Firstly mentioned that the X Days correspond not to the date of the NTUSER file but the timestamp which corresponds to the last time that the user Logged In.
For example if you set the expiration to 1 Day, and the user logs at 11:00am the system will consider "older than" next day at 11:01am.
On the other side, the timestamping of the NTUSER.DAT file has been a recurrent problem for this purpose since many administrators have struggled to get the proper updated timestamps. One solution I found, is to run the next script as a Scheduled Task (Run on Start) on the specific machines in order to get it properly updated:
Set the script below to run daily as a Scheduled Task. This will then solve the problem of NTUSER.DAT getting its timestamp updated when patched, etc.
$ErrorActionPreference = “SilentlyContinue”
$Report = $Null
$Path = "C:\Users"
$ExcludedUsers = "Default", "Public", "Administrator"
$UserFolders = $Path | Get-ChildItem -Directory -Exclude $ExcludedUsers
ForEach ($UserFolder in $UserFolders)
$UserName = $UserFolder.Name
If (Test-Path “$Path$UserName\NTUser.dat”)
$NTUserDat = Get-Item "$Path$UserName\NTUSER.DAT" -force
$NTUserDatTimeStamp = $NTUserDat.LastWriteTime
$UsrClassDat = Get-Item "$Path$Username\AppData\Local\Microsoft\Windows\UsrClass.dat" -force
$UserClassTimeStamp = $UsrClassDat.LastWriteTime
$NTUserDat.LastWriteTime = $UserClassTimeStamp
Write-Host $UserName $NTUserDatTimeStamp
Write-Host (Get-item $Path$UserName\AppData\Local\Microsoft\Windows\UsrClass.dat -Force).LastWriteTime
$Report = $Report + “$UserNamet$NTUserDatTimeStampr`n”
$NTUserDat = $Null
$UsrClassDat = $Null
--If the reply is helpful, please Upvote and Accept as answer--