25 April 2025

Remove old profile older than ...

  • Automatic remove accounts older close to 3 month for maintenance
  • used Event Viewer for correct time logon
  • excluded list if don't need remove some accounts
  • checked space before/after
  • requested startup time

starter "Logon_logoff-report.bat" file

__________________________________start_______________________________________

::::::::::::::::::::::::::::::::::::::::::::

:: Automatically check & get admin rights V2

::::::::::::::::::::::::::::::::::::::::::::

@echo off

CLS

ECHO.

ECHO =============================

ECHO Running Admin shell

ECHO =============================

 

:init

setlocal DisableDelayedExpansion

set "batchPath=%~0"

for %%k in (%0) do set batchName=%%~nk

set "vbsGetPrivileges=%temp%\OEgetPriv_%batchName%.vbs"

setlocal EnableDelayedExpansion

 

:checkPrivileges

NET FILE 1>NUL 2>NUL

if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )

 

:getPrivileges

if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)

ECHO.

ECHO **************************************

ECHO Invoking UAC for Privilege Escalation

ECHO **************************************

 

ECHO Set UAC = CreateObject^("Shell.Application"^) > "%vbsGetPrivileges%"

ECHO args = "ELEV " >> "%vbsGetPrivileges%"

ECHO For Each strArg in WScript.Arguments >> "%vbsGetPrivileges%"

ECHO args = args ^& strArg ^& " "  >> "%vbsGetPrivileges%"

ECHO Next >> "%vbsGetPrivileges%"

ECHO UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%vbsGetPrivileges%"

"%SystemRoot%\System32\WScript.exe" "%vbsGetPrivileges%" %*

exit /B

 

:gotPrivileges

setlocal & pushd .

cd /d %~dp0

if '%1'=='ELEV' (del "%vbsGetPrivileges%" 1>nul 2>nul  &  shift /1)

 

::::::::::::::::::::::::::::

::START

::::::::::::::::::::::::::::

REM Run shell as admin (example) - put here code as you like

ECHO %batchName% Arguments: %1 %2 %3 %4 %5 %6 %7 %8 %9

::@echo off

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v SoftwareSASGeneration /t REG_DWORD /d 1 /f

reg add "HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" /v ExecutionPolicy /d RemoteSigned /f

powershell  %~dp0Logon_logoff-report.ps1"

::exit 

___________________________________end_______________________________________


"Logon_logoff-report.ps1"

__________________________________start________________________________________

function Translate-SID {

    param ($sid = $(throw "need sid string or [securityidentifier] object"))

  

    trap [System.Management.Automation.MethodInvocationException] {

        return $sid

    }

  

    if ($sid -is [security.principal.securityidentifier]) {

        $securityidentifier  = $sid       

    } else {

        $securityidentifier  = new-object security.principal.securityidentifier $sid

    }

    $securityidentifier.translate( [security.principal.ntaccount] ).Value

}

Write-Host ""

Write-Host "Computer started:" systeminfo | find "System Boot Time"

 

$free_space_start = Get-PSDrive C | Select-Object @{ E={([Math]::Round($_.Used/1GB,2))}; L='Used' }

Write-Host "Free space before:" $free_space_start.Used -foregroundcolor "Yellow"

Write-Host ""

Write-Host "****************current logged user on computer**********************"

$removed_acc="ondc5"

$current_user = @()

 

$session = (query user) -split "\n" -replace '\s\s+', ';' | convertfrom-csv -Delimiter ';'

if ($session.STATE -eq "Active")

    {

    $current_user += (Get-WmiObject -Class win32_process | Where-Object name -Match explorer).getowner().user  #current logged user on computer

    if ($current_user -ne "")

        {

        ForEach ($use in $current_user)

            {

            Write-Host $use

            if ($use -eq $removed_acc)

                {

                $logoff_id = ((quser /server:"localhost" | Where-Object { $_ -match $removed_acc }) -split ' +')[2]

                logoff $logoff_id

                Get-CimInstance -Class Win32_UserProfile | Where-Object { $_.LocalPath.split('\')[-1] -eq $removed_acc } | Remove-CimInstance

                }

            }

        }

    }

#Write-Host "_____________________________________________________________________"

 

$temp1=Get-WinEvent -LogName "Microsoft-Windows-User Profile Service/Operational" | Where-Object {($_.id -eq 1)} | select @{Name='Account';Expression={Translate-SID $_.userID}}, TimeCreated

$account_names_total = $temp1 | Select-Object -Unique -Property Account

$event_in = @()

ForEach ($User1 in $account_names_total)

    {

    $event_in += $temp1 | Where-Object {($_.Account -eq $User1.Account)} | Select-Object -First 1

    }

 

#$event_in #all logged on users from start using OS

   

$folder = get-childitem "C:\Users" | Select Name

$lastest = @()

ForEach ($User_format in $folder)

    {

    $a = "LCE\" + $User_format.Name

    $lastest += $event_in | Where-Object {($_.Account -eq $a) -and ($_.TimeCreated -gt (Get-Date).AddDays(-90))}

    }

if ($lastest.Account.Contains($removed_acc) -eq $true) {$lastest = $lastest | Where-Object {$_.Account -ne "LCE\" + $removed_acc}}

 

Write-Host ""

Write-Host "----------------Lastest_Accounts-------------------------------------"

ForEach ($last_users in $lastest) { Write-Host $last_users }

#Write-Host "_____________________________________________________________________"

 

$fresh_acc = @()

ForEach ($u in $lastest) {

    $u = $u.Account   

    $fresh_acc += $u.split('\')[1]

    }

$fresh_acc += "Public","UserAdmin", "Administrator","ADMSupport","user1", "TEMP", $env:USERNAME #excluded account

$fresh_acc = $fresh_acc | select -Unique

if ($fresh_acc.Contains($removed_acc) -eq $true) {$fresh_acc = $fresh_acc | Where-Object {$_ -ne $removed_acc}}

 

Write-Host ""

Write-Host "````````````````Fresh_Accounts````````````````````````````````````````"

Write-Host $fresh_acc

#Write-Host "_____________________________________________________________________"

 

$deleted_acc = Compare-Object -ReferenceObject $fresh_acc -DifferenceObject $folder.Name -PassThru

Write-Host ""

Write-Host "________________Account(s)_for_delete________________________________"

Write-Host $deleted_acc

Write-Host ""

 

#removing old accounts

ForEach ($t in $deleted_acc)

    {

    If ($fresh_acc -notcontains $t)

        {

        $sid_del = Get-WmiObject -Class Win32_UserProfile | Where-Object {$_.LocalPath.split('\')[-1] -eq $t} | Select-Object SID

        Get-CimInstance -Class Win32_UserProfile | Where-Object {($_.SID -eq $sid_del.SID) -and ($_.Loaded -eq $false)} | Remove-CimInstance

        Write-Host "Account "$t" SID-" $sid_del.SID "DELETED " -foregroundcolor "Green"

        }

    }

Write-Host "_____________________________________________________________________"

 

$free_space_finish = Get-PSDrive C | Select-Object @{ E={([Math]::Round($_.Used/1GB,2))}; L='Used' }

Write-Host ""

Write-Host "Free space after:" $free_space_finish.Used  -foregroundcolor "Yellow"

$win = $free_space_start.Used - $free_space_finish.Used

Write-Host "Win space:" ([Math]::Round($win/1GB,2)) -foregroundcolor "Green"

$win

___________________________________end_______________________________________

Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)