Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How Can I Securely Delete Everything Except the Operating System? Five Steps to Get as Close as You Can

Question: I’m about to give away my machine, but I want to leave Windows installed. How can I securely delete everything except the operating system?

You can’t.

Not really, not completely, and definitely not securely.

I’ll describe a few steps that will delete a lot — perhaps enough for your concerns — but it really depends on how paranoid you are about the various traces that will still be left on a machine you’ve been using a while.

Deleting everything? There’s only one way to do that.

Become a Patron of Ask Leo! and go ad-free!


While you can’t securely delete everything, you can get close.

  • Delete and uninstall data and programs.
  • Remove users.
  • Run a disk cleaning utility.
  • Delete some system files.
  • Wipe free space.

Alternately: erase everything, including Windows.

Delete and uninstall as much as you can

The process starts by deleting your data files and uninstalling all the programs you’ve used or added and don’t want to be part of the machine when it’s reused by someone else.

For your data files, that means deleting things from My Documents and wherever else you kept data files.

A good start for programs is to take a walk through Add/Remove Programs, or Programs and Features in Control Panel, or the Settings App, and just start uninstalling.

Delete KeyFor extra security, you might want to use Revo Uninstaller instead. Revo not only lists more things, but it uninstalls more thoroughly. It uses a couple of levels of “aggressiveness” to determine what to remove, and this is one case where it makes sense to be as thorough as possible.

Remove all users but one

If your machine has more than one user account, remove all except for a single account that has administrator privileges. This should delete a plethora of files and settings associated with each account.

Clean crud

Run the built-in Disk Cleanup Utility, or, better yet, grab a copy of CCleaner (a free download — you do not need to buy support), and use it to clean up as much as it can.

The goal here is to remove traces from browser caches, temporary files, and a host of other things — many of which might be benign, but many others that may inadvertently contain things you’d rather not share with your machine’s subsequent owner.

Consider running a registry scan. I’m not a big fan of registry cleaners, but this is a case where they might remove additional information you don’t want left behind, and the cost of failure (an unbootable machine) is relatively low. You may want to take an image backup prior to the cleaning, in case you want to be able to recover from that worst-case scenario.

Turn off some system files

Set your virtual memory to zero and delete the paging files. Turn off Hibernation and remove the hibernation file.

These are hidden files in the root of your system drive, typically C:\.

Turn off System Restore.

All of these files could contain private information, and could be turned back on by the machine’s new owner should they so desire.

Securely erase the empty space

Using a tool like CCleaner’s “Drive Wiper”, securely erase unused space on your hard disk.

Merely deleting files doesn’t overwrite the data, so it could still be recovered. Tools like Drive Wiper actually overwrite all of the unused space on your hard drive with random data to completely remove all traces of what had been stored there before.

That’s about as good as you can get using this approach.

What still might be missed

The problem with this approach is that you don’t know what you might have missed.

Even after all the deleting and cleaning above, there might be system files left that indicate something about who you are or what you used the machine for. For example, registry settings could remain that contain settings for programs (perhaps even programs no longer installed).

You just don’t know.

That’s why this is not an approach I recommend.

Nuke it instead

Using a tool like DBAN erases the hard drive completely. It’s easy, and every single bit of every single byte — operating system, settings, programs, and data — is removed from the hard drive…

… including all your personal information.

Then, if you like (and if you can), reinstall the operating system from an install disk.

If you don’t have one, perhaps grab a free copy of a Linux distribution and install that instead.

But erasing the hard disk completely is the only way to be absolutely sure you haven’t left personal information on the machine prior to handing it off to someone else.

If you found this article helpful you’ll love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe (including what needs erasing, and when), and increase your confidence with technology.

Subscribe now, and I’ll see you there soon,


Podcast audio


73 comments on “How Can I Securely Delete Everything Except the Operating System? Five Steps to Get as Close as You Can”

  1. One more layer of security would be to create a new administrator account, delete all of the other accounts and wipe (not just delete) all the files associated with the deleted accounts and wipe all folders in “Program Files” and “Program Files (x86) which pertain to uninstalled programs if any still remain” before the final free space wipe.

