Ask Slashdot: Networked Back-Up/Wipe Process?

An anonymous reader writes "I am required to back up and wipe several hundred computers. Currently, this involves booting up each machine, running a backup script, turning the machine off, booting off a pendrive, and running some software that writes 0s to the drive several times. I was wondering if there was a faster solution. Like a server on an isolated network with a switch where I could just connect the computers up, turn them on and get the server to back up the data and wipe the drives." How would you go about automating this process?

Are you an hourly employee?

Then don't automate it.

Assuming it is windows

[BagOBones]

Microsoft User State Migration Tool + Microsoft Deployment ToolKit + Sdelete http://technet.microsoft.com/en-us/sysinternals/bb897443

You should be able to backup the profile, load the OS and run a zeroing delete on all "empty space" on the drive.

Use a screwdriver.

[Scioccoballante]

Take the hard drives out of them, label them, and stick them in a closet.

Acronis or Ghost Enterprise

[charnov]

Acronis or Ghost Enterprise can do this with every PC on a single network segment.

Do the wipe first

[md65536]

That will make the backup a lot easier.

Re:DBAN?

[EdZ]

Just writing 0 to the drive repeatedly will not ensure all the possibly sensitive data is non-recoverable, you really need to write random 1's and 0's at least 3 times to each bit of the drive.

This has not been true for a LONG time. Ever since the GMR head became widespread (first introduced in 1997), platter field densities became too high, and field strengths became to low, to be able to feasibly read any sort of residual field after a single pass. Never mind that even if you could read the residual domain, poring over a single 1tb drive with a MFM would take literally billions of man-hours (8796093022208 bits * 1 bit every 10 seconds = 24433591728 hours, or 2.789 million years) to recreate a even rough guess of the bit layout, and that you would then need to align the all guessed layouts for each platter perfectly (think a few million possible combinations at least) before you could even start trying to pull data from the drive.

Send the ATA SECURE ERASE command to the drive, then move on while the drive controller does it's thing. It'll even erase sectors in the G-list, which DBAN will not.

FOG (PXE backup/clone) + DBAN

[Kamiza+Ikioi]

FOG is a PXE cloning solution. http://www.fogproject.org/ Install FOG and storage where you want backups, setup PXE IP on network, and input all MAC addresses you want backed up. Through web interface to clone all. When done backing everything up, put a .img file of DBAN on the FOG server. http://www.dban.org/ Configure it in the FOG PXE boot menu, and make it an option but NOT default. Add appropriate start up flags for the level of wiping you want. Restart all computers you want to wipe, and select wipe option after PXE boot menu comes up.

I suggest you set that option with a password, since it will be available on all computers, not just the one's with the MAC address since only the FOG boot authenticates to MAC, not DBAN.

Re:Homebrew

[hairyfeet]

Hell here's a better idea nobody has thought of...hire a college kid, throw him a few bucks and have him help you. lets a kid earn a little extra Xmas money, certainly quicker than having to write a bunch of scripts, and its a nice thing to do for Xmas.