Navigation section

How to scrub or clean out company data before selling server

R

RickNCN

New Member
Joined
Jul 30, 2019
Messages
2
I'm looking to sell a used Dell Poweredge T310 server with Server 2008 Standard SP2 and MS SQL Server 2008 R2 on it. I'd like to sell the server as-is, with the OS and installed programs. I've scrubbed many Windows XP through 10 PCs for sale but never a server.

-The merits of selling this server used in the first place could be discussed
-The merits of selling it with the OS and SQL instead of wiping the disks clean with a utility could be discussed.

Assuming I sell it as-is, once the data is deleted, I will use a program to overwrite the free space to make reasonable certain no data recovery can take place.

-What data and configurations should I remove in order to scrub off any data or reference to the previous owner?

I already deleted all unneeded:
-Users
-User Folders
-Company Shared Folders

backed up, then deleted all
- SQL databases

The server name has a reference to the company name so I think I'd like to change that.

What else is there?

Thanks!
 


Solution
R
I was planning on doing more than deleting, as I mentioned. There are utilities for doing secure wiping of free space on disks, including "Eraser" (Download – Eraser ) which I use a lot on non server PCs. It does for Windows and free disk space what DBAN does for raw drives.

Registry - yeah - that's what I was thinking. I don't know how any of that could be used against the company, but that's the point - I don't know. Looks like the best course of action is to scrub the drives outside of the RAID array with DBAN (info I found info that DBAN doenst work through a RAID controller - not without modification at least. It may be enough to break the array, shuffle the drives and rebuild a new array, but that may be debatable too..)...
Deleting files doesn't make them unrecoverable. I would wipe the disk out with dban. There is very little value in keeping the OS since it will be out of support soon.

As a side note the registry alone is riddled with artifacts identifying usernames, computer names, network information, file information to name a few
 


Last edited:
I was planning on doing more than deleting, as I mentioned. There are utilities for doing secure wiping of free space on disks, including "Eraser" (Download – Eraser ) which I use a lot on non server PCs. It does for Windows and free disk space what DBAN does for raw drives.

Registry - yeah - that's what I was thinking. I don't know how any of that could be used against the company, but that's the point - I don't know. Looks like the best course of action is to scrub the drives outside of the RAID array with DBAN (info I found info that DBAN doenst work through a RAID controller - not without modification at least. It may be enough to break the array, shuffle the drives and rebuild a new array, but that may be debatable too..), or just re-purpose and re-use it. (or melt it all down and extract the precious metals ;-))
 


Solution
It would be easier to dismantle the raid and dban each disk. Dismantling the raid isn't enough to make unrecoverable and if there is any chance of that data leaking that can harm a company even if the data isn't sensitive. Think reputation and all the data breaches, any PII leaked can lead to a FTC investigation and potential fines.
 


You must log in or register to reply here.
Back
Top