I had an argument with a superior about this. Though at first glance the prior user of a laptop only did work in his own documents-folders, should I always install a new OS for the next user or is deleting the old profile enough? The software that is installed is mostly also needed by the next user.
I think an install is needed, but except my own argument of viruses and private data, what reasons are there for doing so?
At our company it is allowed to use the PC for e.g. private mail, on some PCs are even games installed. We have kinda mobile users, that are often on site at a customer, so I don't really blame them.
Also because of that we have a lot of local admins out there.
I know both the private use and the availability of local admin-accounts aren't good ideas, but that's how it was handled before I worked here and I can only change this once I am out of traineeship ;)
Edit: I think all of the answers posted are relevant, and I also know that a couple of the practices we have at my company aren't the best to begin with (local admin for too many people for example ;).
As of now, I think the most usable answer for a discussion would be the one from Ryder. Although the example he gave in his answer may be exaggerated, it has happened before that a former employee forgot private data. I recently found a retail copy of the game Runaway in a old laptop and we had a couple of cases of remaining private images, too.
Absolutely you should. It's not just common sense from a security POV, it should also be practice as matter of business ethics.
Let's imagine the following scenario: Alice leaves, and her computer is transferred to Bob. Bob didn't know it, but Alice was into illegal shota porn and left several files tucked away outside of her profile. IT wipes her profile and nothing else, which included only her browsing history and local files.
One day, Bob is checking out the bells and whistles on his shiny new work machine, while sitting at a Starbucks™ and sipping at a latte. He stumbles across Alice's cache and innocently clicks on a file that looks strange. Suddenly, every head in the store whips around to watch in horror as Bob's PC flouts several state and federal regulations at full volume. One little girl in the corner starts crying.
Bob is mortified. After six months of depression and after having been fired for his unintentional act of public indecency (and possible criminal charges), he finds himself a really crackin' legal team and lays waste to his former employer with an outrageously damaging lawsuit. Alice is in Thailand and escapes extradition.
Maybe all this is a little beyond the pale, but it absolutely could happen if you don't take the time to scour through a former employee's every action. Or you could save time, and reinstall from scratch.
You should definitely reset/reinstall the computers. There could be malicious programs on it that would put the business at risk. Those could be viruses or trojans or something the former employee left there intentionally (not everybody leaves on good terms). All reasons in @axl's reply are valid, too.
To make your life easier, create a snapshot/image/backup of a freshly installed computer with all your usual software already installed and just push this on every new or recycled computer. No manual reinstall needed.
I'm not an IT admin, but my feeling is that you should reinstall for a couple of reasons:
Local admins can take ownership of the previous user's files.
You're less likely to have to deal with problems arising from system changes made by the old user.
The old user's personal applications would still be available in Program Files.
If you don't have local admins and they really can't change or access anything outside their home folder, then I'd be less concerned, but then there's always disk space to consider.
Have you considered using Ghost or another imaging system instead of manually installing all the software?
If all machines you handle are identical (or there are groups of identical machines), make a clean install once, update the OS and install basic software the users will need. Then create a HDD image, which you can restore the system from in case of reassigning the machine to another user, HDD failure, virus infection, etc.
All you have to do is just is restore the "clean install" HDD contents from disk image, and change the Windows product key if this is needed.
If you want to protect the HDDs against users using forensic tools - use a data shredding tool (e.g. shred, available in most linux distros) on the HDD before restoring data from the image to it. With about an hour's worth of work you can even prepare a live USB that'll shred the HDD then re-fill it with data from the image.
This way you can save yourself quite a bit of work while still protecting users' and company's data.
I have personal experience with non-reimaged PCs passing viruses on to new users. (And with unwanted files outlasting a user's employment, but that's a whole other story.)
As Ushuru pointed out, the best practice is to reimage rather than reinstall. (And yes, you need sysprep, but not because of SIDs, as TesselatingHector said.) They don't have to be identical hardware; you can include a wide variety of drivers in your image and even add new drivers offline (if your image is a .wim).
There's a whole market sector of desktop deployment software, and I've also seen people roll their own process with backup software and restoring a specialized "backup" image.
Or, you can rebuild the system if you happen to love installing the OS. ;) I get bored easily and prefer to automate.
This is missing the best answer ... write down your hardware as a business cost, and when someone leaves then give them the laptop and buy a new clean one; this saves the most time of all, and is a positive way to approach work-life balance. Of course, if they've only been there a few weeks then a reset is probably best.
The answer to this really depends on whether you allow employees to be local administrators of their own machine.
In general a User group account only has write permission in its own profile directory, and nowhere else on the hard drive.
In this case no changes can be made to the system by the user, including installing or removing applications, or creating hidden files or directories outside of their profile directory.
Malware can potentially install itself, but again only inside that user's profile, typically in AppData or Temp.
For these restricted users, a new account is completely disconnected from whatever was in the old user profile.
I would never even dream of giving a used PC to a new employee without at least a hard disk wipe. If you wanted to be fairly safe, replace the hard drive completely.
Root kits are extremely powerful. A root kit is unknown by the OS and virus scanners because they are installed at a lower level (They actually load the OS and give the OS it's basic information such as what is on the hard drive, so they can very effectively hide themselves from the OS). Some even install themselves in to the BIOS of the hard drive which makes them extremely difficult to get rid of.
A few can install themselves in the BIOS of your PC and re-infect new hard drives as they are installed.
If any disgruntled employee with even mild hacking skills really wanted to they could return a computer to you in a state that would devastate your network repeatedly even after a hard disk "Reformat". A good one could make it so that even replacing the hard drive wouldn't help.
A really talented hacker-employee might use one of these techniques to gain unlimited access to your internal network systems and data. At any point in the future he could reconnect from the outside--in a way that would be almost impossible for you to stop (Since the infected computer is likely to call out occasionally and bypass all firewall security).
Luckily the really talented ones probably have better things to do than work for your company.
James's answer where he says "Give the computer to the employee when he leaves" should be sounding pretty good right about now--but really, just yank and shred the HD.