Deleting only roaming profiles from local hard drive at boot

PowerShell Help
1

Hello,

I have found a few scripts for deleting profiles that require input of a server/username to remove roaming profiles from the local hard drive. What I’m trying to work out if it is possible to create a PowerShell script that when the computer starts up it automatically deletes any roaming profiles that are on the hard drive. See attached screenshot of local users folder, two roaming profiles that should be deleted are all the ‘d7stutest’ folders and the ‘ict’ folder.

Additionally the registry also needs to be checked for profiles left in ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList’

If anyone can help me out that would save me a lot of time having to do this manually!

Thanks

Regards,
Darren

2

Here’s one I put on our tablets to remove student profiles. It’s setup to launch as a scheduled task every night and logs its deletions in a file on the C drive. Basically just modify the $ProtectedProfiles variable to ignore profiles you do not want erased.

$Profiles = Get-WmiObject -Class Win32_UserProfile
$NumDays = 5
$CutoffDate = (Get-Date).AddDays(-$NumDays)
$LogFile = "C:\ProfileDeletion.log"
$ProtectedProfiles = "admin","administrator","netadmin","pcadmin","default","system","public"

#If a log file doesn't exist, create one
if (-not(Test-Path -Path $LogFile)){
    New-Item -Path $LogFile -ItemType File | Out-Null
}

#Cycle thru each profile and delete it if it's older than the cutoff date
foreach ($Profile in $Profiles){
    $Name = $Profile.LocalPath.Split("\")[2]
    $StrLastUse = $Profile.LastUseTime.Substring(0,8)
    $LastUseDay = [datetime]::ParseExact($StrLastUse,"yyyyMMdd",$null)
    $DateTimeString = Get-Date -Format u
    if (($Profile.Special -eq $false) -and 
        ($LastUseDay -lt $CutoffDate) -and 
        ($ProtectedProfiles -notcontains $Name)){
        try {
            $Profile.Delete()
            "$DateTimeString`t$Name`t`tDelete Successful" | Out-File -Encoding ASCII -FilePath $LogFile -Append
        } catch {
            "$DateTimeString`t$Name`t`tDelete Failed" | Out-File -Encoding ASCII -FilePath $LogFile -Append
        }
    }
}
3

Ok great, I’ll take a look at that and let you know how I get on

Thanks

4

I have looked at the script and it seems to work fine as a Computer Startup script. If the profile is in the registry it will also delete the folder in the c:\users. Our computers auto start at 6:30am so there was no need to look for profiles for a certain age so I removed that section

However if the profile is just in C:\users then it needs to be deleted as well. I have copied the ‘for’ loop below and edited it compare the folders in C\users and if they don’t match the $ProtectedProfiles then delete the folders

This appears to work on my test VPC so now to do some real world testing :-S

$Profiles = Get-WmiObject -Class Win32_UserProfile
$LocalUserFolder = Get-ChildItem c:\users -Name
$LogFile = "C:\APPS\ProfileDeletion.log"
$ProtectedProfiles = "screentint","administrator","home","user","default","system","public","MSSQL$ADK"
 
#If a log file doesn't exist, create one
if [-not[Test-Path -Path $LogFile]]{
    New-Item -Path $LogFile -ItemType File | Out-Null
}
 
#Cycle thru each profile and delete it if it's older than the cutoff date
foreach [$Profile in $Profiles]{
    $Name = $Profile.LocalPath.Split["\"][2]
    if [[$Profile.Special -eq $false] -and  
        [$ProtectedProfiles -notcontains $Name]]{
        try {
            $Profile.Delete[]
            "$DateTimeString`t$Name`t`tProfile Delete Successful" | Out-File -Encoding ASCII -FilePath $LogFile -Append
        } catch {
            "$DateTimeString`t$Name`t`tProfile Delete Failed" | Out-File -Encoding ASCII -FilePath $LogFile -Append
        }
    }
}

#Cycle thru each folder in c:\users delete it if it's older than the cutoff date
foreach [$Folder in $LocalUserFolder]{
    if [$ProtectedProfiles -notcontains $Folder]{
        try {
            Remove-Item c:\users\$Folder -Recurse -Force
            "$DateTimeString`t$Folder`t`tLocal Folder Delete Successful" | Out-File -Encoding ASCII -FilePath $LogFile -Append
        } catch {
            "$DateTimeString`t$Folder`t`tLocal Folder Delete Failed" | Out-File -Encoding ASCII -FilePath $LogFile -Append
        }
    }
}
5

UPDATE: Applied the policy to a set of 6 computers and it work as expected. I then applied the policy to another 8 computers and it removed the profiles from the registry but it did not remove the extra folders from c:\users\ location. I rebooted the PCs a couple of times but it would not delete the folders

I checked the log file and it does list the folders as deleted successful

Any additional help anyone can give would be great!!!

6

Can’t really find the fault in your code. I’m getting the expected results on my end. When you say “policy” are you talking about a GPO or are you simply dropping it into all users startup folder? I’m trying to figure out how the script is being triggered and if there is a permissions issue.

7

Yes, I have a GPO with the PowerShell script as a computer startup script. This means when the pupils/staff come in each day the computers should be clean of all roaming profiles stuck on the computers