-Target registry entries longer than 15 characters,
-Exclude any that contain C:\Users\administrator
-Target any that end in “.bak”.
The reason for including the last one is that without it this script continues to target and delete my network service and local service reg entries, forcing me to reset the laptop fully.
Below is an example of the script running and the output. The entry ending 059 is correctly skipped, but the entry ending 486 is incorrectly skipped and the shorter entries are incorrectly targeted.
PS C:\WINDOWS\system32> # Define the path to the registry key
PS C:\WINDOWS\system32> $profileListPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
PS C:\WINDOWS\system32>
PS C:\WINDOWS\system32> # Function to delete registry keys based on conditions
PS C:\WINDOWS\system32> function Delete-BakRegistryKeys {
>> param (
>> [string]$path
>> )
>>
>> # Get all subkeys
>> $subKeys = Get-ChildItem -Path $path -ErrorAction Stop
>>
>> foreach ($subKey in $subKeys) {
>> try {
>> # Get the ProfileImagePath value
>> $profileImagePath = (Get-ItemProperty -Path $subKey.PSPath -ErrorAction Stop).ProfileImagePath
>>
>> # Check if the key name ends in .bak, is 15 characters or longer, and is not "C:\Users\administrator"
>> if ($subKey.Name.Length -ge 15 -and $profileImagePath -ne "C:\Users\administrator") {
>> Write-Output "Deleting registry key: $($subKey.Name)"
>> Remove-Item -Path $subKey.PSPath -Recurse -Force -ErrorAction Stop
>> } else {
>> Write-Output "Skipping registry key: $($subKey.Name)"
>> }
>> } catch {
>> Write-Output "Error processing key: $($subKey.Name) - $_"
>> }
>> }
>> }
PS C:\WINDOWS\system32>
PS C:\WINDOWS\system32> # Delete .bak keys under ProfileList
PS C:\WINDOWS\system32> Delete-BakRegistryKeys -path $profileListPath
Deleting registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-12-1-2868673471-1273932473-801059733-2038492486
Skipping registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-12-1-414086179-1332135521-1806281349-1569711059
Deleting registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Deleting registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
Deleting registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
PS C:\WINDOWS\system32>
I think you may have copy/pasted your code and some of the formatting got messed up.
Please edit your post, remove the code, and use the “Preformatted Text” button inside the gear icon to format your code, as code.
Or you can put 3 backticks on a line, go down a line and paste, and then put 3 backticks on a line.
```
your code here
```
it looks like you need to debug.
I’m definitely not the person to provide guidance on how to set breakpoints in VScode and run with debugging, but what I would do it edit your function in your IDE and manually step through it piece by piece selectively executing each line.
When you get to the subkeys loop manually define $subKey as your problem subkey, maybe like this:
$subKey = $subKeys[1]
Then check it manually, what is its length:
$subKey.Name.Length
I’m not sure I understand the logic behind the name/length greater than 15 bit. All of the profiles in my registry are well over 15 characters because the “Name” property is the entire path:
The logic behind the character length rule is that my networkservice, localservice, and systemprofile entries are all about 10 characters long. User profiles, excluding those with a .bak suffix, clock in pretty consistently at 52 characters. I did try using a rule for excluding anything with a ProfileImagePath that includes the “systemroot” phrase, of which the above are found under; that didn’t seem to take and again the three of those were deleted in testing.
I’m absolutely with @grey0ut here … we need either more info about your task in general or all of the code involved to be able to help.
And regardless of that - what is it what you actually want to achieve? If you want to clean up local profiles on a computer you don’t have to re-invent the wheel again. Tehre are already code examples out there you can easily adapt to your particular needs.
if $subKey.Name is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20 it’s a lot longer than 10 characters. Do you see what I’m saying?
I vote with Olaf on this one. I also think it is a bad idea to clean up profiles by nuking reg entries. Messing with the profilelist can lead to more problems.
I also vote with Olaf - using the CIM commands is definitely the way to go for cleaning up user profiles on a machine - it’s kind of like using an uninstaller for software vs. just deleting the files.