Update-GSChromeOSDevice - Wipe devices User Profile Only

SCRT-HQ / PSGSuite

Powershell module for Google / G Suite API calls wrapped in handy functions. Authentication is established using a service account via P12 key to negate the consent popup and allow for greater handsoff automation capabilities

https://psgsuite.io/

Apache License 2.0

234 stars 68 forks source link

Update-GSChromeOSDevice - Wipe devices User Profile Only #363

Open t3chyphil opened 2 years ago

t3chyphil commented 2 years ago

Google has updated their admin console. Wiping a device asks the user if they'd like to wipe just the profiles from the device or factory reset.

We have a requirement to delete just the user profiles from all the devices across our estate.

Is there a flag that supports this action or does that need some integration work?

Thank you and keep up the good work! :)

FISHMANPET commented 2 years ago

Looks like this function is using the chromeosdevices.action endpoint, which doesn't include a factory reset. Triggering a factory reset or clearing user profiles would appear to use the customer.devices.chromeos.issueCommand endpoint, specifying REMOTE_POWERWASH or WIPE_USERS respectively.

Which is to say the module currently doesn't support Factory Reset, much less the newer function of wiping just user data.

I don't know enough about managing Chrome devices to say if it makes sense to add that functionality to Update-GSChromeOSDevice, or if there should be a new function created. I don't think any of the existing maintainers will be able to add that functionality, but a pull request is always welcome.

t3chyphil commented 2 years ago

Thanks for the feedback and investigative work @FISHMANPET.

I personally don't know much about the API, but you've given me a starting point. I think I'd have a crack at implementing the wiping of user profiles. Apparently, the google admin console now has the ability to remotely wipe user profiles easily by selecting all the devices and pressing the button to wipe user profiles. When the Chromebook turns on, it'll call in and that action is performed.

We had an issue with profiles getting corrupted when students went between different Chrome devices, but that seems to have settled down now. The way we fixed it at the time was to remove the profiles periodically.

Thanks for your help,

Foggy2 commented 2 years ago

I thought that I would have a quick look at this one. I don't seem to be able to find the method in the .net API documentation.

Am I missing something or is the customer.devices.chromeos.issueCommand method missing in the .Net Directory SDK?

Foggy2 commented 2 years ago

Think I had an older version previously. Correct docs are here

This looks fairly straight forward and in my ability level. I also have a large ChromeOS deployment that I can test with. I'll try and put something together when I can find some time next.

t3chyphil commented 2 years ago

@Foggy2, Thanks for looking into this, much appreciated. I haven't had time with work to look into this yet. Fingers crossed! I'd be interested to see the code that could potentially make this work. Still learning myself! :)

Foggy2 commented 2 years ago

Hi @t3chyphil. I unexpectedly ended up having some time yesterday to look at this. If you look at the above linked Pull Request #372 you will find the code that makes this work for me.