  2. You should also know that even simply formatting the hard disk might not suffice in eradicating your data if you’re really truly paranoid or truly need that level of security.

    If you want your data inaccessible by the new owner you’ll have to remove the disk and install a brand-new one. For the old one, if you want to safely dispose of it, you’ll need to go the hammer way. That is to physically and thoroughly destroy the disk. And no, just because when you connect it to your computer the computer can’t read it does not mean that no-one else can’t read it either.

    Of course Leo has talked about using encryption for your disks before If you were in the habit of formatting and encrypting the disk before using it even once then a simple format would be quite safe, because the data, even if retrieved, would be unintelligible without the password / keyfiles.

    Of course that’s rather extreme and guessing from your being here to ask advice on how to secure data you really don’t need that level of extreme measures to protect yourself. Just start with encryption from day 1 for the next system you build and go for a fresh install when you decide to give it away. It’s always safer that way.

  3. Since you mention CCleaner, you may want to know that the new 3.x version includes the ability to securely wipe the freespace of a drive, as well as the entire drive itself:

    “A new Drive Wiper tool screen under the Tools section, which allows users to securely erase the contents or free space on a specified drive.”

    (Though I’d still probably use DBAN to wipe an entire drive.)

    • That software will not install without it’s buddies ! I have given up on trying to get it on to my Win 10 64 bit machine – Avast Antivirus thinks it belongs here too ! A shame because I would likely have paid for the CCleaner if had behaved – not now !

  4. I recall wiping a mac recently. The number of passes for overwriting data they offered were… 1, 5 (DoD spec compliant), and 35. So to be security compliant with DoD (Department of Defense) specs, you have to do the wipe/overwrite process 5 times. Some people, however, require more.

        • Well, whether changed or not, I’d certainly prefer seven passes to five!

          When it comes to wiping, “more is better” is a good rule as long as you don’t go bonkers (because, at a certain point, further wiping ceases to accomplish anything and just consumes massive amounts of time both needlessly and uselessly).

          Seven passes should be more than enough; but if you’re really paranoid, ten passes aren’t unreasonable.

          Thirty-five passes, on the other hand, are just plain idiocy.

          • ” at a certain point, further wiping ceases to accomplish anything and just consumes massive amounts of time both needlessly and uselessly” — to me that certain point is 3. :-)

            Pragmatically, it’s 1.

  5. I wipe my free space about every two months. It really speeds up my system. As I keep almost all my files on external HDD this can take some time! I have used File Shredder for years, when I wipe my free space with it I usually go for the 3 pass.(DoD) On my 419gb free of 494gb usable internal, this takes about 9/10 hours. I just tried a newer program East-Tek Eraser that I used to wipe the last 2 times,using the 7 pass “stop hardware recovery” setting. This takes a whopping 16 1/2 hours! Have also used the Guttman setting once 35 passes, and will never again because of the time involved. A 3 to 7 pass should be enough for almost anyone.

  6. As a add on to my above post……. Make sure that you do everything else before you run the wiper. By this I mean, Empty the recycle bin,delete all programs/files/whatnot you dont want,run defragger. Then wipe. This WILL speed up your system.

    • I’d really challenge the idea that wiping free space speeds up the computer. How could it do that ? Wiping free space may be needed, precisely because the operating system never goes there, despite there being remnants of officially “erased” files.

      If the above poster really did experience a measureable acceleration of his system (as opposed to the placebo effect of spending many hours doing lots of “techy” stuff, then subconsciously assuming that it must be faster, since he took that much pain to clean it), then it’s most likely because of the things he did before, such as defragging his disk.

      I’ve read many articles by experts about the theory and practice of wiping data. I don’t remember ever reading that it had the effect of making the computer faster, or that it should be done to that effect.

  7. I have had to purge many computers many times. I am the IT Help for several small local businesses, and regardless of company rules, employees continually add junk to office machines.

    Follow the usual steps to Control Panel > Remove Programs, and then look at the folders. In my case, there will be a great many mystery folders and I have no idea what they are for.

    So, after the usual cleaning, I add and “X” to the unknown folders. The folder, “Mystery” becomes “Mysteryx”

    Now we continue to operate the comuter, reboot a few times, and if no problems surface, I delete the folder.

