Lukas BeranAzure Sentinel is a cloud SIEM and SOAR. It is therefore used for the supervision of a customer environment, from which it...
Bulk profile deletion on Windows machines
Lukas Beran On public computers where is a lot of users (for example schools), administrators often need to clear disks and delete users profiles, because a lot of profiles can use a lot of space on disks. This problem needs to be solved, especially when you use SSD disks with a smaller capacity. For this purpose you need to clear the disk and remove all profiles for example once a year.
For this purpose you can use a tool Delprof2 from Helge Klein, which is a successor of older Delprof from Microsoft.
In this tool you can specify which profiles you want to remove or you can skip some profiles in interactive mode. Delprof2 removes all inactive profiles except special profiles (for example Default) in default. Using additional parameters you can specify advanced options like removing only local profile cache of roaming profiles or removing only profiles which has not been used for some specific time.
Available parameters:
- /l List only, do not delete (what-if mode)
- /u Unattended (no confirmation)
- /q Quiet (no output and no confirmation)
- /p Prompt for confirmation before deleting each profile
- /r Delete local caches of roaming profiles only, not local profiles
- /c Delete on remote computer instead of local machine
- /d Delete only profiles not used in x days
- /ntuserini When determining profile age for /d, use the file NTUSER.INI instead of NTUSER.DAT for age calculation
- /ed Exclude profile directories whose name matches this pattern Wildcard characters * and ? can be used in the pattern. May be used more than once and can be combined with /id
- /id Include only profile directories whose name matches this pattern Wildcard characters * and ? can be used in the pattern. May be used more than once and can be combined with /ed
- /i Ignore errors, continue deleting
Examples
1 | Delprof2 /c:computername |
- Deletes inactive profiles on ‘computername’.
1 | Delprof2 /c:computername /l |
- Lists inactive profiles on ‘computername’ without deleting them./li>
1 | Delprof2 /d:30 |
- Deletes profiles older than 30 days on the local computer.
1 | Delprof2 /r |
- Deletes locally cached roaming profiles only.
1 | Delprof2 /ed:admin* /ed:pmiller |
- Deletes all inactive profiles on the local computer except those starting with ‘admin’ and the one called ‘pmiller’.
Administrators can run the script remotely. But for the remote execution you need tu run a service Remote Registry, because the tool makes changes in a Windows registry. And you need to allow Remote Administration on Firewall.
My primary focus is the security of identities, devices and data in the cloud using Microsoft services, technologies and tools.
Comments 0
There are currently no comments.