This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 30%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
I know this seems to be a recurring issue for some but I still cant get Group Policy to remove profiles over x days on reboot for Windows 10 devices. Details as follows;
Seems to be applying and configured but no profiles being removed off the machines. Checked other questions and forums. some people are able to use this whilst others see similar results to myself
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 96%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMU%3C/text%3E%3C/svg%3E)
[https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.UserProfiles::CleanupProfiles
I would check if the registry is really set up (regardless the GPO is applied and "everything looks fine")
If not, you can also to set the registry manually and see...
Hi there
I can see the GPO setting in the registry present with correct value as per image below. Does the account being listed as local make any difference to this setting? Cant see anything that states this would be the case?
Thanks
Donna
Hi Donna,
as it's a computer policy, I don't think so
do you utilize any logoff script you can try to disable and see?
any other GPO that could conflict with this one and prevent it to be applied successfully?
Hi
I did mention above I blocked inheritance and disabled almost all GPOs from applying with exception to my test GPO and domain policy = no change.
Will see if i can find any logoff scripts
Thanks
no joy - ran rsop and not seeing any user or computer scripts set
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello DonnaSmith,
Firstly mentioned that the X Days correspond not to the date of the NTUSER file but the timestamp which corresponds to the last time that the user Logged In.
For example if you set the expiration to 1 Day, and the user logs at 11:00am the system will consider "older than" next day at 11:01am.
On the other side, the timestamping of the NTUSER.DAT file has been a recurrent problem for this purpose since many administrators have struggled to get the proper updated timestamps. One solution I found, is to run the next script as a Scheduled Task (Run on Start) on the specific machines in order to get it properly updated:
Set the script below to run daily as a Scheduled Task. This will then solve the problem of NTUSER.DAT getting its timestamp updated when patched, etc.
$ErrorActionPreference = “SilentlyContinue”
$Report = $Null
$Path = "C:\Users"
$ExcludedUsers = "Default", "Public", "Administrator"
$UserFolders = $Path | Get-ChildItem -Directory -Exclude $ExcludedUsers
ForEach ($UserFolder in $UserFolders)
{
$UserName = $UserFolder.Name
If (Test-Path “$Path$UserName\NTUser.dat”)
{
$NTUserDat = Get-Item "$Path$UserName\NTUSER.DAT" -force
$NTUserDatTimeStamp = $NTUserDat.LastWriteTime
$UsrClassDat = Get-Item "$Path$Username\AppData\Local\Microsoft\Windows\UsrClass.dat" -force
$UserClassTimeStamp = $UsrClassDat.LastWriteTime
$NTUserDat.LastWriteTime = $UserClassTimeStamp
Write-Host $UserName $NTUserDatTimeStamp
Write-Host (Get-item $Path$UserName\AppData\Local\Microsoft\Windows\UsrClass.dat -Force).LastWriteTime
$Report = $Report + “$UserNamet$NTUserDatTimeStampr`n”
$NTUserDat = $Null
$UsrClassDat = $Null
}
}
--If the reply is helpful, please Upvote and Accept as answer--
Thanks for the input
I know its last login but the timestamps on ntuser.dat seem to be referenced and due to win updates touching this I had already been running a script to base this off the ntusrclass.dat which it has been doing. The timestamps update and show correctly after this however profiles not being removed.
I have tested creating an actual local profile alongside our typical existing domain user profiles - even this is not getting removed so rules out that being any part of the problem
Thanks