Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3249
  • Last Modified:

Delete user profiles older than a specified number of days on system restart. not working

We have about 300 Vista Enterprise SP1 x86 Lab computers on a 2003 domain that is a child domain of a 2008 forest/parent domain. I have built a new group policy that is using the "Delete user profiles older than a specified number of days on system restart" setting and specifying 30 days.  But for some reason after the systems reboot, and I log in with an administrator, the user profile service never searches and cleans up old profiles.  I can see profiles that are clearly older than 30 days in the c:\users directory and the application log doesn't show any events from search-ProfileNotify event source.

I've tried disabling roaming profiles thinking that was an issue.  I've verified through rsop.msc that the policy is indeed applying successfully, it just never does anythying.  

Is there something else that I'm supposed to set and I'm missing?
0
bry1000_wpi
Asked:
bry1000_wpi
  • 2
  • 2
1 Solution
 
McKnifeCommented:
Hi. The problem seems to be the number 300...see http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_Vista/Q_24254270.html
No, I finally found out - it's simply a bug.
Solution: apply the corresponding registry value - I could confirm it working.
HKLM\Software\Policies\Microsoft\Windows\System
Type:RegDWord(32)
Name:CleanupProfiles
Value: maximum age in days
0
 
McKnifeCommented:
To distribute/deploy this registry setting, use either a startup script or group policy preferences (GPP).
0
 
bry1000_wpiAuthor Commented:
Yeah, I had deployed that registry setting via group policy and it still wasn't working.
I have however figured out what the problem is.

When I looked in the User Profiles menu on all of my machines, the modified date was saying the current date always.  After some digging it looks like every morning at 2am, Windows Defender was runninng and modifying the ntuser.dat in each user's profile account, thus marking it as modified that morning.  

Yesterday I disabled Windows Defender with Policy and this morning the modified dates on the profiles are no longer updated to today, they are still at 3/31/2009.  This means that windows defender didn't scan and change the modified flag on the ntuser.dat files this morning so the policy "should" start working once I deploy it more globally.  

The bigger question (not for this forum I guess) is why was Windows Defender Marking any files as modified when it's running a scan.  McAfee doesn't do that, nor do any backup programs I've ever seen.  So does that mean that windows defender actually opens up these user hive files and is doing something within them.  Kind of scary and odd to me... but at least I know why now.
0
 
bry1000_wpiAuthor Commented:
I just verified on one of my test machines by setting the policy to 1 day and now it is working.  

In the end turning off windows defender fixed the issue.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now