Secure Erase

vPro > vPro Actions > Secure Erase

The Secure Erase page completely erases the drives on a remote target vPro machine. Used primarily for recycling and repurposing vPro machines.

Warning: All data on the machine will be erased in a secure manner, and cannot be recovered. Any data not backed up will be lost forever, and the agent will cease communicating with the KServer.

• Requires AMT 11.0 on the vPro machine.
• Firmware on the vPro machine may need to be updated to support remote secure erase.
• Requires manual configuration of the Hard Drive password in the BIOS of each machine.
• The computer must be directly accessible via the vPro Proxy or VSA in order to run Secure Erase. If the machine is no longer accessible (such as if the machine has been stolen), then Secure Erase will not be successful.
• Creating a backup prior to the erase is strongly recommended.

Procedure

1. Re-run detection to determine if a vPro machine supports remote secure erase on AMT 11.0 and later version machines.
2. Enable the User and Master Hard Drive Passwords in the machine’s BIOS. You may also have to reset the Admin BIOS password. Here is an example of how to navigate a particular BIOS to set these passwords:
   • Boot Maintenance Manager Menu > Security Menu > Admin Password
   • Boot Maintenance Manager Menu > HDD Security Configuration Menu > HDD 0:INTEL SSDSC -> Set User Password
   • Boot Maintenance Manager Menu > HDD Security Configuration Menu > HDD 0:INTEL SSDSC -> Set Master Password
3. Select a a machine on the Secure Erase page.
4. Click Enable Secure Erase. Select one of the following options.:
   • I have configured the Hard Drive password in the BIOS, and would like to store the password in Kaseya Password - Enter the BIOS User Hard Drive password. It will be use to authorize the erasing of the hard drive. Click OK.
   • I have configured the Hard Drive password in the BIOS, and will manage the password myself. - Clicking OK prompts you to enter the User Hard Drive password when you start an erase operation.
5. Each configured vPro machine on the page displays its own Secure Erase button. The following conditional steps may apply.
   • If a hard drive user password was not entered - After clicking the Secure Erase button, the Enabled Secure Erase dialog opens. Enter the machine's user hard disk password to continue.
   • If a machine is configured to use admin control mode - After clicking the Secure Erase button, you are prompted to confirm the erase. Erase execution begins.
   • If a machine is configured to use client control mode
     • The following message displays just below the machine: This machine uses Client Control Mode. Intel requires User Consent before completing a Secure Erase. Connect via Remote Control before attempting Secure Erase.
     • Select the vPro > vPro Actions > Remote Control page. Start a KVM session. You will need a local user to read the consent code to you. Enter the consent code provided by the local user.
     • With the KVM session still running, return to the Secure Erase page.
     • After clicking the Secure Erase button, you are prompted to confirm the erase. Erase execution begins.