Solved

Roaming profiles not deleting upon logoff

Posted on 2007-12-05
9
1,705 Views
Last Modified: 2010-05-11
We recently implemented roaming profiles into our network.
The C: partition was made to 10GB. Our users log into many different workstations, and in doing this the C: drive is filled up very quickly due to the amount of data they require (users).

I went into the Group policy editor and enabled the Delete Locally cached profiles upon logoff policy. Gave it the precedence of 1 and enforced the policy.

This didn't work, so i did some research and came across the UPHClean service and this is what I came up with.
Now this being the antivirus I do not know where to go from here.

The following handles opened in user profile hive domain\user (S-1-5-21-3479431408-2233564226-1683169087-1391) are preventing the profile from unloading: 

 

svchost.exe (1344)

  HKCU (0x22c)

    call stack data collection not enabled for this process

 

Rtvscan.exe (1512)

  HKCU\Software\Intel\LANDesk\VirusProtect6\CurrentVersion\Custom Tasks (0x618)

Open in new window

0
Comment
Question by:fswiontek
  • 5
  • 4
9 Comments
 
LVL 3

Accepted Solution

by:
top_gizmo earned 500 total points
Comment Utility
It's easier than all that.  Drop delprof.exe on the local drive or on a share that is accessible by EVERYONE even non-authenticated users (not good) and execute it as a startup script.

Startup scripts are ran as the system.  If you use the /Q /I parameters it will delete all profiles off the computer on reboot.

I think UPHClean only unloads the hive, not remove the profile.
0
 

Author Comment

by:fswiontek
Comment Utility
That worked great, but how do I add it to the startup script so this becomes automated.
0
 
LVL 3

Expert Comment

by:top_gizmo
Comment Utility
You need to edit group policy on the local or AD level, whichever you are currently doing.

Since the file must be accessible to Everyone, you should drop it on the local drive.  I'm not a big fan of having a network share laid open.

In group policy, go to Computer Configuration\Windows settings\scripts\startup

You want to click "Add', then for script name put the file name and path, e.g. c:\delprof.exe

For the parameters you want /Q /I

Save that and it will delete all profiles when rebooted.
0
 

Author Comment

by:fswiontek
Comment Utility
After adding this to the group policy I now receive an error stating:

winlogon.exe
at "0x1000449e" referenced memory at "0x1000449e" the memory could not be read.

after clicking cancel to debug or ok to ignore it comes up with a winlogon fatal error.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 3

Expert Comment

by:top_gizmo
Comment Utility
Is this during logon or after logging in?

Can you login and remove the settings?  If not, try safe mode...

Adding delprof.exe to the startup should not cause an error.  Check the event log to see if there is any other entries.
0
 

Author Comment

by:fswiontek
Comment Utility
This happens during the startup (startup scripts more specifically) There isnt a chance to logon. It stop and teh error occurs.
Removing the policy takes away this error.

A quick look at the event viewer showed nothing wrong. I will go over in more detail now.
0
 

Author Comment

by:fswiontek
Comment Utility
Could not execute the following script \\server\E:\startup scripts\delprof.exe. The system cannot find the path specified.
This is the error I'm getting in event viewer. I have tried mapping using the browse feature.

Typing in the full path gives me no error and does not delete anything.
Browse gives me the error and gives me the blue screen without the deletion as well.
0
 

Author Comment

by:fswiontek
Comment Utility
I got it, I just added the file locally to the c: and it worked. thanks for the help!
0
 
LVL 3

Expert Comment

by:top_gizmo
Comment Utility
1.  is the share E: or E$

2.  Is the share accessible by the EVERYONE group and not just users or domain users?

When the computer is started, no one is logged on so there is no Domain User trying to access the share.  

It can not delete profiles when they are in use.

Open a dos window and try and run it so you can see the error messages returned by delprof.exe



0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now