Solved

Roaming profiles not deleting upon logoff

Posted on 2007-12-05
9
1,711 Views
Last Modified: 2010-05-11
We recently implemented roaming profiles into our network.
The C: partition was made to 10GB. Our users log into many different workstations, and in doing this the C: drive is filled up very quickly due to the amount of data they require (users).

I went into the Group policy editor and enabled the Delete Locally cached profiles upon logoff policy. Gave it the precedence of 1 and enforced the policy.

This didn't work, so i did some research and came across the UPHClean service and this is what I came up with.
Now this being the antivirus I do not know where to go from here.

The following handles opened in user profile hive domain\user (S-1-5-21-3479431408-2233564226-1683169087-1391) are preventing the profile from unloading: 
 
svchost.exe (1344)
  HKCU (0x22c)
    call stack data collection not enabled for this process
 
Rtvscan.exe (1512)
  HKCU\Software\Intel\LANDesk\VirusProtect6\CurrentVersion\Custom Tasks (0x618)

Open in new window

0
Comment
Question by:fswiontek
  • 5
  • 4
9 Comments
 
LVL 3

Accepted Solution

by:
top_gizmo earned 500 total points
ID: 20417257
It's easier than all that.  Drop delprof.exe on the local drive or on a share that is accessible by EVERYONE even non-authenticated users (not good) and execute it as a startup script.

Startup scripts are ran as the system.  If you use the /Q /I parameters it will delete all profiles off the computer on reboot.

I think UPHClean only unloads the hive, not remove the profile.
0
 

Author Comment

by:fswiontek
ID: 20438647
That worked great, but how do I add it to the startup script so this becomes automated.
0
 
LVL 3

Expert Comment

by:top_gizmo
ID: 20438672
You need to edit group policy on the local or AD level, whichever you are currently doing.

Since the file must be accessible to Everyone, you should drop it on the local drive.  I'm not a big fan of having a network share laid open.

In group policy, go to Computer Configuration\Windows settings\scripts\startup

You want to click "Add', then for script name put the file name and path, e.g. c:\delprof.exe

For the parameters you want /Q /I

Save that and it will delete all profiles when rebooted.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:fswiontek
ID: 20438735
After adding this to the group policy I now receive an error stating:

winlogon.exe
at "0x1000449e" referenced memory at "0x1000449e" the memory could not be read.

after clicking cancel to debug or ok to ignore it comes up with a winlogon fatal error.
0
 
LVL 3

Expert Comment

by:top_gizmo
ID: 20438757
Is this during logon or after logging in?

Can you login and remove the settings?  If not, try safe mode...

Adding delprof.exe to the startup should not cause an error.  Check the event log to see if there is any other entries.
0
 

Author Comment

by:fswiontek
ID: 20438775
This happens during the startup (startup scripts more specifically) There isnt a chance to logon. It stop and teh error occurs.
Removing the policy takes away this error.

A quick look at the event viewer showed nothing wrong. I will go over in more detail now.
0
 

Author Comment

by:fswiontek
ID: 20438899
Could not execute the following script \\server\E:\startup scripts\delprof.exe. The system cannot find the path specified.
This is the error I'm getting in event viewer. I have tried mapping using the browse feature.

Typing in the full path gives me no error and does not delete anything.
Browse gives me the error and gives me the blue screen without the deletion as well.
0
 

Author Comment

by:fswiontek
ID: 20438973
I got it, I just added the file locally to the c: and it worked. thanks for the help!
0
 
LVL 3

Expert Comment

by:top_gizmo
ID: 20438984
1.  is the share E: or E$

2.  Is the share accessible by the EVERYONE group and not just users or domain users?

When the computer is started, no one is logged on so there is no Domain User trying to access the share.  

It can not delete profiles when they are in use.

Open a dos window and try and run it so you can see the error messages returned by delprof.exe



0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question