    If a problem occurs, you can boot to Safemode, remove the “X” and then dig deeper to learn what this mystery folder is used for.

  8. After recently parting ways with my employer, I had to return my laptop which I must admit included a fair bit of extra -unrelated- junk from my weird techie side habits. I went through most of what Leo said, but not the part including turning off sys files etc. There were things I didn’t want potential snoopers to find, so I downloaded a program called Eraser which does exactly what SDelete does. It wiped a lot of stuff away in a systematic and straight forward way. All in all, I am comfortable believing I left very little traces behind, but as Leo says, it really depends on how paranoid one is about the data on the machine.
    Alternatively, if I were selling my machine, there is no question I would have nuked it, as I did with a previous-previous job’s laptop as well. I have no qualms about doing that at all to satisfactorily cover all traces.

  9. Is it really worth it to sell the computer? The only really sure way to insure no one finds anything is to trash the hard drive and trash the rest of the computer. This is hard to do but psychologically worth it. There always could be stuff on there even after nuking the system I think. Call me paranoid but I sleep nights.

    If you nuke the hard drives (all hard drives if more than one), then I believe selling a machine with an empty hard drive is safe.


  10. Thanking you Leo.
    As usual, another informative article. Having previously ‘looked around’ regards disk cleansing, I’d like to share my comments since more knowledge never hurts. Perhaps the readers may know further security in making their tool selection for what is after all potentially capable of major repercussions at both personal and financial levels should sensitive data remain on the supposed cleansed disk.

    Readers are encouraged to look further afield in their quest for a real security disk wipe utility.
    Perhaps as a starter:

    Please pay particular attention to “Secure Erase” and it’s authorship pedigree and the host of governmental and legal requirements which it satisfies. Additionally, numerous governmental agencies and commercial bodies use this ‘approved’ tool.
    Note that it is free for download (and usage – aka: freeware)

    In your research, you will also note that DBAN “does not” satisfiy any technical or legal regulatory requirements (NIST 800-88) of any security departments or ‘in the know’ disk scientists etc. Note that it is known that DBAN will not cleanse a remapped block…
    In the U.S.A, there are stringent legal requirements placed upon those that embark on disk cleansing. Failure to comply can lead to $250k fine and even 10years in jail…

    Ultimately, if money to burn then fork out for NSA approved degausser :)

  11. ComputerWorld reports (March 7, 2011) that recovering data from both SSD drives and flash drives is incredibly easy even after being overwritten.

    This article requires you to sign up. But it is harmless to do so. Remove the check marks from both boxes and you will not get any additional mailings. At least that is my experience.

    This article is scary and should be required reading.

  12. How do I remove all users except “administrator”…and where do I go to find it? I am unable to update my browser, download Adobe to see any videos, or anything. Any help would be appreciated. thanks

  13. @Pooky
    Windows 7: from the Control Panel click on User Accounts, then click Manage Other Accounts, click on the icon for the account you want to remove and then click on Delete the Account. From there, follow the prompts and decide whether you want to remove the data files and then confirm the delete.

    Windows XP: from the Control Panel click on User Accounts, click on the icon for the account you want to remove and then click on Delete the Account. From there, follow the prompts and decide whether you want to delete the files and then confirm the delete.

    Vista should be somewhat similar.

    You may want to back up any data from the account before deleting it and choosing the Delete Data option.

  14. hi,
    i unconciously deleted my administrator. but then i had made a new administrator. But i cant access those programs that was saved in my deleted administrator. Unknowingly, I went to documents and settings looking for the folder of my administrator which i had deleted and i tried to copy all folders in there and i tried to paste those in my new administrator but my hard disc had reach to its fullest storage, so i go back to documents and settings and look again for the folder of the administrator i deleted before, and decided to erase all data folders in there.
    now, i cant find any of it. but even i deleted all those, my hard disc size is still the same,means that the files from the folder of the administrator was still in my machine, but i cant find it. My Local Disc C: turns into color blue letters,unlike the other drives which is just black.
    What is the possible problem of my laptop???
    i am using a hp mini 2133 windows xp home edition.
    Is there any way that i could bring back my old settings?or whats the best thing i could do to fix this problem?

    • The best thing you could do to fix this problem is to bring it to a professional for help. After all your attempts to fix it, however, it is doubtful if your data can now be recovered. You are in way over your head with this technology. You need to recognize that, and get professional help when you need it. It’s nothing to be ashamed of, but something that you need to recognize.

  15. I have used Revo Uninstaller for years, and love it. It is the only program I have used that finds Registry entries, and safely deletes them along with the program you no longer want. The only issue I have right now with Revo is that it still seems to have issues in Windows 10. You know you installed a program, but it is not showing up in Revo.

  16. With Windows 10, a simple option is to Reset the PC (Update & Security > Recovery), selecting the option to Remove Everything. You can then securely erase the unused areas as per Leo’s suggestion using “Drive Wiper”. I recently used Reset to clean a laptop that had become clogged with programs.

    • this is an excellent point. I had inquired to several sites, about the windows 10 clean install.
      had a prior windows 7 machine, had upgraded to windows 10, used it for a while, then decided to retire it and donate it.

      per all the windows 10 feedback, the windows install (even the CLEAN INSTALL) will KEEP the windows 10 activation keys, because it is related to machine hardware (it activates automatically). so, essentially, a NEW windows 10 install, maintaining the windows 10 key, and no other data.

      again, to be safe, just wipe the empty space, but unless you’re giving it to the NSA, or you had secure secure financial stuff, this should suffice.

      AND, to be doubly safe, just WIPE WIPE WIPE the whole drive, and then do a clean windows 10 install.
      we just did this to one machine, and it is activated (had prior windows 7, then was upgraded to windows 10), and it has kept the windows 10 activation.

  17. Suppressing all accounts excepe for the administrator account is good, but could not be enough. It’s important to NOT preserve the content of any of the deleted accounts. The option to preserve or not is offered each time you delete any account.
    As the administrator account may content some personal information, an additional step may be needed : After deleting all regular accounts, create a brand new administrator account. Log into that new account and suppress the original administrator account. Defragement and wipe the free space clean.

  18. Here’s what I would do; it could take a long time but I think it would work. I would delete everything except the windows folder. Then, I would find a way to automatically copy (with some program) some sharabia (insignificant data) until the disk is full; than I would erase these insignificant data, which would be the only think recoverable on the disk, wouldn’t it?

  19. In the year 2000, when I left the job I had under less than amiable circumstances, I deleted everything from the one hard drive, data and programs, except mspaint.exe. I then filled the entire drive with large .bmp files and deleted all of them. The only thing that could have remained was raw data of innocuous content, along with the file headers. I was not concerned with such residues as those. I never heard anything about the computer after that. Does anybody have reason to believe that technique does not work?

    • If you left MSPaint, that would mean that you didn’t remove Windows. You may have gotten most of it wiped, but as the article states, there are a few places which you might have missed where residual data might have remained, for example the swap files and some files in App Data etc.

  20. Why does this site keep mentioning a windows install disk? Besides me, NOBODY has ever made one. (I have given the usual speeches, but eventually gave up). Nobody wants to bother. (I never told them it takes hours, they do not care). Two computers are macs, so I know nothing about them. When that day comes, I may rub it in or not.

  21. When donating an old computer, I always remove the hard drive and then “erase” it with a ball peen hammer. It takes about 30 seconds, has no cost, and I know that all the data is unrecoverable. All the platters are crushed. A low-tech solution is sometimes the best.

  22. I don’t think anybody’s mentioned doing a factory reset yet. Usually you got to press a couple of keys while booting up your system. Sometimes you can do a reset from within Windows. My Acer Win7 desktop includes software named Acer eRecovery Management where I can start a reset from there. After 4 years I’m planning to do this to my Acer, not to sell, just to many issues, software rot more likely. The key combo for Acer is Alt + F10, by the way.

    • The problem with a factory reset is that it doesn’t wipe the free space on the c: drive, so anybody with a file recovery program like Recuva would be able to access the data.

