How to “Push-button reset” Windows 10

The “push-button reset” (PBR) is the way to do a “factory reset” on Windows 10. It constructs a fresh Windows 10 installation and we can start over again.

Implementing a Microsoft 365 powered device mobility concept for a modern workplace with Windows 10, makes usage of Windows as a Service and provides new ways of self enrollment. Wherever we are, we service the OS from the cloud (Windows Update for Business) and manage it from the cloud (Intune).

In case of failure there are primarily two options:

  • Get a new device and enroll the device to Azure AD again
  • Start push-button reset to run a factory reset and start over again

In case of failure or if we want to re-purpose the device (back into stock or hand over to another employee) we use the push-button reset in this concept.

 

How is push-button reset triggered from the client?

First of all we need to distinguish between a device where the user is local administrator and a device where the user is standard user.

In case of local administrator the push-button reset can be triggered from Settings > Update & Security > Recovery > Reset this PC > Get started

PBR Settings Local Administrator

As shown there are two options available:

  • Keep my files
  • Remove everything

When choosing “Remove everything” we have the following two additional options:

PBRResetEverything

Be aware if “Remove files and clean the drive” is chosen it will really take a long time to complete!

 

In case of standard user we do not have the reset option in settings available. This is relevant when using AutoPilot and a profile with “Disable local admin account creation on the device” as shown below:

AutoPilotProfileSfB

As a standard user the settings are shown with no reset option in the recovery menu:

PBRSettingsStandardUser

For Microsoft 365 powered devices managed by Intune we can deploy the Company Portal and use it to trigger the reset. Open the deployed Company Portal > choose device > … (menu in the upper right) > Reset

PBRCompanyPortal

PBRCompanyPortalDialog

 

How is push-button reset triggered from Intune?

We need to open the Intune portal portal.azure.com and navigate to Intune > Devices > All Devices > pick the particular device > Factory reset

IntuneFactoryReset

as shown in the screenshot there is the additional option to “Retain the enrollment state and user account”.

For detailed description what is retained please refer to: https://docs.microsoft.com/en-us/intune/devices-wipe#factory-reset

If the device is on and connected, it takes less than 15 minutes for a factory reset command to propagate across all device types.

 

What is the “Fresh Start” available in Intune?

The Fresh Start device action removes any apps that were installed on a Windows 10 PC running the Creators Update, then automatically updates the PC to the latest version of Windows. This can be used to help remove pre-installed (OEM) apps that are often delivered with a new PC. You can configure if user data is retained when this device action is issued. In this case, apps and settings are removed, but the contents of the users Home folder are retained.

IntuneFreshStart

IntuneFreshStartDialog

If the device is on and connected, it takes less than 15 minutes for a factory reset command to propagate across all device types.

 

Reset in Action

When a reset is triggered the device will end up rebooting and the reset will occur.

Windows10Resetting

After finishing the reset the device will start in OOBE again for new enrollment or at the logon screen when enrollment was retained.

 

Issues with Lenovo devices and the troubleshooting

During tests I observed Lenovo devices which ran into an error after resetting and starting into OOBE again. Shortly after language and keyboard selection I got this:

OOBESomethingWentWrong

After some debugging I found out that the license.rtf file was not available in C:\Windows\System32 and this blocked the OOBE from displaying the EULA and resulted in the “Something went wrong” error screen. Click on “Try again” generated a loop.

I could solve this problem with a small customization of the PBR. The PBR has options to add a script to the PBR routine. More details see here: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-a-script-to-push-button-reset-features

I prepared a script which copies the license.rtf file back to C:\Windows\System32 folder if it is missing after the reset. We need to prepare 2 files and we need the license.rtf from a running Windows 10 device.

EnableCustomizations.cmd

rem EnableCustomizations.cmd

rem Define %TARGETOS% as the Windows folder (This later becomes C:\Windows)
for /F "tokens=1,2,3 delims= " %%A in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RecoveryEnvironment" /v TargetOS') DO SET TARGETOS=%%C

rem Define %TARGETOSDRIVE% as the Windows partition (This later becomes C:)
for /F "tokens=1 delims=\" %%A in ('Echo %TARGETOS%') DO SET TARGETOSDRIVE=%%A

rem Add back license.rtf file if missing
IF NOT EXIST "%TARGETOS%\System32\license.rtf" (
copy "%TARGETOSDRIVE%\Recovery\OEM\license.rtf" "%TARGETOS%\System32\license.rtf" /y
)
exit /b 0

ResetConfig.xml

<?xml version="1.0" encoding="utf-8"?>
<!-- ResetConfig.xml -->
<Reset>
 <Run Phase="BasicReset_AfterImageApply">
 <Path>EnableCustomizations.cmd</Path>
 <Duration>2</Duration>
 </Run>
 <Run Phase="FactoryReset_AfterImageApply">
 <Path>EnableCustomizations.cmd</Path>
 <Duration>2</Duration>
 </Run>
</Reset>

In the end copy EnableCustomizations.cmd, ResetConfig.xml and the license.rtf to the folder:

C:\Recovery\OEM

After deploying the custom PBR fix for the Lenovo devices the push button reset runs smoothly.

 

Further information

Remove devices by using factory reset or remove company data
https://docs.microsoft.com/en-us/intune/devices-wipe

Push-button reset
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/push-button-reset-overview

Add a script to push-button reset features
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-a-script-to-push-button-reset-features

 

Happy resetting!

 

2 thoughts on “How to “Push-button reset” Windows 10”

    1. Thanks RKast! Nice to chat with you again 🙂
      Absolutely you are totally right. Another option we have available since 1709. By default it is disabled but no problem to enable it via device restriction policy. We even don’t need the OMA-URI anymore its in the General section of Windows 10 device restriction profile “Automatic re-deployment”. But remember any workstation admin could trigger the reset. Requirement is to have local administrator permissions. If we do not configure it only Intune Admins or the user itself could trigger a PBR reset.
      best,
      Oli

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s