Question

Worklet to Remove User Profiles

  • 8 August 2023
  • 8 replies
  • 238 views

Badge

My Helpdesk team is encountering an issue in our Warehouse where multiple users will sign into a PC and fill up the disk space seemlingly overnight.

I need a worklet that will evaluate the disk space on a shared PC and then delete user profiles that haven’t been modified or used in over 30 days if that disk exceeds 50%. I would also like it to also run disk cleanup every night.


8 replies

Userlevel 3

Hi @dwseckman12,

 

I wanted to let you know that we now have a Catalog Worklet for cleaning up dormant user profiles!

You can check it out here: Windows - Maintenance Tasks - Remove Old User Profiles

 

Be sure to read through the worklet’s help section to ensure you understand how to properly implement the worklet. And test, test, test(!) before rolling out to your production environment!

 

By default, the worklet will clean up unused profiles older than 30 days, but you can change the $ageLimit variable to specify your needs.  There is also an optional commented out $whitelistedUsers variable that can be defined if you would like to exclude certain profiles from the clean up (administrator, VIP,  or service accounts for example).
 

Have a great day!

Userlevel 1
Badge

Hi @JohnG-Automox, I’m testing this worklet and it isn’t working for me. The script says there are no stale profiles older than the specified ageLimit (90 day in my case), but there are. I also tried a GP to do this but that also isn’t working.

Then I found this post. Could it be that the ntuser.dat files are being updated and thus fooling the GP/script?

https://learn.microsoft.com/en-us/answers/questions/441800/group-policy-automatically-delete-user-profiles-ol

Any help would be appreciated! Thanks.

Userlevel 3

Hi @sparrowhawk !

Our Catalog Worklet works by detecting present user profiles via Get-CimInstance -ClassName 'Win32_UserProfile', and then iterates through each object found in the class to get the LastUseTime.


To your point though, if the ntuser.dat file is being mounted or queried, this would in fact change the return for the LastUseTime property.  I’ve seen instances where Antivirus software may mount ntuser.datfor scanning registry hives, and thus cause the last modified timestamp to get updated for the profiles.  I’m wondering if something like this is occurring in your environment.

 

We will have to investigate further before we can cook up another solution.  I have opened a ticket for myself to look into what are options are.  I’ll keep you posted with my findings!

Userlevel 1
Badge

Hi @JohnG-Automox , thanks, it would be great to get this working. I had some help from @AnthonyM-Automox a few weeks ago on a worklet to stop Teams from auto installing into a profile, because these instances were not being updated and then would be flagged by Tenable as a vulnerability. That worked a treat, for Teams, but there are other applications I also need to remove so this worklet would be the perfect solution.

Sorry that you hard work was in vain @AnthonyM-Automox ! 😕

Userlevel 1
Badge

@JohnG-Automox are you able to share the support ticket with me so that I can help you with more info? I’ve run that PS command and it reyurns all of the users that have profile folders which I want to remove. The “lastusetime” fields are empty though.

Userlevel 3

Hey @sparrowhawk,  I’ll DM you!

@JohnG-Automox I am experiencing the exact same thing. I would appreciate any update you may have on this as well. Thanks

Userlevel 3

Hi @ericee,

 

We have a request in for re-writing this worklet based on the findings in my previous post.

 

We’ll post here when the changes go live.

 

Until then, I will reach out to you via DM to assist in the immediate.


Have a great day!

Reply