  23. My data isn’t very interesting but my preferred method was to have 2 hard drives in my machine and separate Windows from everything else. Then just remove my data and program drive If i wanted to remove all the data and programs I could format that drive then fill it with movies and then format it again or just leave it full of movies.and music. I tend not to sell or give away machines anyway. I think i still have my win3.1 drive kicking around.

  24. Good article and bang on the button. It takes approx… one hour to format a hard drive and install any version of windows. Attempting to delete/clean all areas of a hard drive and cleanse all repositories like the registry could take days and like you said; you just couldn’t be sure you got everything.

  25. This is just what I needed. I upgraded to a new PC and sold my old one. I was just going to use the “shred” function on my virus software to wipe all the data, but I was concerned that there might be stuff left behind in the Windows folder or in the registry. I downloaded and ran DBAN. My only (minor) complaint was that it took 15 hours to finish wiping a 1.5 TB drive. The person who bought the computer had to wait until the next day to pick it up. Thank you, Leo!

  26. I have OEM Windows 10 fully updated. Could I just pick up on the suggestion made to use the Reset option within Windows 10? Microsoft recommend this if the clear all option is the selected (all files and non original software plus all accounts are removed and one administration account is established) if passing on or selling. Is there still any concern about private data still residing somewhere which would need further action after the reset? Thanks Jonathan

    • A deleted file recovery utility would be able to recover the deleted files. Running a free space wiping utility like the one in CCleaner would help with that and it would be secure against normal attempts to recover the data. Forensic recovery methods might be able to recover some of the data.

  27. Hello All
    I have a DELL CPU PC that I want to completely wipe clean the hard drive so that the hard drive is totally blank
    The reason being is that I have no more use of the Dell CPU PC and want to sell the unit
    I need to completely wipe the hard drive so that it is blank so that EVERYTHING is wiped away and whoever has my machine has to start completely again
    I have a Dell CPU PC running Microsoft Windows XP
    How do I wipe away all data, pictures, videos, music, and take off Windows XP so that a new OS is put on when the next owner/buyer has my Dell CPU PC desk top
    Thank You

  28. Having read all this, I am glad that we have kept all of our old computers (we even still have our Apple IIe). It may be time to open a museum.

  29. “If your machine has more than one user account, remove all except for a single account that has administrator privileges. This should delete a plethora of files and settings associated with each account.”
    I’d go one step farther.

    When I gave my brother my old computer, I created a new user account and deleted the other account. That way most, if not all of the user-created data is deleted and recovering any traces would require some serious computer skills and he has trouble with the basics. When I sold a laptop, I reinstalled Windows from the reset disc I created when I installed Windows the first time. Unfortunately, those no longer exist. I should have run a free-space wipe after that.

  30. I frequently receive a computer/laptop from people I’m helping, especially when they are buying a new device. If I keep the device I can install a new OS on the drive. IF I am donating the machine to a local used computer store, I take the drive out, take it to my drill press and drill through the drive and donate the machine. No one can retrieve data from that hard drive.

    • No need to destroy a perfectly good disk drive. DBAN is just as secure and you get to reuse the hard drive.

    • You wrote: “No one can retrieve data from that hard drive.”

      No, no one can… but they can’t reuse that disc, either!

  31. I have just come across this thread and I’m surprised that none of the discussion seems to be about what to do with SSDs as opposed to regular hard drives. I assume that the business of multipass wiping etc doesn’t apply to SSDs.

  32. Just my 2 cents worth, I would go a little further, as far as the Single Admin Account. I would create a new Admin Account, login with it then remove all other accounts, being sure to select Delete All Files.

  33. No one seems to have mentioned the Windows license. If you give away a PC with Windows installed, you’re giving away your Windows license as well & will need to purchase a new license. BTW, I thought the TOS for Windows said it was not transferable. I may be mistaken about that.

    • Typically, for retail purchased computers, you’ll have an OEM Windows license, which means it belongs with the hardware. You can’t legally reinstall that license on another computer (even if you remove it from the original computer).

      If you bought a retail Windows license, then you would be able to transfer that license to the new computer, assuming you removed it from the original.

      I’m fairly confident that if you are selling/donating an old computer, with Windows installed, the transfer to another party is allowed regardless of whether it is retail or OEM.

