Deleting only roaming profiles from local hard drive at boot

This topic contains 6 replies, has 3 voices, and was last updated by Profile photo of Darren Scordecchia Darren Scordecchia 1 year, 9 months ago.

  • Author
    Posts
  • #23027
    Profile photo of Darren Scordecchia
    Darren Scordecchia
    Participant

    Hello,

    I have found a few scripts for deleting profiles that require input of a server/username to remove roaming profiles from the local hard drive. What I'm trying to work out if it is possible to create a PowerShell script that when the computer starts up it automatically deletes any roaming profiles that are on the hard drive. See attached screenshot of local users folder, two roaming profiles that should be deleted are all the 'd7stutest' folders and the 'ict' folder.

    Additionally the registry also needs to be checked for profiles left in 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList'

    If anyone can help me out that would save me a lot of time having to do this manually!

    Thanks

    Regards,
    Darren

  • #23105
    Profile photo of Jack Neff
    Jack Neff
    Participant

    Here's one I put on our tablets to remove student profiles. It's setup to launch as a scheduled task every night and logs its deletions in a file on the C drive. Basically just modify the $ProtectedProfiles variable to ignore profiles you do not want erased.

    $Profiles = Get-WmiObject -Class Win32_UserProfile
    $NumDays = 5
    $CutoffDate = (Get-Date).AddDays(-$NumDays)
    $LogFile = "C:\ProfileDeletion.log"
    $ProtectedProfiles = "admin","administrator","netadmin","pcadmin","default","system","public"
    
    #If a log file doesn't exist, create one
    if (-not(Test-Path -Path $LogFile)){
        New-Item -Path $LogFile -ItemType File | Out-Null
    }
    
    #Cycle thru each profile and delete it if it's older than the cutoff date
    foreach ($Profile in $Profiles){
        $Name = $Profile.LocalPath.Split("\")[2]
        $StrLastUse = $Profile.LastUseTime.Substring(0,8)
        $LastUseDay = [datetime]::ParseExact($StrLastUse,"yyyyMMdd",$null)
        $DateTimeString = Get-Date -Format u
        if (($Profile.Special -eq $false) -and 
            ($LastUseDay -lt $CutoffDate) -and 
            ($ProtectedProfiles -notcontains $Name)){
            try {
                $Profile.Delete()
                "$DateTimeString`t$Name`t`tDelete Successful" | Out-File -Encoding ASCII -FilePath $LogFile -Append
            } catch {
                "$DateTimeString`t$Name`t`tDelete Failed" | Out-File -Encoding ASCII -FilePath $LogFile -Append
            }
        }
    }
    
  • #23147
    Profile photo of Darren Scordecchia
    Darren Scordecchia
    Participant

    Ok great, I'll take a look at that and let you know how I get on

    Thanks

  • #23179
    Profile photo of Darren Scordecchia
    Darren Scordecchia
    Participant

    I have looked at the script and it seems to work fine as a Computer Startup script. If the profile is in the registry it will also delete the folder in the c:\users. Our computers auto start at 6:30am so there was no need to look for profiles for a certain age so I removed that section

    However if the profile is just in C:\users then it needs to be deleted as well. I have copied the 'for' loop below and edited it compare the folders in C\users and if they don't match the $ProtectedProfiles then delete the folders

    This appears to work on my test VPC so now to do some real world testing :-S

    $Profiles = Get-WmiObject -Class Win32_UserProfile
    $LocalUserFolder = Get-ChildItem c:\users -Name
    $LogFile = "C:\APPS\ProfileDeletion.log"
    $ProtectedProfiles = "screentint","administrator","home","user","default","system","public","MSSQL$ADK"
     
    #If a log file doesn't exist, create one
    if [-not[Test-Path -Path $LogFile]]{
        New-Item -Path $LogFile -ItemType File | Out-Null
    }
     
    #Cycle thru each profile and delete it if it's older than the cutoff date
    foreach [$Profile in $Profiles]{
        $Name = $Profile.LocalPath.Split["\"][2]
        if [[$Profile.Special -eq $false] -and  
            [$ProtectedProfiles -notcontains $Name]]{
            try {
                $Profile.Delete[]
                "$DateTimeString`t$Name`t`tProfile Delete Successful" | Out-File -Encoding ASCII -FilePath $LogFile -Append
            } catch {
                "$DateTimeString`t$Name`t`tProfile Delete Failed" | Out-File -Encoding ASCII -FilePath $LogFile -Append
            }
        }
    }
    
    #Cycle thru each folder in c:\users delete it if it's older than the cutoff date
    foreach [$Folder in $LocalUserFolder]{
        if [$ProtectedProfiles -notcontains $Folder]{
            try {
                Remove-Item c:\users\$Folder -Recurse -Force
                "$DateTimeString`t$Folder`t`tLocal Folder Delete Successful" | Out-File -Encoding ASCII -FilePath $LogFile -Append
            } catch {
                "$DateTimeString`t$Folder`t`tLocal Folder Delete Failed" | Out-File -Encoding ASCII -FilePath $LogFile -Append
            }
        }
    }
  • #23194
    Profile photo of Darren Scordecchia
    Darren Scordecchia
    Participant

    UPDATE: Applied the policy to a set of 6 computers and it work as expected. I then applied the policy to another 8 computers and it removed the profiles from the registry but it did not remove the extra folders from c:\users\ location. I rebooted the PCs a couple of times but it would not delete the folders

    I checked the log file and it does list the folders as deleted successful

    Any additional help anyone can give would be great!!!

  • #23208
    Profile photo of Jack Neff
    Jack Neff
    Participant

    Can't really find the fault in your code. I'm getting the expected results on my end. When you say "policy" are you talking about a GPO or are you simply dropping it into all users startup folder? I'm trying to figure out how the script is being triggered and if there is a permissions issue.

  • #23224
    Profile photo of Darren Scordecchia
    Darren Scordecchia
    Participant

    Yes, I have a GPO with the PowerShell script as a computer startup script. This means when the pupils/staff come in each day the computers should be clean of all roaming profiles stuck on the computers

You must be logged in to reply to this topic.