By Delia / Last update December 10, 2024

21H2 Reset can lead to personal data residue

Before reselling or giving away a used hard drive, cleaning up the data left behind is an important job. You don't want that important or sensitive information to fall into the hands of others. So what are some common cleanup methods? First of all, manual deletion is not a safe method. This is because when you delete a file or folder from your hard drive, it is simply marked as deleted, not completely erased. You can still retrieve it through recovery tools before the data is actually overwritten.

This is where many people think of the Reset this PC feature that comes with Windows. It offers a "Remove everything" option while resetting your computer, which is seen as a safe and convenient option. And it should be, because Reset PC takes a zero-filling approach, i.e., writing zeros to each sector to prevent deleted data from being recovered.

However, Rudy Ooms, the Microsoft MVP, recently pointed out that performing both remote and local data wipes on Windows 10 21H2 or Windows 11 21H2 can result in leaving sensitive personal user data in the Windows.old folder.

Rudy Ooms twitter

After further testing, Ooms found that the wipe and restart options seemed to work fine in Windows 10 and version 11, 21H1, but for some reason, version 21H2 introduced this strange error again.

Rudy Ooms test result

Note: Bitlocker protection will also be erased

Some users may believe that their personal data is always stored on the Bitlocker drive. But in fact, when the device is erased, Bitlocker is deleted along with it, so the Windows.old folder contains previously encrypted data that becomes unencrypted as well. Ooms also noticed that OneDrive files previously marked as "always on this device" in Windows also remain in Windows.old.

Ooms has kindly put together a PowerShell script to fix this Microsoft security bug. The script needs to be run before wiping/resetting the old device. Still, hopefully Microsoft will step up and fix this misbehavior in the coming weeks.

If you need to reset or refresh your PC in the near future, you can reboot the reset/refresh device and go into Windows to manually check and delete the Windows.old file. Be sure to double check the contents of the drive after erasing, as you may find old files not only in Windows.old, but also on other storage hardware installed in your PC/laptop.

However, it is safer to use professional tools to clear a hard drive. They usually offer some more sophisticated wiping methods to safeguard deleted data from being recovered.