Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Delete user profiles older than a specified number of days on system restart. not working

Posted on 2009-03-30
4
2,846 Views
Last Modified: 2012-05-06
We have about 300 Vista Enterprise SP1 x86 Lab computers on a 2003 domain that is a child domain of a 2008 forest/parent domain. I have built a new group policy that is using the "Delete user profiles older than a specified number of days on system restart" setting and specifying 30 days.  But for some reason after the systems reboot, and I log in with an administrator, the user profile service never searches and cleans up old profiles.  I can see profiles that are clearly older than 30 days in the c:\users directory and the application log doesn't show any events from search-ProfileNotify event source.

I've tried disabling roaming profiles thinking that was an issue.  I've verified through rsop.msc that the policy is indeed applying successfully, it just never does anythying.  

Is there something else that I'm supposed to set and I'm missing?
0
Comment
Question by:bry1000_wpi
  • 2
  • 2
4 Comments
 
LVL 54

Expert Comment

by:McKnife
ID: 24033723
Hi. The problem seems to be the number 300...see http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_Vista/Q_24254270.html
No, I finally found out - it's simply a bug.
Solution: apply the corresponding registry value - I could confirm it working.
HKLM\Software\Policies\Microsoft\Windows\System
Type:RegDWord(32)
Name:CleanupProfiles
Value: maximum age in days
0
 
LVL 54

Expert Comment

by:McKnife
ID: 24033759
To distribute/deploy this registry setting, use either a startup script or group policy preferences (GPP).
0
 

Author Comment

by:bry1000_wpi
ID: 24038417
Yeah, I had deployed that registry setting via group policy and it still wasn't working.
I have however figured out what the problem is.

When I looked in the User Profiles menu on all of my machines, the modified date was saying the current date always.  After some digging it looks like every morning at 2am, Windows Defender was runninng and modifying the ntuser.dat in each user's profile account, thus marking it as modified that morning.  

Yesterday I disabled Windows Defender with Policy and this morning the modified dates on the profiles are no longer updated to today, they are still at 3/31/2009.  This means that windows defender didn't scan and change the modified flag on the ntuser.dat files this morning so the policy "should" start working once I deploy it more globally.  

The bigger question (not for this forum I guess) is why was Windows Defender Marking any files as modified when it's running a scan.  McAfee doesn't do that, nor do any backup programs I've ever seen.  So does that mean that windows defender actually opens up these user hive files and is doing something within them.  Kind of scary and odd to me... but at least I know why now.
0
 

Accepted Solution

by:
bry1000_wpi earned 0 total points
ID: 24038552
I just verified on one of my test machines by setting the policy to 1 day and now it is working.  

In the end turning off windows defender fixed the issue.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

So who is this article for? If you are like most of the computer users out there, you probably only realize the meaning of 'System maintenance' after something goes wrong. This article is for you if you care about keeping your system working opti…
#Citrix #POC #XenDesktop #vCenter #VMware #ESX
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question