media)
- Skip the KillDiskBootDisk.iso file
![image]( "image")
- Next we’ll use a Batch File that will run the process and log the results to the server.
- Download Scripts here (Contents shown below), and add it to your Package Source
- Create a Package in ConfigMgr, (no program), and distribute the contents. You’ll then point your TS at this package to grab the files needed.
Echo off
REM Script to Wipe Computer using Active KillDisk to meet State Requirements
REM Creates Logs on Network Drive (L:) Which you map in a task sequence step before the Script.
REM FingerPrints Computer with Wipe Results.
REM Created 08.01.2014 by Gary Blok
REM Create FlashDrive Removal Warning:
echo Remove Flash Drive From Machine if Present and Close this Box >>X:\Windows\FlashWarning.txt
echo Will Automatically Continue in 30 seconds >>X:\Windows\FlashWarning.txt
echo Flash Drive WILL BE ERASED if NOT Removed >>X:\Windows\FlashWarning.txt
start X:\Windows\FlashWarning.txt
REM Poor Mans way to pause the script for a short period allowing users to remove the flash Drive.
ping 10.1.1.1
REM – MAP NETWORK DRIVE FOR LOGS (Done in TS Step)
REM net use l: \\server.fqdn\DiskWipeResults /user:domain\useraccount PASSWORD REMOVED (in TS NOW)
REM – RUN KILLDISK PROCESS
REM Options = -ea (Erase all Disk)
REM Options = -em=3 (US DoD 5220.22-M ECE (7 passes, verify)
REM Options = -bm (BatchMode = no user interaction)
REM Options = -fp (Finger Print = When computer boots, displays when it was wiped)
REM Options = -logpath & -certpath (Path were it will save the files)
%WinDir%\killdisk.exe -ea -em=3 -bm -fp -logpath=l:\ -certpath=x:\
REM – SET VARIABLE FOR TAG – Rename PDF File and Copy to Folder on Server (L:\Certificates)
REM http://killdisk.com/killdisk-faq.htm#serial
For /f “skip=2 tokens=2 delims=,” %%i in (‘wmic bios get serialnumber /FORMAT:csv’) do (set “servicetag=%%i”)
ren x:\*.pdf ServiceTag-%servicetag%.pdf
copy x:\*.pdf l:\Certificates\ /Y
REM – Append the ServiceTag number to the KILLDISK.LOG file (including date/time stamp) on Server (L:\KILLDISK.log)
echo %date:~4,10% %time:~0,10% ServiceTag#: %servicetag% >> l:\KILLDISK.LOG
echo ———————————–END OF WIPE PROCESS FOR %servicetag%——————————————- >> l:\KILLDISK.LOG
echo .>> l:\KILLDISK.LOG
echo .>> l:\KILLDISK.LOG
echo .>> l:\KILLDISK.LOG
echo ———————————–NEXT WIPE PROCESS STARTS HERE————————————————– >> l:\KILLDISK.LOG
REM – SET VARIABLES FOR REPORTING
for /F “skip=2 tokens=2 delims=,” %%A in (‘wmic systemenclosure get serialnumber /FORMAT:csv’) do (set “serial=%%A”)
set serial=%serial:~-15%
for /F “skip=2 tokens=2 delims=,” %%A in (‘wmic csproduct get vendor /FORMAT:csv’) do (set “compvendor=%%A”)
for /F “skip=2 tokens=2 delims=,” %%A in (‘wmic csproduct get name /FORMAT:csv’) do (set “compname=%%A”)
for /F “skip=2 tokens=2 delims=,” %%A in (‘wmic CPU get name /FORMAT:csv’) do (set “CPUname=%%A”)
for /F “skip=2 tokens=2 delims=,” %%A in (‘wmic computersystem get totalphysicalmemory /FORMAT:csv’) do (set “memory=%%A”)
set /a memory = memory / 1048576
for /F “skip=2 tokens=2 delims=,” %%A in (‘wmic diskdrive get size /FORMAT:csv’) do (set “hddsize=%%A”)
set hdd=%hddsize:~0,-4%
set /a hdd=hdd/1048576
set TimeStamp=%DATE:~10,4%%DATE:~4,2%%DATE:~7,2%
REM Creates Network Log File (L:\DiskWipeResults.log) and appends information
echo. >>l:\DiskWipeResults.log
