Solved

Roaming profiles not deleting upon logoff

Posted on 2007-12-05
9
1,712 Views
Last Modified: 2010-05-11
We recently implemented roaming profiles into our network.
The C: partition was made to 10GB. Our users log into many different workstations, and in doing this the C: drive is filled up very quickly due to the amount of data they require (users).

I went into the Group policy editor and enabled the Delete Locally cached profiles upon logoff policy. Gave it the precedence of 1 and enforced the policy.

This didn't work, so i did some research and came across the UPHClean service and this is what I came up with.
Now this being the antivirus I do not know where to go from here.

The following handles opened in user profile hive domain\user (S-1-5-21-3479431408-2233564226-1683169087-1391) are preventing the profile from unloading: 
 
svchost.exe (1344)
  HKCU (0x22c)
    call stack data collection not enabled for this process
 
Rtvscan.exe (1512)
  HKCU\Software\Intel\LANDesk\VirusProtect6\CurrentVersion\Custom Tasks (0x618)

Open in new window

0
Comment
Question by:fswiontek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 3

Accepted Solution

by:
top_gizmo earned 500 total points
ID: 20417257
It's easier than all that.  Drop delprof.exe on the local drive or on a share that is accessible by EVERYONE even non-authenticated users (not good) and execute it as a startup script.

Startup scripts are ran as the system.  If you use the /Q /I parameters it will delete all profiles off the computer on reboot.

I think UPHClean only unloads the hive, not remove the profile.
0
 

Author Comment

by:fswiontek
ID: 20438647
That worked great, but how do I add it to the startup script so this becomes automated.
0
 
LVL 3

Expert Comment

by:top_gizmo
ID: 20438672
You need to edit group policy on the local or AD level, whichever you are currently doing.

Since the file must be accessible to Everyone, you should drop it on the local drive.  I'm not a big fan of having a network share laid open.

In group policy, go to Computer Configuration\Windows settings\scripts\startup

You want to click "Add', then for script name put the file name and path, e.g. c:\delprof.exe

For the parameters you want /Q /I

Save that and it will delete all profiles when rebooted.
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 

Author Comment

by:fswiontek
ID: 20438735
After adding this to the group policy I now receive an error stating:

winlogon.exe
at "0x1000449e" referenced memory at "0x1000449e" the memory could not be read.

after clicking cancel to debug or ok to ignore it comes up with a winlogon fatal error.
0
 
LVL 3

Expert Comment

by:top_gizmo
ID: 20438757
Is this during logon or after logging in?

Can you login and remove the settings?  If not, try safe mode...

Adding delprof.exe to the startup should not cause an error.  Check the event log to see if there is any other entries.
0
 

Author Comment

by:fswiontek
ID: 20438775
This happens during the startup (startup scripts more specifically) There isnt a chance to logon. It stop and teh error occurs.
Removing the policy takes away this error.

A quick look at the event viewer showed nothing wrong. I will go over in more detail now.
0
 

Author Comment

by:fswiontek
ID: 20438899
Could not execute the following script \\server\E:\startup scripts\delprof.exe. The system cannot find the path specified.
This is the error I'm getting in event viewer. I have tried mapping using the browse feature.

Typing in the full path gives me no error and does not delete anything.
Browse gives me the error and gives me the blue screen without the deletion as well.
0
 

Author Comment

by:fswiontek
ID: 20438973
I got it, I just added the file locally to the c: and it worked. thanks for the help!
0
 
LVL 3

Expert Comment

by:top_gizmo
ID: 20438984
1.  is the share E: or E$

2.  Is the share accessible by the EVERYONE group and not just users or domain users?

When the computer is started, no one is logged on so there is no Domain User trying to access the share.  

It can not delete profiles when they are in use.

Open a dos window and try and run it so you can see the error messages returned by delprof.exe



0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question