Working for a school organization that contains many labs, I was presented with problem of having 5-10 labs per school, with 30 computers in each lab running Windows XP and a mixture of 32bit and 64bit Windows 7. Trying to maintain the user profiles in this type of setting can be a complete nightmare! A "normal" corporation would most likely utilize a .vbs script and set it up as a Group Policy to launch at computer boot for removing profiles, but in our environment, the server guys don't like us "lowly tech" guys and snuff their noses at us. If we tried to talk them into doing such a thing, they would come up with some excuse to keep from being held responsible...
So, that leaves us lowly techs with the daunting task of manually removing the profiles at the desktop level. Not very efficient but then again, what state/government run organize is? Most of the other folks in the organization used the M$ "DelProf.exe" file. I originally tried it out and very quickly found out that it, like most of Microsofts products, is a half-assed utility. It's options are very limited and it does a horrible job cleaning out the registry portion for the profile. Knowing there had to be something better, I decided to do some digging and ran across a similar freeware utility called DeleteProfiles.exe made by Optimum X. The program hasn't been updated since 2007 but believe it or not, works flawlessly (that I can tell) on Windows Vista and Windows 7, both the x86 and x64 versions. Teachers and techs in the organization were running the DelProf once a semester or at the end of the year to clean up the old profiles and I guess if you don't know of any other way, that's the best there is. I however, am not lazy, but I don't like to work... If I can automate it in some way shape or form, I will and that's what I set out to do. Create a way to automatically delete user profiles on our Windows XP and Windows 7 machines.
Now for the How-To goodies!
I will make a quick note that the following steps assume that you will be running the program from a network share.
1) Download DeleteProfiles and extract it to a working folder.
2) Create a new text file in the working folder and rename it to something like:
3) Create another new text file in the working folder and rename it to something like:
install Win7 x86-x64.cmd
4) Edit the respective install files and paste the following code into it:
@echo off cls echo Installing Delete Profiles locally... pushd %~dp0 xcopy /Y deleteprofiles.exe "%SYSTEMROOT%\System32" if exist "%systemroot%\tasks\deleteprofiles.job" (del %systemroot%\tasks\deleteprofiles.job) else (goto tasks) goto tasks :tasks schtasks /Create /SC ONSTART /TN "DeleteProfiles" /TR "%systemroot%\system32\DeleteProfiles.exe /MIN:60 /Y /SKIP:Administrator" /RU SYSTEM popd
The two options that you will want to configure for the XP install file, is the /MIN:60 and /SKIP:Administrator options.
/MIN:60 is the last login age of the profile before it's deleted (not created age). I have it set to 60 days. If you want a week, set it to /MIN:7. If you want 6 months, set it to /MIN:180. Basically, if it's set to /MIN:7 and a profile hasn't been logged into within the last 7 days, it get's blown away.
/SKIP:Administrator is for the profiles you might want to skip deleting. If you use a setup profile or tech profile other than the local Administrator account, you can add it in as well. For example, /SKIP:Administrator:mytechaccount:yourtechaccount etc. Just add them all in with a : colon to separate them. You can do a deleteprofiles /? at the command prompt to get a list of all the command line switches available.
@echo off cls echo Installing Delete Profiles locally... pushd %~dp0 xcopy /Y deleteprofiles.exe "%SYSTEMROOT%\System32" if exist "%systemroot%\tasks\deleteprofiles.job" (del %systemroot%\tasks\deleteprofiles.job) else (goto tasks) goto tasks :tasks schtasks /Create /TN "DeleteProfiles" /XML DeleteProfiles.xml popd
To get the XML file on a Windows 7 computer, the easiest thing to do, is configure the XP install file options (MIN & SKIP), then run it on the Windows 7 machine. The reason we need the separate Windows 7 install and associated XML file, is because Windows 7 has an option for not executing the task when running on battery. If you don't have laptops in your environment you really don't even need the Windows 7 install script, just use the XP one and you're good. If you DO have laptops, go find the "DeleteProfiles" task in Computer Management and edit it. Click on the Conditions tab and uncheck Start the task only if the computer is on AC power OK out of the edit screen, right-click on the "DeleteProfiles" tasks and export it to a DeleteProfiles.xml file in your working directory.
That's it! Run the script on the target computer and everytime it boots up, it will check to see if there are any profiles older than the number of days set by /MIN!
Breaking it down:
pushd %~dp0 creates a mapped network drive to the current folder. This means it will map a drive, no matter where the folder is on the network share. You can move it all day long and the script wont care. "normally", you manually set pushd to a logical unc path such as pushd \\server\share but the %~dp0 does that for you :)
xcopy copies DeleteProfiles.exe to the local computer's system32 folder (so you won't have to set an environment variable...)
if exist checks to see if DeleteProfiles.exe is already on the computer. If it is, it deletes it, then re-copies the file.
schtasks is the windows command line utility for creating a scheduled task. The one option here I will mention, is the /RU system option. It basically sets the "run as user" to the "NT AUTHORITY\SYSTEM" user (blank password). It may not be the most secure way of doing things, but it keeps you from having to run it as an account that might get it's password changed down the road...
popd disconnects the mapped drive that was created from pushd