Delete user profiles older than a specified number of days on system restart. not working

We have about 300 Vista Enterprise SP1 x86 Lab computers on a 2003 domain that is a child domain of a 2008 forest/parent domain. I have built a new group policy that is using the "Delete user profiles older than a specified number of days on system restart" setting and specifying 30 days.  But for some reason after the systems reboot, and I log in with an administrator, the user profile service never searches and cleans up old profiles.  I can see profiles that are clearly older than 30 days in the c:\users directory and the application log doesn't show any events from search-ProfileNotify event source.

I've tried disabling roaming profiles thinking that was an issue.  I've verified through rsop.msc that the policy is indeed applying successfully, it just never does anythying.  

Is there something else that I'm supposed to set and I'm missing?
bry1000_wpiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
Hi. The problem seems to be the number 300...see http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_Vista/Q_24254270.html
No, I finally found out - it's simply a bug.
Solution: apply the corresponding registry value - I could confirm it working.
HKLM\Software\Policies\Microsoft\Windows\System
Type:RegDWord(32)
Name:CleanupProfiles
Value: maximum age in days
0
McKnifeCommented:
To distribute/deploy this registry setting, use either a startup script or group policy preferences (GPP).
0
bry1000_wpiAuthor Commented:
Yeah, I had deployed that registry setting via group policy and it still wasn't working.
I have however figured out what the problem is.

When I looked in the User Profiles menu on all of my machines, the modified date was saying the current date always.  After some digging it looks like every morning at 2am, Windows Defender was runninng and modifying the ntuser.dat in each user's profile account, thus marking it as modified that morning.  

Yesterday I disabled Windows Defender with Policy and this morning the modified dates on the profiles are no longer updated to today, they are still at 3/31/2009.  This means that windows defender didn't scan and change the modified flag on the ntuser.dat files this morning so the policy "should" start working once I deploy it more globally.  

The bigger question (not for this forum I guess) is why was Windows Defender Marking any files as modified when it's running a scan.  McAfee doesn't do that, nor do any backup programs I've ever seen.  So does that mean that windows defender actually opens up these user hive files and is doing something within them.  Kind of scary and odd to me... but at least I know why now.
0
bry1000_wpiAuthor Commented:
I just verified on one of my test machines by setting the policy to 1 day and now it is working.  

In the end turning off windows defender fixed the issue.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Vista

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.