Beware: Windows 11 data wipe can leave personal info on disk [updated]
Windows' Reset feature leaves data behind, says researcher
UPDATE: Microsoft has fixed this problem in Windows 10 and Windows 11 with the March 2022 Patch Tuesday round of software updates, released March 8.
One of my favorite things about Windows 11 is how easy it is to reset a PC back to factory default settings. I have to do this all the time for work, and I love that I can just hit the Start button, type "reset" and quickly hop into the "Reset this PC" section of the Windows Recovery settings. A few clicks later, and Windows is wiping the drive and reinstalling itself from scratch.
However, it appears that resetting your Windows PC in this way often leaves behind traces of personal data in an easily accessible "Windows.old" folder, even though Windows claims it will remove all your personal files during the process. That's a significant problem, especially if you plan to sell an old PC and assume that resetting it back to factory defaults eliminates all trace of your personal information.
This news comes to us courtesy of IT professional and Microsoft MVP (Most Valuable Professional) Rudy Ooms, who tested different permutations of the Windows 11 and Windows 10 data wiping tool.
Ooms found that in most cases Windows fails to remove everything, and instead preserves at least some user data in a Windows.old folder it creates on your hard drive. Microsoft's OneDrive is a big culprit here, as based on testing it appears that if you ever sign into OneDrive on your Windows PC and allow it to save files on your hard drive, some trace of those files will be left behind even after Windows wipes the PC.
- Get protected with a Windows VPN
Ooms conducted his testing by repeatedly performing different permutations of data wipes on Windows PCs running in virtual machines, both locally and remotely via Microsoft's Intune remote device management toolset. He also got some help from fellow devs, and documented the results of all this testing and investigation in a multi-part series on his personal blog.
It's an interesting read, and here's the big takeaway: most of the time, Windows doesn't actually eliminate all your personal data, even though it says it will. Worse, if you have files encrypted with Bitlocker, it's possible to wipe the PC and have the Bitlocker encryption removed, yet have the files still hanging around un-encrypted on the hard drive.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
It's not just Windows 11, either; up-to-date versions of Windows 10 also appear to have the same issue. After testing many permutations of Windows' data-wiping tool in action (both remotely and on local PCs), Ooms created the following chart to show which Windows data wipe methods still leave data behind in the Windows.old folder.
Windows data wipe action | Results |
Remote Wipe 21H2 | User Data NOT removed from Windows.old |
Remote Protected Wipe 21H2 | User Data NOT removed from Windows.old |
Local Wipe 21H2 | User Data NOT removed from Windows.old |
Local Wipe Cloud Download 21H2 | User Data NOT removed from Windows.old |
Local Protected Wipe 21H2 | User Data NOT removed from Windows.old |
Remote Fresh Start 21H2 | User Data NOT removed from Windows.old |
All Wipe /Fresh Start actions with 21H1 | User data REMOVED from Windows.old |
As you can see, most methods of wiping a Windows 11 PC will leave some easily-accessible user data behind. The only way he reliably wiped a Windows PC was if it was running the older 21H1 version of Windows 10. Ooms believes this is due to a relatively recent change to Windows' data wiping toolset that rolled out alongside the 21H2 update in November 2021.
Ooms made the problem known to Microsoft and the world at large, so there's good reason to hope a meaningful fix will be rolled out to Windows PCs in the near future. As it stands, Ooms was told my a Microsoft Intune rep that Windows does automatically delete the Windows.old folder 10 days after it gets created...which is nice if you realize you need a file you accidentally deleted, but less nice if a stranger can access the files you thought you deleted.
So if you hate the idea of old data sitting around on your freshly-wiped Windows PC for up to 10 days, what can you do?
If you're comfortable using Microsoft PowerShell, Ooms has released a PowerShell script you can run before resetting your Windows PC that should ensure it leaves no easily-accessible personal data behind. You can download the script from his blog, or directly via this link,
If you're not ready to start messing around with PowerShell, hang tight: Microsoft is likely to address this issue in a future patch, as it seems like a significant oversight that could lead to big problems for Windows users who pass along their PCs.
Alex Wawro is a lifelong tech and games enthusiast with more than a decade of experience covering both for outlets like Game Developer, Black Hat, and PC World magazine. A lifelong PC builder, he currently serves as a senior editor at Tom's Guide covering all things computing, from laptops and desktops to keyboards and mice.