Beware: Windows 11 data wipe can leave personal info on disk

One of my favorite things about Windows 11 is how easy it is to reset a PC back to factory default settings. I have to do this all the time for work, and I love that I can just hit the Start button, type “reset” and quickly hop into the “Reset this PC” section of the Windows Recovery settings. A few clicks later, and Windows is wiping the drive and reinstalling itself from scratch.

However, it appears that resetting your Windows PC in this way often leaves behind traces of personal data in an easily accessible “Windows.old” folder, even though Windows claims it will remove all your personal files during the process. That’s a significant problem, especially if you plan to sell an old PC and assume that resetting it back to factory defaults eliminates all trace of your personal information.

This news comes to us courtesy of IT professional and Microsoft MVP (Most Valuable Professional) Rudy Ooms, who tested different permutations of the Windows 11 and Windows 10 21H1 (the Windows 10 update released in May 2021) data wiping tool. 

Ooms found that in most cases Windows fails to remove everything, and instead preserves at least some user data in a Windows.old folder it creates on your hard drive. Microsoft’s OneDrive is a big culprit here, as based on testing it appears that if you ever sign into OneDrive on your Windows PC and allow it to save files on your hard drive, some trace of those files will be left behind even after Windows wipes the PC.

Ooms conducted his testing by repeatedly performing different permutations of data wipes on Windows PCs running in virtual machines, both locally and remotely via Microsoft’s Intune remote device management toolset. He also got some help from fellow devs, and documented the results of all this testing and investigation in a multi-part series on his personal blog.

It’s an interesting read, and here’s the big takeaway: most of the time, Windows doesn’t actually eliminate all your personal data, even though it says it will. Worse, if you have files encrypted with Bitlocker, it’s possible to wipe the PC and have the Bitlocker encryption removed, yet have the files still hanging around un-encrypted on the hard drive.

It’s not just Windows 11, either; up-to-date versions of Windows 10 also appear to have the same issue. After testing many permutations of Windows’ data-wiping tool in action, Ooms created the following chart to show which Windows data wipe methods still leave data behind in the Windows.old folder.  

As you can see, most methods of wiping a Windows 11 PC will leave some easily-accessible user data behind. The only way he reliably wiped a Windows PC was if it was running the older 21H1 version of Windows 10. Ooms believes this is due to a relatively recent change to Windows’ data wiping toolset that rolled out alongside the 21H2 update in November 2021. 

Ooms made the problem known to Microsoft and the world at large, so there’s good reason to hope a meaningful fix will be rolled out to Windows PCs in the near future. As it stands, Ooms was told my a Microsoft Intune rep that Windows does automatically delete the Windows.old folder 10 days after it gets created…which is nice if you realize you need a file you accidentally deleted, but less nice if a stranger can access the files you thought you deleted.

So if you hate the idea of old data sitting around on your freshly-wiped Windows PC for up to 10 days, what can you do? 

If you’re comfortable using Microsoft PowerShell, Ooms has released a PowerShell script you can run before resetting your Windows PC that should ensure it leaves no easily-accessible personal data behind. You can download the script from his blog, or directly via this link, 

If you’re not ready to start messing around with PowerShell, hang tight: Microsoft is likely to address this issue in a future patch, as it seems like a significant oversight that could lead to big problems for Windows users who pass along their PCs.