echo Date: %TimeStamp% >>l:\DiskWipeResults.log
echo Serial: %serial% >>l:\DiskWipeResults.log
echo Vendor: %compvendor% >>l:\DiskWipeResults.log
echo Model: %compname% >>l:\DiskWipeResults.log
echo CPU Type \ Speed: %CPUname% >>l:\DiskWipeResults.log
echo Memory: %Memory%MB >>l:\DiskWipeResults.log
echo HDD Size: %hdd%GB >>l:\DiskWipeResults.log
echo ____________________________________________________________ >>l:\DiskWipeResults.log
REM Creates Network Label for Machine – (L:\DiskWipe-SerialTag.txt) – Print & Fillout and Tape to Physical Machine
echo Vendor: %compvendor% >>l:\DiskWipe-%serial%.txt
echo Model: %compname% >>l:\DiskWipe-%serial%.txt
echo Serial: %serial% >>l:\DiskWipe-%serial%.txt
echo CPU Type \ Speed: %CPUname% >>l:\DiskWipe-%serial%.txt
echo Memory: %Memory%MB >>l:\DiskWipe-%serial%.txt
echo HDD Size: %hdd%GB >>l:\DiskWipe-%serial%.txt
echo. >>l:\DiskWipe-%serial%.txt
echo Asset Tag: ____________________ >>l:\DiskWipe-%serial%.txt
echo. >>l:\DiskWipe-%serial%.txt
echo DoD 5220.22-M sanitization Wipe using KILLDISK – 7 Passes >>l:\DiskWipe-%serial%.txt
echo Date Sanitized: %TimeStamp% >>l:\DiskWipe-%serial%.txt
echo. >>l:\DiskWipe-%serial%.txt
echo. >>l:\DiskWipe-%serial%.txt
echo Sanitized and Verified By: ______________________________ >>l:\DiskWipe-%serial%.txt
REM Creates Local Log file that displays at end of Process on the Screen.
echo Disk Wipe Complete, Please Record Data for Records >>X:\Windows\JobComplete.txt
echo This computer has finished with a DoD 5220.22-M sanitization of the local hard drive. >>X:\Windows\JobComplete.txt
echo Please close this file and turn off the computer. >>X:\Windows\JobComplete.txt
echo. >>X:\Windows\JobComplete.txt
echo Date: %TimeStamp% >>X:\Windows\JobComplete.txt
echo Serial: %serial% >>X:\Windows\JobComplete.txt
echo Vendor: %compvendor% >>X:\Windows\JobComplete.txt
echo Model: %compname% >>X:\Windows\JobComplete.txt
echo CPU Type \ Speed: %CPUname% >>X:\Windows\JobComplete.txt
echo Memory: %Memory%MB >>X:\Windows\JobComplete.txt
echo HDD Size: %hdd%GB >>X:\Windows\JobComplete.txt
REM End of Script
JobComplete.bat (Very Simple, just calls the JobComplete.txt file)
Echo off
REM Launched JobComplete.txt that was created in the WipeProcess.bat
X:\Windows\JobComplete.txt
Task Sequence: (Boot image is WinPE x64)
- Disable Bitlocker if starting from Windows & Reboot to PE
- Partition if Necessary (Copied from MDT TS)
- Bios Settings – Wipe Bios Password
- Wipe Drive (KillDisk)
![image]( "image")
I’m going to focus on the Wipe Drive section
- Format and Partition Disk
![image]( "image")
- Copy KillDisk to X drive (Virtual PE Drive)
![image]( "image")
- Map Drive L (Used for log files)
![image]( "image")
- Run Kill Disk
![image]( "image")
- The HDD Has been wiped clean (Notification on Screen)
JobComplete.bat –> Launches JobComplete.Txt File created during WipeProcess.bat![image]( "image")
In Action
Warning to remove the bootable Flash Drive.. (IT will securely wipe that too)
Sorry, my VM doesn’t provide the best results for the demo, but it’s much easier to grab the screenshots. Should give you the overall picture of the Task Sequence.
File Server Share Logs:
killdisk.log:
creates a page to print out to place on computer:
The Active Kill disk Certificates:
Certificate Example:
Hope those of you with Active Kill Disk find this useful.
