Aurich Lawson
Windows 10 and 11 both include a system reset option that will revert your Windows installation to a pristine state, useful when you’re trying to fix weird behavior or get your PC ready to sell or give to someone else.
When it’s working properly, this system-reset feature offers to wipe all of your data from the disk to prevent the next owner from accessing any of your stuff. But a bug in the newest versions of Windows 11 and Windows 10 is keeping that feature from working properly for some locally stored OneDrive data, leaving it unencrypted and fully accessible even if you had been using disk encryption before the reset.
Microsoft acknowledges the issue on its page of known issues for Windows 10 and Windows 11 and provides further details on the data that’s being exposed. Specifically, if your PC runs “apps which have folders with reparse data, such as OneDrive or OneDrive for Business, files which have been downloaded or synced locally from OneDrive might not be deleted when selecting the ‘Remove everything’ option.” The files can be exposed whether you’re wiping your system yourself or an IT administrator is wiping a system remotely—that could be especially problematic for institutions attempting to wipe a lost or stolen laptop to protect the data on it.
Cloud-only OneDrive files that haven’t actually been stored on your PC’s disk won’t be exposed by this bug, and Microsoft suggests either signing out of OneDrive before resetting the PC or deleting the Windows.old folder after resetting the PC while it works on a more permanent fix. The issue was originally discovered by Rudy Ooms, who detailed his findings on his Call4Cloud blog, and if affects Windows 11 21H2, as well as Windows 10 21H2, 21H1, and 20H2.
