Is there a way to cleanup service account user profile?
Hi team-
I have a customer asking after leveraging PDQ Deploy in our service that the account used to deploy our application leaves a "User Profile" on each client machine (ex. "C:\Users\sa_PDQ"). While there should not be any data in the folder created, is there a way to avoid this or clean it up?
My thought is they don't want users knowing about the account existing. Additionally, is my understanding correct in that this user profile is created in order to perform the Deploy actions "temporarily"?
-Ken
Comments
Hi Ken,
This is intended behavior. it has to do with the Run As feature in Deploy. By default the Deploy User credentials are used. To avoid this behavior you would need to run the deployments as Local System. Still use the Deploy User credentials (this is required) but have the Run As set to Local System.
Keep in mind that some steps in packages in the Package Library are hard-coded to Run As Deploy User.
A profile does need to be created in order to execute deployments. The clean up procedures remove files that were used during the deployment but the actual Windows profile stays.
Thanks Shane, after testing a few of the different combinations I found out exactly what you described. To "clean up" the User Profile folder, I just created a quick package with a "Command" step to do a RMDIR, and having the "Run as" Local System as you had suggested.
Should work out just fine for the customer I think. Thanks again for the clarification and suggestions once again!
Well done, Ken.
Keep one thing in mind... deleting the directories will prevent the casual user from seeing the other user account profiles but the actual profile still exists in the registry. I'm sure you know this but I just wanted to mention it.
Agreed, that would be the more thorough method. Think I saw another discussion on the forums regarding a utility "Delprof2" that might fit the need too. Thanks again as we were able to cater to the customers needs just fine.
Bonus that we've sold them on moving forward with an Enterprise license of PDQ Deploy to boot.
Cheers
DelProf2 is a great tool. Thanks for everything, Ken.
HI,
We are in school enviroment, and we get lots of profiles in our computers.
I have used DelProf2 to delete those time to time.
Now that we are using PDQ softwares (Inv and Deploy) is it possible to combine this userprofile deletion to those apps.??
Tried to add "custom tool" in PDQInventory, but it did not work (maybe cause need of elevated cmd and remote reg. service started automatic ??)
I have tried command line : C:\tools\Delprof2\DelProf2.exe /q /c:%TargetIPAddress%
Do you vise man know a workaround for this issue?
What am i doing wrong in "Custom Tool" ? Does it need a command, start ?
New to PDQ and trying to get delprof2.exe to work for us as well. We have multiple remote computers we need to remove old user profiles. Do we need to copy delprof2 to each computer in a folder to run or can it run from pdq machine? Any suggestions on getting to work would be appreciated. Thanks in advance
Yes, it will have to be on the local machine for this to work.
You could create a Custom Tool in Inventory to do the work, or create a Package in Deploy with a File Copy Step to put the delprof2.exe file on the target, and then a command step using the exe and the switches you require. That may be your best route. Using the Custom Tool approach is rather......ugly, but cool!
This works if you have Windows 8.1 or higher (Note, it may work on Windows 7, but I don't have 7 clients to test on):
That will delete the profile from the computer and can be run as a PDQ Deploy Powershell step in a package, or from the Tools menu in PDQ Inventory.
I know this is an old thread, but is there a way to delete the PDQ service account profile? I've tried the powershell method above but it fails because of locked files.