Group Policy: Automatically Delete User Profiles Older Than Certain Number of Days Win 10 not working.

Question

Hi

I enabled Computer Configuration\Administrative Templates\System\User Profiles\Delete User Profiles Older Than xxx GPO and apply to Windows 10 PCs.
Dayes set to 90.
Unfortunately, this didn't remove old data folders in C:\user.
I checked the registry HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System was added the REG_DWORD
I'm using Win 2019 domain and Win 10 client PC's.
Can someone help me to fix this?
The link which I use is https://social.technet.microsoft.com/wiki/contents/articles/28647.group-policy-how-to-automatically-delete-user-profiles-older-than-certain-number-of-days.aspx

Kr,
Amila.

Answer 1

Hello @P. Amila Mahesh Muthukumarana ,

Thanks for posting here.

I did the testing in my lab, and below are the findings.

The group policy was configured as shown below.

This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.

If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that have not been used within the specified number of days.

So I restarted the system and then checked the folders under C:\Users and User profiles were deleted.

Hope it helps. For any question, please post here.

Best regards,
Hannah Xiong

Answer 2

MS have sat on this problem for years now. Even the third party solution, DelProf2 doesn't work anymore due to NTUSER.DAT and ntuser.ini getting updated outside of user logon.

The only current way is to copy the timestamp from another (currently) working file: UsrClass.dat using the script below, then your GPO for removing stale profiles, which tests on NTUSER.DAT's timestamp, will work.

Set the script below to run daily as a Scheduled Task. This will then solve the problem of NTUSER.DAT getting its timestamp updated when patched, etc.

$ErrorActionPreference = “SilentlyContinue”
$Report = $Null
$Path = "C:\Users"
$ExcludedUsers = "Default", "Public", "Administrator"
$UserFolders = $Path | Get-ChildItem -Directory -Exclude $ExcludedUsers

ForEach ($UserFolder in $UserFolders)
{
$UserName = $UserFolder.Name
If (Test-Path “$Path\$UserName\NTUser.dat”)
{
$NTUserDat = Get-Item "$Path\$UserName\NTUSER.DAT" -force
$NTUserDatTimeStamp = $NTUserDat.LastWriteTime
$UsrClassDat = Get-Item "$Path\$Username\AppData\Local\Microsoft\Windows\UsrClass.dat" -force
$UserClassTimeStamp = $UsrClassDat.LastWriteTime
$NTUserDat.LastWriteTime = $UserClassTimeStamp
Write-Host $UserName $NTUserDatTimeStamp
Write-Host (Get-item $Path\$UserName\AppData\Local\Microsoft\Windows\UsrClass.dat -Force).LastWriteTime
$Report = $Report + “$UserNamet$NTUserDatTimeStampr`n”
$NTUserDat = $Null
$UsrClassDat = $Null
}
}

Answer 3

Hi Donna,

We have been testing this across some of our sites and it seems to be working.

Answer 4

I was able to get this powershell to work when assigned to GPO as a startup script

Answer 5

Open Notepad in win 10 and type

@ECHO ON

SET TmpBatch=%temp%~tmpLogonMessage.cmd

IF EXIST "%TmpBatch%" DEL /Q /F "%TmpBatch%"

SET msgboxTitle=

SET msgboxLine1=User profiles older than 10 days are automatically deleted from this computer.

SET tmpmsgbox=%temp%~tmpmsgbox.vbs

ECHO @ECHO OFF >>"%TmpBatch%"

ECHO IF EXIST "%tmpmsgbox%" DEL /F /Q "%tmpmsgbox%" >>"%TmpBatch%"

ECHO ECHO msgbox "%msgboxLine1%",48,"%msgboxTitle%"^>"%tmpmsgbox%" >>"%TmpBatch%"

ECHO WSCRIPT "%tmpmsgbox%" >>"%TmpBatch%"

START /MIN CMD /C "%TmpBatch%"

EXIT /B

Save as bat.file on your desktop

Copy the batch file to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp.