+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Windows 7 Thread, GPO Windows 7 - Automatically Delete Local User Profiles Older Than X number of Days in Technical; Hello Everyone - I know that some of you probably use scripts to delete old profiles, but I wanted to ...
  1. #1
    nsuljic's Avatar
    Join Date
    Jan 2011
    Location
    Houston
    Posts
    8
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    GPO Windows 7 - Automatically Delete Local User Profiles Older Than X number of Days

    Hello Everyone - I know that some of you probably use scripts to delete old profiles, but I wanted to see if anyone has been able to get the Group Policy working that is supposed to delete user profiles older than X number of days?

    Computer Configuration
    -Policies
    --Administrative Templates
    ---System/User Profiles
    ----"Delete user profiles older than a specified number of days on system restart"

    I run a couple of computer labs at a Medical School and we have a lot of students logging in to the machines. Within a short period of time, a lot of local profiles build up and degrade the performance of the computers. Any suggestions would be much appreciated.

    Thanks,
    Nermin

  2. #2

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,906
    Thank Post
    153
    Thanked 598 Times in 537 Posts
    Rep Power
    158
    How are you finding they're degrading performance? Are you using Local Profiles? With a roaming or mandatory profile, you can allow huge numbers of profiles to build up - the system won't appreciably slow down unless the HDD is filling up.

  3. #3

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,962
    Thank Post
    1,208
    Thanked 1,074 Times in 765 Posts
    Rep Power
    332
    @nsuljic:

    We don't rely on the GPO which does this as it is not very reliable and as you have mentioned we run a script at logoff which reads the users profiles from a txt file which we wish to have deleted. This runs every time they logoff so very little impact on the logon times and keeps the workstations clean.

    We do run with roaming profiles so this is a great help as they can increase in size over time and when a profile becomes greater than 2Mb in size it can easily become corrupt so a regular cleaning of peoples profiles does have an increased effect on the logon times.

    Last edited by bossman; 25th January 2011 at 04:08 PM.

  4. #4
    nsuljic's Avatar
    Join Date
    Jan 2011
    Location
    Houston
    Posts
    8
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We are using local profiles. The computers are slowing down and when we run virus scans it takes so much longer to finish scanning because there are so many useless profiles to scan through. Ideally, I'd like to delete all profiles that are older than 30 days. Delprof in XP worked really well. This group policy setting would be great if I could only get it to work...

  5. #5
    gybe78's Avatar
    Join Date
    May 2008
    Location
    Aylesbury
    Posts
    142
    Thank Post
    25
    Thanked 30 Times in 20 Posts
    Rep Power
    19
    I'm sure I read something about this. When AV software (and/or Windows Defender) scans the local disk it "touches" the profiles and alters their modified time. Therefore if your clients run a daily scan, profiles will never be older than 24hrs.

    See http://support.microsoft.com/kb/983544
    Last edited by gybe78; 25th January 2011 at 04:12 PM.

  6. Thanks to gybe78 from:

    nsuljic (26th January 2011)

  7. #6
    nsuljic's Avatar
    Join Date
    Jan 2011
    Location
    Houston
    Posts
    8
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for the useful info, I will try the hotfix and will report back with results...

  8. #7
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,313
    Thank Post
    83
    Thanked 47 Times in 33 Posts
    Rep Power
    31
    Quote Originally Posted by nsuljic View Post
    We are using local profiles. The computers are slowing down and when we run virus scans it takes so much longer to finish scanning because there are so many useless profiles to scan through. Ideally, I'd like to delete all profiles that are older than 30 days. Delprof in XP worked really well. This group policy setting would be great if I could only get it to work...
    Why do you need to scan local pc's?
    I only scan the servers each night and just ensure the clients A/V are upto date.

  9. #8

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,906
    Thank Post
    153
    Thanked 598 Times in 537 Posts
    Rep Power
    158
    I run a weekly scan - alot of nasties find their way into the user profiles on the local PCs.

  10. #9
    nsuljic's Avatar
    Join Date
    Jan 2011
    Location
    Houston
    Posts
    8
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Same here, students tend to download all kinds of stuff and our IT security department mandates that we run daily "Quick Scans" and weekly "Full Scans" on all of the machines... Whenever infections are detected, they are usually located in user profiles, so eliminating those at a regular basis would definitely help. One of the random machines that I selected in one of my labs and installed the hotfix, it has 193 local profiles!

  11. #10
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,313
    Thank Post
    83
    Thanked 47 Times in 33 Posts
    Rep Power
    31
    Quote Originally Posted by nsuljic View Post
    Same here, students tend to download all kinds of stuff and our IT security department mandates that we run daily "Quick Scans" and weekly "Full Scans" on all of the machines... Whenever infections are detected, they are usually located in user profiles, so eliminating those at a regular basis would definitely help. One of the random machines that I selected in one of my labs and installed the hotfix, it has 193 local profiles!
    Do you have to leave your PC's on all night then?
    How do you schedule your scans for times when they are ON but not being used?

