Profile Cleaner Utility

We EUC consultants can spend a considerable amount of time deciding on and building the most suitable user profile mechanism for our Citrix, VMware and RDS deployments but very little, if any, time is spent doing the same for infrastructure servers. I’m not saying that this is an issue – it isn’t generally – as most people take the out of the box default which is local profiles. However, over time as people leave, we can get disk space issues caused by these stale profiles and even when people haven’t left, their profiles can become large without them realising which can potentially impact the performance of these servers since a machine with a full file system generally doesn’t function well. It can of course also be used on persistent XenApp/RDS servers to check for and delete stale or oversize profiles there.

Having checked this manually for rather too long, I decided to write a script to give visibility of local profiles across a range of machines pulled from Active Directory where the machines to interrogate can be selected by a regular expression matching their name, an organisational unit (e.g. copied to the clipboard from the properties of an OU in the AD Users and Computers MMC snap in) or an AD group.

This actually turned out to be easier than I anticipated, for once, in that I didn’t have to go anywhere near the ProfileList registry key directly since there is a WMI class Win32_UserProfile which contains the required information, albeit with the profile owner as a SID rather than username but in PowerShell it’s easy to get the username for a SID. I’ve pulled out what I think are the most useful fields but if you were to use it, say, for persistent XenApp servers using roaming profiles then you might want to pull more of the fields out.

The script requires the Active Directory PowerShell module to be present wher the script is run from since it will query AD and retrieve various AD properties for the domain users associated with profiles to make it easy to spot users who may have left because their AD account is disabled or their last AD logon was a long time ago.

Thanks to the great PowerShell Out-GridView cmdlet, it was straightforward to take the list of user profiles which were selected when the “OK” button was clicked in the grid view and then delete those profiles, albeit with PowerShell prompting for confirmation before deletions. The deletion is achieved by calling the Delete() method of the win32_userprofile WMI object previously returned for that profile. Obviously the script will need to be run under an account that has the rights to remotely delete profiles.

It’s very simple to use, for example running the script with the following  options will result in a grid view where any profiles that you want to delete can be selected and then the OK button pressed to delete them:

& '.\Profile Cleaner.ps1' -excludeLocal -excludeUsers [^a-z]SVC-[a-z] -name '^CTX\d{4}'

profiles tp delete

This will exclude all local, as in non-domain, accounts and any accounts that start with SVC- as these may be service accounts that are best left well alone, unless the profile size is of a concern. This will be on all servers named CTXxxxx where xxxx is numerical, specified by regular expression, aka regex, which really aren’t that scarey, honest!

An OU, either in canonical or distinguished name format, or AD group can be specified via the -OU and -group options respectively. The -name option can also be specified with either of these to restrict what machines are returned from the OU or group specified.

It will write the profile information to a csv file if the -csv option is specified instead of displaying it in a grid view.

Run with -verbose to get more detail as it runs such as what machine it is querying. It may seem to run slowly but that is most likely to be because it has to traverse each user’s profile in order to determine its size.

The script is available for download from GitHub here and you use it entirely at your own risk.

This is very much an interactive tool – if you need an automated mechanism for removing profiles then I would recommend looking at the delprof2 tool from Helge Klein which is available here.

Author: guyrleech

I wrote my first program, in BASIC, in 1980, was a Unix developer after graduation from Manchester University (Computer Science) and then became a consultant, initially with Citrix WinFrame, in 1995 and later into Terminal Server/Services and thence EUC. I currently hold the Citrix CTP, Microsoft MVP, VMware vExpert and Parallels VIPP awards. I invented and wrote the first few versions of the security product which is now Ivanti Application Control (formerly AppSense Application Manager). I now work as an freelance consultant-cum-developer, live in West Yorkshire, England; have a wife, three children, one grandchild and two dogs and was a keen competitive runner until health problems put an end to that fun.

One thought on “Profile Cleaner Utility”

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: