Retire or wipe mobile devices via PowerShell

This blog post will be about a new tool, written in PowerShell, to retire and/ or wipe a mobile device. Let’s start with the fact that I know that it’s possible to retire and/ or wipe a mobile device through the ConfigMgr console, but that didn’t stop me from creating this tool. The reason for that is related to how mobile devices are managed and who is usually responsible.

In most cases the service desk is responsible for helping end-users with their mobile devices. Now what if a company rather not provides the ConfigMgr console to the service desk, or a company wants to prevent the service desk from wiping a mobile device? That’s were this tool comes in place.

>> Available via download here on the TechNet Galleries! <<

Overview

RW_Overview

Now lets start with a quick overview of this tool. The interface is pretty straight forward. It provides a textbox to provide a username. This textbox has a tooltip to provide information about the required information. After providing a username the Get button can be used to get the registered mobile devices of the specified user. The mobile devices, of the specified user, will be shown in the datagridview. After selecting a mobile device, in the datagridview, the Retire and/or Wipe buttons will enable, if applicable. Wiping a mobile device is not applicable for Windows (RT) devices.

Messages

This tool provides a few messages based on the actions performed by the administrative user. The following message can show, based on the provided input.

RW_ValidUsernameThe message Please provide a valid username will show when the textbox was left empty and the Get button was used already.

Together with this message, also the error message Please verify the username will show next to the textbox.

RW_ExistingUsernameThe message Please provide an existing username will show when a wrong username was specified.

Together with this error message, also the error message Please verify the username will show next to the textbox.

RW_DeviceUsernameThe message Please provide an user with a primary mobile device will show when an username was specified that doesn’t have a (primary) mobile device configured.

Together with this message, also the error message Please verify the username will show next to the textbox.

RW_GenericIssueThe message Please verify the connection with the specified site server will show when anything else will go wrong. In most cases that will be an issue with the provided information for starting the tool.
RW_VerificationRetireThe message Are you sure that you want to retire the mobile device with the ResourceId <ResourceId> will show when a mobile device was selected and the Retire button was used.
RW_InitiatedRetireThe message The action to retire the mobile device is successful initiated will show when the action to retire the mobile device was successfully initiated.
RW_VerificationWipeThe message Are you sure that you want to wipe the mobile device with the ResourceId <ResourceId> will show when a mobile device was selected and the Wipe button was used.
RW_InitiatedWipeThe message The action to wipe the mobile device is successful initiated will show when the action to wipe the mobile device was successfully initiated.

Usage

Before this tool can be used, the user, or service account, used to start this tool, requires at least the permissions as described in this post. Besides those permissions, there are no special requirements for using this tool. I also didn’t use the ConfigMgr cmdlets, which completely removes the dependency to install the ConfigMgr console (or do something creative with the cmdlets).

To start this tool the following parameters are available.

  • SiteServer: This parameter is mandatory and should point to a server containing the SMS provider;
  • SiteCode: This parameter is mandatory and should be the (primary) site code of the mobile devices;
  • AllowWipe: This switch is optional and enables an additional button to wipe a mobile device.

All these parameters together will make a complete example look like this.

.\Retire-MobileDevice.ps1 -SiteServer CLDSRV02 -SiteCode PCP -AllowWipe

12 thoughts on “Retire or wipe mobile devices via PowerShell”

  1. Hello,

    This is a great tool for our servicedesk!
    Is it possible to also search by device-name?

    We have many non-personal ipads in the schools that are device-orientated and shared between the students.
    This means that we create 1:1 service-users for these ipads to join them to intune and we tag the devices with a device-name. The servicedesk ask the user for this name, and it would be perfect to have the ability to also search for the name of the device in this tool.

    Regards
    Stig

    Reply
  2. When I review the primary devices via CM, I see a mobile device for the user.
    When I run the PS1 tool, I receive “Please provide an user with a primary mobile device”
    The account for which I am running the tool has appropriate permissions in CM.
    CM is 2012 R2 CU3
    Any thoughts?

    Thank you,
    Jeff

    Reply
  3. The reason why Jeff is having this issues is because of this:

    WHERE m.UniqueUserName=’PTCLOUD\\$UserName’

    PTCLOUD needs to be changed to his domain 🙂

    Thanks for the tool Peter, was looking for something like this.

    Reply
  4. Hi.
    Jeffs problem is probably due to the domain being wrong in the tool.
    You could replace PTCLOUD with $env:USERDOMAIN in the code to make it work automatically.
    This will be true as long as he runs the tool with a user in the same domain.

    Reply
  5. Hi Peter,

    Does this work with Intune mobile devices? Our mobile devices are not managed by SCCM, only Intune. Would be cool to retire them via this script/interface.

    Kind regards,

    Nas

    Reply

Leave a Reply to Nas Samad Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.