  34. I service senior’s computers. That’s Seniors as in Old People. I take care of your grandmother’s computer. It’s a great business for a retired guy who still likes helping seniors with new technology.

    I often setup and transfer data and programs from the old pc to new. When it comes to “what to do with the old pc” I always suggest removing the drive and keeping it. In a protective way and mark it as to where it came from and date. My thinking is: it’s always a source to connect to and copy the missing pictures from the grand baby’s first birthday or the granddaughter’s wedding. Seniors seldom save files in appropriately designated folders and their jpgs are scattered all over the pc: in desktop, downloads, pictures, documents, 5 year old email folders and other strange places.

    The old computer’s is usually really old, and of little value. My suggestion to them is to make a petunia planter or boat anchor from the pc case. Seems like the intent is always to give it to a grandson but never makes it out of the closet. The grandson generally already has something much better and really doesn’t want grandma’s old pc.

    • I’d suggest to them that they get an HDD USB housing and use that drive as a backup. Search the drive for any image and video files and copy them to the new machine and move them to appropriate folders on the older drive. Erase the Windows, Programs, and possibly a few other folders which you know don’t contain any user data to make more space for backups

  35. DBAN is nice but I prefer Secure Erase instead since it’s quicker (the drive itself overwrites/blanks all writable areas on the hard drive) and is good enough from what I have read on regular hard drives and in terms of SSD’s, Secure Erase is definitely what you want as DBAN is bad for SSD’s.

    even on SSD from what I understand (someone correct me if I am wrong) when the Secure Erase is issued (like on Samsung 850 EVO etc), it simply changes some sort of internal encryption key within the drive itself so any previous data won’t be recoverable because the encryption key the drive uses to read that data is deleted/changed (this applies for normal use/non-encrypted SSD’s (i.e. how a typical person would be using their SSD)). I think this is why Secure Erase is very fast on a SSD (maybe a couple of seconds or so to complete) since it does not actually overwrite the SSD data like it does with a regular hard drive, but since it changes the encryption key from within the SSD internally it’s like all of the data is overwritten and completely blank. but with a regular hard drive it actually has to overwrite all areas of the hard drive which takes much longer.

    when using Secure Erase I just use the last free version of ‘Parted Magic’ (one can get it from majorgeeks dot com) which is from the year 2013 from a bootable CD-RW etc. it basically requires a unfrozen HDD/SSD to work (they are generally frozen by default upon boot up) which ‘might’ require removing the power to your HDD/SSD while the computer is running after Parted Magic is up and running etc as that’s generally what I have to do to get them in a unfrozen state so that the Secure Erase command is issued on my old computer etc. it gives you a option to try first (like temporarily powers down PC and back on (i.e. sleep mode) to the Parted Magic stuff) before doing this, but it might or might not work. but the key thing here is getting the HDD/SSD into a unfrozen state otherwise the Secure Erase command can’t be issued. here is their general website page on Secure Erase which looks a little different on the older version of Parted Magic from that majorgeeks website but it gets the gist of things across… (NOTE: while that is the official website of Parted Magic, those newer versions are not free but the one listed on majorgeeks website is completely free, but it’s from the year 2013(which is what I use)) ; but from memory, I believe it has a person enter a password thing (like where it says ‘NULL’), I just put ‘temp’ (without the ‘) or whatever you want, just keep it simple and don’t forget it. but if you don’t stop the process once it’s started (which we don’t want to do!) you should be okay. because it does not give any progress percentage etc when I issue a Secure Erase(but does tell you if it’s started the process or not), but it does tell you when it’s done at which point it’s safe to power off the computer and your HDD (or SSD) is completely clean as no data can be recovered from it. but expect it to take quite a while as I think, off the top of my head, it’s over a hour on a 400-500GB hard drive before it completes just give you a rough idea of how long it will take. also, it might ask whether you want to do a standard secure erase or a ‘enhanced’, just stick with standard.

    in fact, after checking… I am actually loading the Parted Magic version from the year 2013 from the Ultimate Boot CD v5.3.9, which is also on that majorgeeks website.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.