VULNERABILITY DIGEST FROM ACTION1

Patch Tuesday and third-party updates | This Wednesday | 12 PM EST / 6 PM CET

Action1 5 Blog 5 How To Delete User Profiles Remotely with PowerShell

How To Delete User Profiles Remotely with PowerShell

December 1, 2020

By Peter Barnett

When a user logs onto the computer for the first time (not via the network to access shared folders or printers), Windows creates a user profile. Among its contents are the NTUSER.DAT file (user profile settings), user-specific folders (My Documents, Desktop, etc.), and Application Data. 

When it comes to cleaning up the C:\Users directory of old and obsolete user profiles on Windows workstations and servers, especially RDS (Remote Desktop Services) terminal servers, you can remotely delete a user profile from the command line tool using PowerShell.

As for the terminal servers, in the C:\Users folder, there accumulates a huge number of directories with out-of-date user profiles on a regular basis. Setting quotas on a directory and thus limiting the total amount of storage consumed on the directory (using FSRM or NTFS quotas, roaming folders, etc.) can be somewhat of a solution. In this article, we’ll cover the question of how to delete a user profile remotely via PowerShell.

How to Remove Old User Profiles via Powershell

Use a PowerShell script to find and delete user profiles for inactive or blocked users.

STEP 1: Calculate the size of the profile of each user in the C:\Users folder with the following script:

gci -force ‘C:\Users’-ErrorAction SilentlyContinue | ? { $_ -is [io.directoryinfo] } | % {

$len = 0

gci -recurse -force $_.fullname -ErrorAction SilentlyContinue | % { $len += $_.length }

$_.fullname, ‘{0:N2} GB’ -f ($len / 1Gb)

$sum = $sum + $len

}

“Total size of profiles”,'{0:N2} GB’ -f ($sum / 1Gb)

For instance, in our case the total size of all user profiles in the C:\Users directory is about 22 GB (see below).

total size of all user profiles

STEP 2: List users whose profiles haven’t been active for more than 60 days. Use the value of the LastUseTime profile field for searching:

Get-WMIObject -class Win32_UserProfile | Where {(!$_.Special) -and ($_.ConvertToDateTime($_.LastUseTime) -lt (Get-Date).AddDays(-60))}| Measure-Object

Below, we’ve got 143 inactive user profiles on the terminal server.

inactive user profiles on the terminal server

STEP 3: To remove all of these user profiles.

  • You can add a redirect list to the Remove-WmiObject command (before using the script to delete old user profiles, we recommend to double-check its output using the -WhatIf parameter):

Get-WMIObject -class Win32_UserProfile | Where {(! $ _. Special) -and (! $ _. Loaded) -and ($ _. ConvertToDateTime ($ _. LastUseTime) -lt (Get-Date) .AddDays (-30))} | Remove-WmiObject –WhatIf

  • To exclude some profiles — e.g. special System and Network Service accounts, a local administrator account, users with active sessions, etc. — you need to modify the script as follows:

NOTE: Before running an automatic cleanup of old user profiles, thoroughly examine the script and test it within your environment! You can schedule the run of the script via GPO shutdown scripts or Task Scheduler.

  • To automatically delete all users added to a specific AD group (for example, the DisabledUsers group), modify the script:

$users = Get-ADGroupMember -Identity DisabledUsers | Foreach {$_.Sid.Value}

$profiles = Get-WmiObject Win32_UserProfile

$profiles | Where {$users -eq $_.Sid} | Foreach {$_.Delete()}

 

Action1’s Remote Management Solutions

Staying competitive in the market is always a challenge, and loud words don’t do wonders for optimizing administrative tasks and scaling up IT productivity. But actions do! With Action1’s cloud-based patch management solution, your IT department will timely deliver patches and updates, manage IT assets, maintain remote access, and run many other complex tasks.

Read the TechRadar review of our product or be the judge — use Action1 for free on up to 100 endpoints free forever.

See What You Can Do with Action1

 

Join our weekly LIVE demo “Patch Management That Just Works with Action1” to learn more

about Action1 features and use cases for your IT needs.

 

spiceworks logo
getapp logo review
software advice review
trustradius
g2 review
spiceworks logo

Related Posts

6-Step Patch Management Process

Regular patching is essential for protecting your endpoints from cyberthreats, it is a well-known fact that hackers often exploit unpatched vulnerabilities in order to penetrate...

read more