  12. #11
    nsuljic's Avatar
    Join Date
    Jan 2011
    Location
    Houston
    Posts
    8
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    The Lab is open 24/7 so the computers stay on all the time. We schedule the scans during off peak hours (4:00 in the morning).

  13. #12

    Join Date
    Aug 2007
    Posts
    827
    Thank Post
    101
    Thanked 65 Times in 47 Posts
    Rep Power
    26
    I found that GP setting to be a bit flakey..
    Sometimes it would not delete they profile and at other times delete everything but the appdir folder.

  14. #13
    carvjo's Avatar
    Join Date
    Mar 2010
    Location
    Oxford
    Posts
    195
    Thank Post
    12
    Thanked 39 Times in 34 Posts
    Rep Power
    22
    Add your users to the 'Domain Guests' global group - those users won't leave any profile on your computers.. it works!

  15. #14

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,157
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    We run this script every night to clean up. The check at the start is to exclude certain machines (the ones in lecture theatres)

    The next section uses a WMI call to get a list of profiles other than the "special" ones (localsystem etc) and delete them (this is what you see when you go to the control panel and delete profiles)

    This will sometimes leave bits behind so the next step is to get a list of folders which shouldn't be deleted by reading the existing profiles from the registry - this list is built in a dictionary. To this is then added things like "public" and "default".

    The script then scans c:\users and checks each folder it finds against the dictionary. If the folder isn't listed then it gets deleted (because it doesn't need to be there)

    Code:
    const HKEY_LOCAL_MACHINE = &H80000002
    
    set oDic=createobject("scripting.dictionary")
    Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
    Set oWMIService = GetObject("winmgmts:\\.\root\cimv2")
    set oFSO=createobject("scripting.filesystemobject")
    set oShell=createobject("wscript.shell")
    
    on error resume next
    
    'are we on an AV machine? if so, quit - leave profiles alone in theatres
    if ofso.fileexists("c:\windows\av") then wscript.quit
    
    Set colItems = oWMIService.ExecQuery("Select * from Win32_UserProfile where special=false and loaded=false",,48)
    For Each oItem in colItems
      sSid=oItem.SID
      Set oUserProfile = GetObject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2:Win32_UserProfile.SID='" & sSID &"'")
      oUserProfile.Delete_
    Next
    
    'now clean up directories not attached to profiles
    'and profiles not completely deleted by first step
    'build a list of the directories used by profiles
    
    sPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
    oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, arrSubKeys
    For Each subkey In arrSubKeys
      lRc=oReg.GetStringValue(HKEY_LOCAL_MACHINE, sPath & "\" & subkey ,"ProfileImagePath",sDir)
      sDir=lcase(sDir)
      oDic.add sDir, subkey
    Next
    
    'now add the "fixed" profiles
    
    lRc=oReg.GetStringValue(HKEY_LOCAL_MACHINE, sPath ,"ProfilesDirectory",sRoot)
    sRoot=lcase(oShell.expandenvironmentstrings(sRoot))
    sRoot=sRoot & "\"
    
    oDic.add sRoot & "public","public"
    oDic.add sRoot & "all users", "all users"
    oDic.add sRoot & "default","default"
    oDic.add sRoot & "default user", "default user"
    
    
    set oFolder=ofso.getfolder("c:\users")
    for each oSubFolder in oFolder.subfolders
      sFolder=sRoot & lcase(oSubFolder.name)
      if not(oDic.exists(sFolder)) then
        'orphaned folder so delete it
        ofso.deletefolder sFolder, true
      end if
    next

  16. #15

    Join Date
    Feb 2011
    Posts
    92
    Thank Post
    6
    Thanked 24 Times in 15 Posts
    Rep Power
    12
    we also run a script when the computers remotely shut down of an evening that deletes the profiles. However you could just link the gp during the holidays force a couple of reboots then unlink the gp. Bit of house keeping but might be a solution.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 28
    Last Post: 23rd May 2011, 09:57 AM
  2. Delete local profiles.
    By firefighting in forum How do you do....it?
    Replies: 8
    Last Post: 28th April 2011, 08:28 PM
  3. Replies: 2
    Last Post: 13th January 2011, 12:28 PM
  4. Delete User profiles on local machines
    By martinb in forum How do you do....it?
    Replies: 2
    Last Post: 16th March 2010, 10:13 AM
  5. Replies: 6
    Last Post: 26th September 2008, 03:57 PM

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •