Action1 5 How-to Articles 5 How To Delete User Profiles Remotely with PowerShell

How To Delete User Profiles Remotely with PowerShell

December 1, 2020

By Peter Barnett

When a user logs onto the computer for the first time (not via the network to access shared folders or printers), Windows creates a user profile. Among its contents are the NTUSER.DAT file (user profile settings), user-specific folders (My Documents, Desktop, etc.), and Application Data. 

When it comes to cleaning up the C:\Users directory of old and obsolete user profiles on Windows workstations and servers, especially RDS (Remote Desktop Services) terminal servers, you can remotely delete a user profile from the command line tool using PowerShell.

As for the terminal servers, in the C:\Users folder, there accumulates a huge number of directories with out-of-date user profiles on a regular basis. Setting quotas on a directory and thus limiting the total amount of storage consumed on the directory (using FSRM or NTFS quotas, roaming folders, etc.) can be somewhat of a solution. In this article, we’ll cover the question of how to delete a user profile remotely via PowerShell.

How to Remove Old User Profiles via Powershell

Use a PowerShell script to find and delete user profiles for inactive or blocked users.

STEP 1: Calculate the size of the profile of each user in the C:\Users folder with the following script:

gci -force ‘C:\Users’-ErrorAction SilentlyContinue | ? { $_ -is [io.directoryinfo] } | % {

$len = 0

gci -recurse -force $_.fullname -ErrorAction SilentlyContinue | % { $len += $_.length }

$_.fullname, ‘{0:N2} GB’ -f ($len / 1Gb)

$sum = $sum + $len

}

“Total size of profiles”,'{0:N2} GB’ -f ($sum / 1Gb)

For instance, in our case the total size of all user profiles in the C:\Users directory is about 22 GB (see below).

total size of all user profiles

STEP 2: List users whose profiles haven’t been active for more than 60 days. Use the value of the LastUseTime profile field for searching:

Get-WMIObject -class Win32_UserProfile | Where {(!$_.Special) -and ($_.ConvertToDateTime($_.LastUseTime) -lt (Get-Date).AddDays(-60))}| Measure-Object

Below, we’ve got 143 inactive user profiles on the terminal server.

inactive user profiles on the terminal server

STEP 3: To remove all of these user profiles.

  • You can add a redirect list to the Remove-WmiObject command (before using the script to delete old user profiles, we recommend to double-check its output using the -WhatIf parameter):

Get-WMIObject -class Win32_UserProfile | Where {(! $ _. Special) -and (! $ _. Loaded) -and ($ _. ConvertToDateTime ($ _. LastUseTime) -lt (Get-Date) .AddDays (-30))} | Remove-WmiObject –WhatIf

  • To exclude some profiles — e.g. special System and Network Service accounts, a local administrator account, users with active sessions, etc. — you need to modify the script as follows:

# List of accounts whose profiles cannot be deleted

$ExcludedUsers =”Public”,”zenoss”,”svc”,”user_1”,”user_2”

$LocalProfiles=Get-WMIObject -class Win32_UserProfile | Where {(!$_.Special) -and (!$_.Loaded) -and ($_.ConvertToDateTime($_.LastUseTime) -lt (Get-Date).AddDays(-60))}

foreach ($LocalProfile in $LocalProfiles)

{

if (!($ExcludedUsers -like $LocalProfile.LocalPath.Replace(“C:\Users\”,””)))

{

$LocalProfile | Remove-WmiObject

Write-host $LocalProfile.LocalPath, “profile deleted” -ForegroundColor Magenta

}

}

NOTE: Before running an automatic cleanup of old user profiles, thoroughly examine the script and test it within your environment! You can schedule the run of the script via GPO shutdown scripts or Task Scheduler.

  • To automatically delete all users added to a specific AD group (for example, the DisabledUsers group), modify the script:

$users = Get-ADGroupMember -Identity DisabledUsers | Foreach {$_.Sid.Value}

$profiles = Get-WmiObject Win32_UserProfile

$profiles | Where {$users -eq $_.Sid} | Foreach {$_.Delete()}

How to Remove User Profile in Windows with Action1

Action1’s intuitive dashboard helps optimize routine tasks, significantly scaling up IT productivity.

Step 1: After logging into the Action1 dashboard, in the Navigation pane (the left column), select Managed Endpoints and mark the endpoint to delete the user profile remotely.

managed endpoints kb

Step 2: Then click on the More Actions menu and select Run Command.

run command kb

Step 3: In the box, type the script:

$Computer = Read-Host “Please Enter Computer Name: “

$user = Read-Host “Enter User ID: “

Invoke-Command -ComputerName $computer -ScriptBlock {

param($user)

$localpath = ‘c:\users\’ + $user

Get-WmiObject -Class Win32_UserProfile | Where-Object {$_.LocalPath -eq $localpath} |

Remove-WmiObject

} -ArgumentList $user

Delete User Profil script Action1

Step 4: In the Select Managed Endpoints window, you mark those endpoints on which you are going to change the time zone. You can add all the available endpoints or mark them one by one. 

select managed endpoints kb

Step 5: Schedule the action (Run now/ No schedule yet/ At specific time/ Repeat) and Finish.

schedule and finish kb

Action1’s Remote Management Solutions

Staying competitive in the market is always a challenge, and loud words don’t do wonders for optimizing administrative tasks and scaling up IT productivity. But actions do! With Action1’s cloud-based RMM solution, your IT department will timely deliver patches and updates, manage IT assets, maintain remote desktop, and run many other complex tasks.

Read the TechRadar review of our product or be the judge — get your free trial.

Need Help Managing Remote Endpoints?

Subscribe for tips, news and more exclusive resources.

Related Posts