Thursday 15 November 2012

Delete cached copied of user profile Windows 7 using GPO

Method 1:
Add your users to the 'Domain Guests' global group - those users won't leave any profile on your computers.. it works!


Method 2: 
You can configure a Group Policy Object (GPO) to perform the preceding behavior by performing the following steps:
  1. Edit the GPO that you want to modify.
  2. Locate the following section: Computer Configuration \ Administrative Templates \ System \ User Profiles.
  3. Double-click Delete cached copies of roaming profiles (the Group Policy setting).
  4. Click Enabled.
Method 3: 
You can run this script every night to clean up. The check at the start is to exclude certain machines (the ones in lecture theatres)

The next section uses a WMI call to get a list of profiles other than the "special" ones (localsystem etc) and delete them (this is what you see when you go to the control panel and delete profiles)

This will sometimes leave bits behind so the next step is to get a list of folders which shouldn't be deleted by reading the existing profiles from the registry - this list is built in a dictionary. To this is then added things like "public" and "default".

The script then scans c:\users and checks each folder it finds against the dictionary. If the folder isn't listed then it gets deleted (because it doesn't need to be there)

Code:
const HKEY_LOCAL_MACHINE = &H80000002

set oDic=createobject("scripting.dictionary")
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
Set oWMIService = GetObject("winmgmts:\\.\root\cimv2")
set oFSO=createobject("scripting.filesystemobject")
set oShell=createobject("wscript.shell")

on error resume next

'are we on an AV machine? if so, quit - leave profiles alone in theatres
if ofso.fileexists("c:\windows\av") then wscript.quit

Set colItems = oWMIService.ExecQuery("Select * from Win32_UserProfile where special=false and loaded=false",,48)
For Each oItem in colItems
  sSid=oItem.SID
  Set oUserProfile = GetObject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2:Win32_UserProfile.SID='" & sSID &"'")
  oUserProfile.Delete_
Next

'now clean up directories not attached to profiles
'and profiles not completely deleted by first step
'build a list of the directories used by profiles

sPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, arrSubKeys
For Each subkey In arrSubKeys
  lRc=oReg.GetStringValue(HKEY_LOCAL_MACHINE, sPath & "\" & subkey ,"ProfileImagePath",sDir)
  sDir=lcase(sDir)
  oDic.add sDir, subkey
Next

'now add the "fixed" profiles

lRc=oReg.GetStringValue(HKEY_LOCAL_MACHINE, sPath ,"ProfilesDirectory",sRoot)
sRoot=lcase(oShell.expandenvironmentstrings(sRoot))
sRoot=sRoot & "\"

oDic.add sRoot & "public","public"
oDic.add sRoot & "all users", "all users"
oDic.add sRoot & "default","default"
oDic.add sRoot & "default user", "default user"


set oFolder=ofso.getfolder("c:\users")
for each oSubFolder in oFolder.subfolders
  sFolder=sRoot & lcase(oSubFolder.name)
  if not(oDic.exists(sFolder)) then
    'orphaned folder so delete it
    ofso.deletefolder sFolder, true
  end if
next