Securing user data when reinstalling or replacing PCs

Question

Securing user data when reinstalling or replacing PCs

Sune Jensen 20

I'm primary responsible in my new job for Setting up PCs for our users, it be reinstalls or replacements.

In that process I spend a lot of time

#1 securing that there no stray documents and user data on the local drive,

#2 noting what extra software is installed

#3 and noting what printers are used.

I'm wondering if there is some scripts or tools capable of helping with this and perhaps also collecting other user settings?

Answer accepted by question author

1 additional answer

Your answer

Answer 1

I'd definitely use USMT - User State Migration Tool - from Microsoft's ADK - MS Automated Deployment tool Kit.

USMT can scan through and collect all docs from the local drives.

Getting USMT

In stead of digging USMT out of the ADK installation from MS, I however recommend you go to Ehlertech and get their free USMT reference package at https://ehlertech.com/customxmls/

The USMT version from Ehlertech is updated for Windows 11 and with a bunch of application settings, It also migrates user settings and favorites from browsers like FF, Chrome and Edge etc.

You can add file types, by extension, for USMT to scan local drives for, in the MigUser.xml file

It will probably take you a bit of time to get USMT up and running but its well worth it!
See more on USMT at Microsoft Learn

"The full Monty"

You can save a lot of time, and get all of your requests above fulfilled, by simply using Ehlertech's USMTGUI.

Note that USMTGUI is not free

The GUI sets up the USMT command for you, run USMT and monitor the logs to notify you on errors.

It ALSO builds an inventory of what programmes are installed, and what printers are mapped.

USMT ALWAYS finds stuff we otherwise would have missed. Even to this day with OneDrive and what not, I'd hate to not have the security it brings.

We've used USMT for ~20 years and USMTGUI for well over a decade.

We also use USMTGUI to move user profiles over to out Azure-only accounts. Something USMT cannot.

Answer 2

There are some ways to automate the collection of user data, installed software, printers, and even settings before a rebuild or replacement. You can approach this in two levels:

Task	What to Collect	Possible Automation Approach
#1 Stray documents / user data	Files on Desktop, Documents, Downloads, etc.	PowerShell scripts or USMT scanstate
#2 Installed software	Installed programs and version numbers	PowerShell (`Get-ItemProperty`, WMI, or Win32_Product)
#3 Printers	Installed printers + drivers + default printer	PowerShell (`Get-Printer`, `Get-PrintConfiguration`)
Extra	Browser favorites, Outlook signatures, network shares, etc.	User State Migration Tool (USMT) or custom scripts

Option 1 — Quick PowerShell-based Inventory (Fast to Deploy)

You can run this manually or remotely (e.g. via PSRemoting):

# Collect user data info, installed software, and printers
$UserProfile = [Environment]::GetFolderPath('UserProfile')
$OutputPath = "C:\Temp\UserInventory_$(hostname).txt"

# 1. Check for stray documents
"=== User Files Summary ===" | Out-File $OutputPath
Get-ChildItem -Path "$UserProfile\Desktop","$UserProfile\Documents","$UserProfile\Downloads" -Recurse -ErrorAction SilentlyContinue |
    Where-Object { -not $_.PSIsContainer } |
    Select-Object FullName, Length, LastWriteTime |
    Out-File -Append $OutputPath

# 2. List installed software
"`n=== Installed Software ===" | Out-File -Append $OutputPath
Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*, 
                 HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* |
    Where-Object { $_.DisplayName } |
    Select-Object DisplayName, DisplayVersion, Publisher |
    Sort-Object DisplayName |
    Out-File -Append $OutputPath

# 3. List printers
"`n=== Installed Printers ===" | Out-File -Append $OutputPath
Get-Printer | Select-Object Name, DriverName, PortName, Shared | Out-File -Append $OutputPath

# 4. Optional: capture some user settings
"`n=== User Settings (Registry) ===" | Out-File -Append $OutputPath
Get-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
    Out-File -Append $OutputPath

Write-Host "Inventory written to $OutputPath"

This gives you a one-file report per computer that summarizes local files, software, and printers.

Option 2 — Use Microsoft's User State Migration Tool (USMT)

USMT is part of the Windows ADK, designed specifically for migrations like yours. It can:

Collect user data (Desktop, Documents, AppData)
Capture many app & system settings (Outlook profiles, IE favorites, etc.)
Restore to a new machine

Example flow:

scanstate \\server\backup\$env:COMPUTERNAME /i:miguser.xml /i:migapp.xml /o /v:13 /c /l:scan.log

Then on the new machine:

loadstate \\server\backup\$env:COMPUTERNAME /i:miguser.xml /i:migapp.xml /v:13 /c /l:load.log

You can customize what gets included/excluded (printers, network drives, PST files, etc.) in the XML config.

Option 3 — Combine with inventory tools

If you're managing more machines at scale by using Intune or Endpoint Manager, these collect installed apps, hardware info, and can deploy scripts remotely.

Option 4 — Hybrid approach

Run the PowerShell script above to capture a quick inventory.
Run USMT (or a smaller robocopy-based script) to collect user data to a network share.
After reinstall/replacement, restore the user profile and settings.

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Sune Jensen 20 Reputation points

2025-10-09T16:18:00.51+00:00

Thanks a lot!
The # 1. Check for stray documents, does it explicitly check outside the users c:\users%user% folders or inside or both? What document types will it find? Can that be configured?
Marcin Policht 63,730 Reputation points MVP Volunteer Moderator

2025-10-09T16:42:25.8466667+00:00

The following code

Get-ChildItem -Path "$UserProfile\Desktop","$UserProfile\Documents","$UserProfile\Downloads" -Recurse

only searches within the user's profile folder (C:\Users\<username>\) the Desktop, Documents, and Downloads subfolders. It does not search anywhere else on the system (like C:\, D:\, ProgramData, etc.). It's intentionally scoped to where most users store personal files. As written, it finds all files — it does not filter by file type. If you want to limit it to only certain types of documents (e.g., Office and PDFs), you can filter like this:

$Extensions = @('*.docx','*.xlsx','*.pptx','*.pdf','*.txt','*.csv','*.jpg','*.png') Get-ChildItem -Path "$UserProfile\Desktop","$UserProfile\Documents","$UserProfile\Downloads" -Recurse -Include $Extensions -ErrorAction SilentlyContinue

If you want to widen the search to detect stray files anywhere on the disk, you can add more paths.

Example:

$PathsToScan = @( "$UserProfile\Desktop", "$UserProfile\Documents", "$UserProfile\Downloads", "C:\", "D:\Data" )

But you'd most likely want to exclude system and program folders so the script doesn't crawl gigabytes of OS data.

You can exclude paths like this:

Get-ChildItem -Path $PathsToScan -Recurse -ErrorAction SilentlyContinue | Where-Object { -not ($_.FullName -match '\\Windows\\' -or $_.FullName -match '\\Program Files' -or $_.FullName -match '\\ProgramData\\') }

That way you'll catch “stray” user files such as:

C:\Temp\report.xlsx

C:\Work\quotes.pdf

D:\Personal\photos\… but skip system folders.

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Share via

Securing user data when reinstalling or replacing PCs

1 additional answer

Your answer