Not necessarily straightforward, but easy enough.
It’s a common problem: you’re giving away a machine but you don’t want to give away everything you’ve stored on it. The “right” solution is to wipe the drive, but that’s difficult when it’s the system drive, which is always in use.
I’ve got three approaches for you — no additional software required.
Become a Patron of Ask Leo! and go ad-free!
Wipe the Windows system drive
Three approaches:
- Full-format the drive elsewhere.
- Encrypt the drive and discard the encryption key.
- Reset this PC using the “Clean data?” option.
Format the drive
Conventional wisdom is that formatting the drive (a “full” format, not a “quick” one) will render your data inaccessible. That’s all you need for secondary and external drives, but isn’t possible for the system drive. You can’t format the system drive — typically C: — because it’s the drive from which Windows is running, and thus it’s always in use. It requires a little shuffling around to make it possible.
So, one approach is to take the system drive out of the machine, attach it to a different machine, and format it there. You can install the drive as a second drive on that machine, place it in an external USB enclosure, or use a USB-to-SATA external cable. You can then format the drive and return it to the original machine.
There are other options.
Encrypt and discard the key
Whole-disk encryption is intended to make the contents of the disk unreadable to anyone without the decryption key.
Great. Sounds like exactly what we need. Turn on BitLocker.
You’ll be required to save the recovery key somewhere, but you can discard it immediately.
Make sure that when you enable BitLocker on the drive, you select the option to “Encrypt entire drive”. This will encrypt even the currently unused space, making deleted file recovery impossible.
That’s it. You’re done. The drive is effectively wiped as long as no one can sign in to the machine as you. No one else will be able to read its contents. They’ll have to reformat the drive to use it for anything.
If BitLocker’s not your thing, whole-drive encryption using tools like VeraCrypt will work as well. Once again, encrypt the drive and throw away the key (i.e., forget the passphrase).
Reset this PC
The built-in “Reset this PC” function can also do what we need while leaving a fresh Windows installation behind.
You’ll find the instructions in my Reset This PC article. A couple of choices along the way are important.
- When asked whether to “Keep my files” or “Remove everything”, choose “Remove everything.”
- If you are asked to choose between a cloud download or a local reinstall, there’s little point in choosing the download. A local reinstall is enough.
- On the Additional Settings page, click the Change settings link. This will open the “Choose settings” dialog with a couple of additional choices normally not needed.
- Make sure that “Clean data?” is set to Yes. This is the magic step that wipes the drive before Windows is reinstalled. You can see the warning that this “may take hours”, since it’s wiping the entire drive, but that’s exactly what we want.
The result will be a wiped system drive with a fresh, clean installation of Windows.
Do this
Whatever you do, wipe hard drives one way or another before giving away your machine. The system/C: drive can be a little more complex to format, but now you have three approaches that should do the job.
After that lengthy wipe is done, subscribe to Confident Computing, my weekly newsletter. Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
If you’re giving the computer away, resetting the PC is easiest, in most cases, as the computer will be useable immediately by the new user. It’s essentially the same as wiping the drive and reinstalling Windows.
I’ve been encrypting old drives with Bitlocker before dropping them off at a local computer shop for recycling. I also reinstall/reset Windows when taking a computer to the same shop for repairs and restore the system from a backup when I get it back. This validates what I thought was the correct way to do it. (Not that I don’t trust the techs in the computer shop, but it protects both them and me from having issues.)
Thanks, Leo.
what about a DBAN wipe? that is supposed to clean out everything.
That would work but the article states:
“I’ve got three approaches for you — no additional software required
.
DBan has gotten more complicated to get and run in recent years, in my experience. There’s no need for a third party tool, anyway. The approaches above can have the same result. The format option in reset will even let you write multiple times, similar to DBan.
As I stated in my above question; I have an external drive from my old computer containing Win 10. The drive is used for storage of movies, and it is 2T in size and contains hundreds of movies. It also still has remnants of Win 10 on it. However, I have deleted all the Win files it will let me, but some simply will not delete. I should have formatted the drive to begin with. Is there any way I can now delete those remnant files? Moving all the movies off is not an option as I have no other storage space available. Since I believe there is no other way to do this but format everything, would it be feasible to put the Win OS back on the hard drive and then use the Reset This PC and clean but keep personnel files? Is that possible. I have a Win.old file as well on the HD.
Wow. This sounds like quite the complication. Do I understand that this disk has the only copies of these files? If so your first step should be to BACK UP. Get another disk if you have to make room, but you risk losing everything as things stand now.
