I created this—to work with a custom boot.wim—to automatically boot to WinPE and run a set of commands. Those commands were to erase the contents of the hard drive; to be used to remotely wipe machines.
You will need to modify a boot.wim and add any code for formatting in the startnet.cmd. The boot.wim will be delivered as part of your package, or already exist on a hidden drive partition (best option for speed). Basically, you’re telling the computer to change the boot menu and point to your modified boot.wim, force a reboot, boot to WinPE, and then execute the list of commands in the startnet.cmd.
Deployed using desktop management software (tested in LANDesk and SCCM)
deploy.cmd
@echo off color 0a title Administrative Boot Loader setlocal :: USE THE FOLLOWING SET OF COMMANDS TO CREATE A RAMDISKOPTIONS :: OBJECT IN THE BCD STORE. THE STRING "{RAMDISKOPTIONS}" IS THE :: WELL-KNOWN NAME FOR THE OBJECT'S GUID. :: SET LOCAL STORE set bcdstore=C:\boot\bcd :: RAMDISK OPTION \\%computername%\c$\windows\system32\bcdedit.exe /create {ramdiskoptions} /d "Retire Utility" \\%computername%\c$\windows\system32\bcdedit.exe /set {ramdiskoptions} ramdisksdidevice partition=c: \\%computername%\c$\windows\system32\bcdedit.exe /set {ramdiskoptions} ramdisksdipath \boot\boot.sdi :: CREATE A NEW BOOT ENTRY FOR RETIRE UTILITY bcdedit.exe -create /d "Retire Utility" /application OSLOADER for /f "tokens=3" %%A in ('\\%computername%\c$\windows\system32\bcdedit.exe -create /d "Retire Utility" /application OSLOADER') do set guid1=%%A echo The GUID is %guid1% :: SET WHERE THE LOCAL RETIRE BOOT.WIM IS LOCATED \\%computername%\c$\windows\system32\bcdedit.exe /set %guid1% device ramdisk=[C:]\boot\retire\boot.wim,{ramdiskoptions} \\%computername%\c$\windows\system32\bcdedit.exe /set %guid1% path \windows\system32\boot\winload.exe \\%computername%\c$\windows\system32\bcdedit.exe /set %guid1% osdevice ramdisk=[C:]\boot\retire\boot.wim,{ramdiskoptions} :: CREATE A BOOT ENTRY FOR WINDOWS \\%computername%\c$\windows\system32\bcdedit.exe /set %guid1% systemroot \Windows \\%computername%\c$\windows\system32\bcdedit.exe /set %guid1% winpe yes \\%computername%\c$\windows\system32\bcdedit.exe /set %guid1% detecthal yes \\%computername%\c$\windows\system32\bcdedit.exe /displayorder %guid1% /addlast :: THIS SETS BOOT TO BE DEFAULT \\%computername%\c$\windows\system32\bcdedit.exe /default %guid1% :: SETS TIME TO 1 SECOND \\%computername%\c$\windows\system32\bcdedit.exe /timeout 1 endlocal :: EXIT WITH SUCCESS shutdown /r /f /t 0 exit /b 0
Next
Once WinPE loads, startnet.cmd launches. In that file, I diskpart the machine with government standard formatting.
Notes
If this is a BitLocked drive, you could blow away the TPM BIOS settings. Erase those settings using the deploy.cmd script. I would add that portion to the beginning of the script. So the very first thing that happens—before the reboot—is the data on the drive becomes permanently inaccessible, online or offline.