delprof2

Comments

5 comments

  • SelfMan

    Hi Greg,
    you can create a new deployment package, include a command step and the executable.

    the command should contain the executable name and a parameter for it. When deployed it will be executed on the target machine.

    I advise to be very carefull with this tool. Remember that it deletes all profiles except the profile it is executed under and few system default profiles.

    0
    Comment actions Permalink
  • Stephen Valdinger

    You can use a GPO to remove unused profiles after x amount of days. 

     

    You could also use a script like this:

    Function Remove-UserProfile{

    <#

    .SYNOPSIS

    Removes specified user profile from a local or remote machine using Invoke-Command

    .PARAMETER

    Profile

    The profile you wish to remove from the workstation

     

    .PARAMETER

    Computername

    The remote computer(s) you wish to remove profiles from

    .EXAMPLE

    Remove-UserProfile -Profile demouser1

     

    .EXAMPLE

    Remove-UserProfile -Profile demouser1,demouser2

     

    .EXAMPLE

    Remove-UserProfile -Computername wrkstn01 -Profile demouser1

    .EXAMPLE

    Remove-UserProfile -Computername wrkstn01,wrkstn02 -Profile demouser1

    #>

    Param(

    [cmdletBinding()]

    [parameter(

    Mandatory,

    Position=1)]

    [string]

    $Profile,

    [parameter(

    Mandatory=$false,

    Position=0)]

    [array]

    $Computername

    )

     

    #Work with a remote machine.

    If($Computername-ne'')

    {

    Foreach($computerin$Computername)

    {

    Try

    {

    Foreach($pin$Profile)

    {

    Get-CimInstance-Computername $Computer win32_userprofile |

    Select-Object SID,LocalPath |

    Where-Object { $_.localpath-match"$p" } |

    Remove-CimInstance

     

    }#end foreach

    }#end try

     

    Catch

    {

    $_.Exception.Message

     

    }#end catch

    }#end foreach

    }#end if

     

    #Working with the local machine.

    Else

    {

    foreach($pin$Profile)

    {

    Get-CimInstance win32_userprofile |

    Select-Object SID,LocalPath |

    Where-Object { $_.localpath-match"$p" } |

    Remove-CimInstance

    }#end foreach

    }#end else

    }#end function
    0
    Comment actions Permalink
  • Greg Schaefer

    Can this script be used to remove all profiles except built in accounts?

    0
    Comment actions Permalink
  • Stephen Valdinger

    Sure it can. I would modify it slightly with an array containing the built-in account names, and then use a -notin filter to delete the ones that aren't.

    0
    Comment actions Permalink
  • Martin Timmelstad

    Hi,

    I have looked around and I ended up with using this PowerShell script that works just great!

    It is easy to edit as you can see in attached screenshot you add the datestring -DateBeforeDeletion (xxdays) for what matches your business needs.

    You should also edit in the file itself what accounts you don't want to be touched. If you have say admin accounts that should always be on the clients.

    File can be downloaded here: Remove-OldUser

    <#
    .SYNOPSIS
    This function will by default remove all user profiles older than 15 days.
    .DESCRIPTION
    The function takes in a number of days and then removes all profiles which are as old or older than the number of days.
    .PARAMETER DaysBeforeDeletion
    An integer representing how old a profile can be before it's removed.
    .EXAMPLE
    .\Remove-OldUserProfiles.ps1
    Running without any additional input will simply remove all profiles older than 30 days on the computer.
    .EXAMPLE
    .\Remove-OldUserProfiles.ps1 -DaysBeforeDeletion 15
    This will remove all the profiles which are 15 days or older.
    #>
    [CmdletBinding()]
    param(
    [Parameter(Mandatory=$false)][int]$DaysBeforeDeletion = 15
    )
    begin {
    if(-not ([Security.Principal.WindowsPrincipal
    [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
    Write-Warning -Message "You need to run this script with local administrator privledges."
    break
    }
    Write-Verbose -Message "Starting to remove old profiles."
    # User profiles which should never be removed regardless of age.
    $NeverDelete = @(
    "Administrator",
    "Administratör",
    "Public",
    "LocalService",
    "NetworkService",
    "All Users",
    "Default",
    "systemprofile",
    "Default User"
    )
    } process {
    # Get all the user folders, the filter those by folders which have a 
    # last write time which is greater than or equal to the number of days
    # before deletions which has been sent to the script as a parameter.  
    # Then filter the objects to remove any that match our list of profiles
    # Which we never want to delete.
    $OldUserProfiles = @(Get-ChildItem -Force "$($env:SYSTEMDRIVE)\Users" | 
    Where-Object { ((Get-Date)-$_.LastWriteTime).Days -ge $DaysBeforeDeletion } | 
    Where-Object {
    $User = $_
    if($NeverDelete.Contains($User.ToString())) {
    $User = $User -replace $User.ToString(), ""
    }
    $User
    } | Where-Object { $_.PSIsContainer })
    # Now go through each user profile and then remove the profile out of win32_userprofile
    # and remove their folder.  This completely removes them from the system and should
    # get around the issue with temporary profiles being created or errors from the system
    # having a record of the profiles existence.
    foreach($UserProfile in $OldUserProfiles) {
    try {
    (Get-WmiObject Win32_UserProfile | Where-Object { $_.LocalPath -like "*$($UserProfile.FullName)*"}).Delete()
    Remove-item -Path $UserProfile.FullName -Force -Recurse
    } catch {
    Write-Error -Message "There was an error removing the user profile $($UserProfile.Name)."
    Write-Error -Message $_.Exception.Message
    }
    }
    } end {
    Write-Verbose -Message "User profile folders cleanup complete."
    }
    

    Remove-OldUser.JPG

    0
    Comment actions Permalink

Please sign in to leave a comment.