This article has some steps that may grant you permission to access those files: https://askleo.com/permission-to-access-this-folder/
I have saved my old hard drives so I could check for information I may have not saved. I’m done having them lay around and don’t need them. Is there a way to wipe them clean for possible future storage space use or should I just physically destroy them and buy external hard drives for storage?
Get yourself an external drive enclosure (I found one that can be used both for 3.5″ and 2.5″ drives). Once connected to your computer, you will be able to reformat them for future use or, after reformatting, encrypted and taken to a place that can recycle them.
I also use an external drive enclosure to clone hard drives when replacing a hard drive on my computers with one having a larger capacity.
External hard drive enclosures vary in quality. Some are made specifically to be used on a daily basis, some just for temporary use.
Mark H’s solution is the way I’d go with one additional step. I’d get a large external drive and copy everything from the old drives as an archive. Since they are old drives, I’d gu ess that all the data from those drives would barely make a dent in the capacity of newer drives. You can go through the files on the drive later an delete anything you really don’t need such as OS files and program files. I’d back up that drive as everything should have at least two copies.
A full format (not quick) of each should be sufficient.
I like Leo’s solution to use the Reset this PC solution from this item, but wonder if it’s possible to encrypt the drive with BitLocker first, then use Reset This PC to wipe the drive and reinstall a fresh copy of Windows. If so, that may be the best solution when you want to get the computer set up for reuse (either by a friend/family member), or for resale/donation. Does anyone know if the above-mentioned combination would work as I hope?
Ernie (Oldster)
Using Bitlocker or other whole disk encryptionshould work, but is’s a belt and suspenders approach. The only advantage I see is more peace of mind. Nor significant security advantage.
Leo didn’t mention that if you wipe the drive & re-install Windows, then give that PC away (donate, friend, family, etc.), you are giving away the Windows license for that PC. So technically you would need to buy another copy of Windows unless you already have a replacement PC with Windows installed (a different license than the one given away). We all know MS is very persnickety about their licenses. (-:
Clarification on the licensing issue: The vast majority of computers were purchased from OEM vendors (Dell, Lenovo, HP, etc.) with windows pre-installed. In this case, the Windows license is only valid on the hardware that was originally purchased. You cannot re-use that license on a different computer. The exception to this is if you built your own computer and specifically purchased a Retail license of Windows. In this case, that license IS movable to a new computer. Since most computer parts retailers offer both OEM Windows and Retail Windows, you have to be sure to purchase the Retail license (which is unsurprisingly more expensive) if you want to maintain the ability to move that license to a new computer somewhere along the way.
What about if the computer is “dead” such as it will not power up or the drive will not spin, etc. Any ideas other than pulling the drive out or driving a nail into the drive?
Pull the drive out and see if you can connect it to a different machine to reformat it.
If the drive itself just doesn’t work at all, then physical destruction is the only real solution.
For the truly paranoid or privacy addict a guaranteed, and virtually no cost way to wipe the hard drive is with a hacksaw. Proceed as follows: 1) place the drive in a large machinist vise; 2) crank down the vise with as much force as you can muster (ok to use a cheater pipe); 3) put the hacksaw back up on your pegboard, you won’t need it.
Oh, you want to put a hard drive back in the computer? HDDs are inexpensive. Buy a new one. If it’s the original computer with the original Microsoft license, you can probably reinstall Windows with the original license (this won’t work if you replaced or modified the motherboard). I’m not an expert on Microsoft licensing, so unless you are able to shell out the scratch for a retail copy of Windows, I would advise a bit of research on the license issue before physically destroying the drive.
From what I understand from my digital forensic certification, a good expert can still discover most data. Formatting a drive does not remove everything. I use a device that returns a drive to “military status” or new. This way you take an image of your drive or save all the information you want to keep on an external drive. Clean it clean your drive and either sell it or give the machine away or sell. This way you do not need to render the drive useless.
Can you correct me if I am wrong about this?
Military status usually means rewriting it multiple times (I believe the DoD has a specific number of times in mind). The “Reset this PC” path has that as an option.
Does rewriting multiple times make any sense on SSD’s? As far as I know there is no residual magnetism there, and any residual charge in the memory cells after writing all 0’s could be prevented by writing random data instead of 0’s.
It not only does nothing useful, but it makes the SSD wear out more
quickly.
I’ve read that SSD’s have storage blocks in reserve, which may contain data that isn’t touched by formatting, encrypting, or wiping with DBAN. Also, that there’s a tool in BIOS (a tool I’ve yet to be able to find) that will very quickly destroy all data on an SSD or HDD. Have I been lead astray? Can you give any guidance on this? Thank you.
I’ve never heard of a tool in the BIOS, but there are tools from the individual SSD manufacturers that perform a complete wipe for their SSD drives.