Delete Users and User Profiles at Logoff - PowerShellCommunity.org - Windows PowerShell Discussion Forums - Using PowerShell

Delete Users and User Profiles at Logoff

Last Post 12 Jan 2012 05:33 PM by Alvin. 2 Replies.

Sort:

	Prev Next
You are not authorized to post a reply.

Author

Messages

iancaseydouglas User is Offline

New Member
Posts:2
Avatar

06 May 2011 12:39 PM
HELP! This script runs on Windows 7 machines in numerous computer labs across campus. The goal is to delete users and user profiles from the computers at logoff. The script executes under NT Authority\System context and is triggered by the user logoff event. The problem occurs in the section "# delete user profile directories". It fails to delete subfolders due to the junction points in certain subfolders. I need a way to remove all the junction points from the user profile directories before I delete them. Whoever can get this final piece working will be a scripting hero to many school administrators, who need this functionality. Thanks. # Clear user data # Delete user objects from local database $objComputer = [ADSI]("WinNT://$env:COMPUTERNAME") $LocalUsers = ($objComputer.psbase.children \| Where-Object {$_.psBase.schemaClassName -eq "User"} \| Where-Object {$_.Name -notmatch "localadmin"}\| Where-Object {$_.Name -notmatch "Administrator"} \| Where-Object {$_.Name -notmatch "Guest"} \| Select-Object -expand Name) foreach ($User in $LocalUsers) {$objComputer.Delete("user",$User) } # delete user profile registry entries get-childitem "registry::hklm\software\microsoft\windows nt\currentversion\profileList" \| Where-Object {$_.Name -notlike "*500"} \| remove-item # delete user profile directories get-childitem c:\users \| Where-Object {$_.Name -notmatch "localadmin"} \| Where-Object {$_.Name -notmatch "Administrator"} \| Where-Object {$_.Name -notmatch "Public"} \| remove-item -recurse -force

iancaseydouglas User is Offline

New Member
Posts:2
Avatar

12 May 2011 03:07 PM
I ended up having to call a dos script to delete the profiles, since remove-item fails to delete reparse-points since they are set to deny delete in their ACLs. For the sake of completing the post, or for anyone else looking to delete all user data at logoff here is the DOS script which deletes the user profiles: REM delete user folders except those specified for /f %%i in ('dir /b c:\users') do @if NOT "%%i"=="Public" @if NOT "%%i"=="admin" rmdir "c:\users\%%i" /s /q. So the entire script becomes: # Clear user data # Delete user objects from local database $objComputer = [ADSI]("WinNT://$env:COMPUTERNAME") $LocalUsers = ($objComputer.psbase.children \| Where-Object {$_.psBase.schemaClassName -eq "User"} \| Where-Object {$_.Name -notmatch "localadmin"}\| Where-Object {$_.Name -notmatch "Administrator"} \| Where-Object {$_.Name -notmatch "Guest"} \| Select-Object -expand Name) foreach ($User in $LocalUsers) {$objComputer.Delete("user",$User) } # delete user profile registry entries get-childitem "registry::hklm\software\microsoft\windows nt\currentversion\profileList" \| Where-Object {$_.Name -notlike "*500"}\| remove-item # delete user profile directories cmd /c c:\windows\system32\groupPolicy\scripts\remDirs.bat

Alvin

New Member
Posts:1
Avatar

12 Jan 2012 05:33 PM
Posted By iancaseydouglas on 12 May 2011 04:07 PM I ended up having to call a dos script to delete the profiles, since remove-item fails to delete reparse-points since they are set to deny delete in their ACLs. For the sake of completing the post, or for anyone else looking to delete all user data at logoff here is the DOS script which deletes the user profiles: REM delete user folders except those specified for /f %%i in ('dir /b c:\users') do @if NOT "%%i"=="Public" @if NOT "%%i"=="admin" rmdir "c:\users\%%i" /s /q. So the entire script becomes: # Clear user data # Delete user objects from local database $objComputer = [ADSI]("WinNT://$env:COMPUTERNAME") $LocalUsers = ($objComputer.psbase.children \| Where-Object {$_.psBase.schemaClassName -eq "User"} \| Where-Object {$_.Name -notmatch "localadmin"}\| Where-Object {$_.Name -notmatch "Administrator"} \| Where-Object {$_.Name -notmatch "Guest"} \| Select-Object -expand Name) foreach ($User in $LocalUsers) {$objComputer.Delete("user",$User) } # delete user profile registry entries get-childitem "registry::hklm\software\microsoft\windows nt\currentversion\profileList" \| Where-Object {$_.Name -notlike "500"}\| remove-item # delete user profile directories cmd /c c:\windows\system32\groupPolicy\scripts\remDirs.bat Hi, what is the content inside remDirs.bat* ?? i'd like to try this one.. pls help... thanks!

You are not authorized to post a reply.

Forums > Using PowerShell > Peer Review

Active Forums 4.3