How to clear the C:\Users folder from unnecessary domain profiles (folders)?

I

Ilya bow2016-07-29 14:21:06

System administration

Ilya bow, 2016-07-29 14:21:06

So I have:
C:\Usrers\admin
C:\Usrers\user1
C:\Usrers\user2
... and so on.
you need to delete all profile folders except admin.
To make it it is necessary I use gpo.
Tried to delete via PS writes access denied. Through explorer, they wrote they say ntuser.dat is used by the system and therefore figs to you and not deletion.

$users = Get-Content c:\users.txt

$folder = Get-ChildItem c:\Users | Where-Object {$_.mode -like "D*"}

$compare = Compare-Object $users $folder

$compare | foreach-object {Remove-Item -path c:\Users\$($_.inputobject) -recurse -force}

In general, how to delete all user folders except for one (or better several) needed?
PS write that all computers in the domain

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

R

res2001, 2016-07-29
@res2001

It needs to be run with elevated privileges.

A

Alexey, 2016-07-29
@skazi_premiere

It is better not to do this with your hands; there is equipment for these purposes. User management. Or google How to delete Windows user profile with PowerShell? and get on technet where there is already a solution.
UPD: naturally we do everything from an account with local admin rights at the station.
UPD2: Link from article and code below

[cmdletbinding()]            
param(            
 [parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]            
 [string[]]$ComputerName = $env:computername,            
 [parameter(mandatory=$true)]            
 [string]$UserName            
            
)            
            
Begin {}            
            
Process {            
            
    foreach($Computer in $ComputerName) {            
     Write-Verbose "Working on $Computer"            
     if(Test-Connection -ComputerName $Computer -Count 1 -ea 0) {            
      $Profiles = Get-WmiObject -Class Win32_UserProfile -Computer $Computer -ea 0            
      foreach ($profile in $profiles) {            
       $objSID = New-Object System.Security.Principal.SecurityIdentifier($profile.sid)            
       $objuser = $objsid.Translate([System.Security.Principal.NTAccount])            
       $profilename = $objuser.value.split("\")[1]            
       if($profilename -eq $UserName) {            
        $profilefound = $true            
        try {            
         $profile.delete()            
         Write-Host "$UserName profile deleted successfully on $Computer"            
        } catch {            
         Write-Host "Failed to delete the profile, $UserName on $Computer"            
        }            
       }            
      }            
            
      if(!$profilefound) {            
       write-Warning "No profiles found on $Computer with Name $UserName"            
      }            
     } else {            
      write-verbose "$Computer Not reachable"            
     }            
    }            
            
    }            
            
end {}

An example of using Remove-UserProfile.ps1 -ComputerName PC1, PC2, PC3 -UserName LocalUser2
Rewrite getting profile names for yourself and you're done.

D

Dmitry Yakovlev, 2016-07-29
@Pr0per

I deleted unnecessary profile folders by the local administrator, there were never any problems.