Solved

Delete Users with backup status

Posted on 2011-09-21
14
1,084 Views
Last Modified: 2012-05-12
I have a couple hundred multi-user machines that have potentially hundreds of unique users per month per machine.  Lately I have been noticing that some users are experiencing a temporary profile when logging in to some machines.  When I check the user registry (HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList) I notice that some users keys have a .bak on the end.  If I delete that key the user can log in with an expected profile and behavior.  It would make sense to me then to systematically remove these keys from the machines to improve general computer use.

I am struggling in finding a way to delete just the keys that end in a .bak without touching the others.  I have found some articles on EE that talk about using wildcard masks in VBscripts, but I'm not sure how to do that.  Any other solutions to this problem are also appreciated.
 Image of registry with keys
0
Comment
Question by:Evan Hines
  • 6
  • 4
  • 3
  • +1
14 Comments
 
LVL 4

Expert Comment

by:sAiyAnstAr
ID: 36577803
Hi there,

Give this a go and see if this is what you are after: http://www.nirsoft.net/utils/regscanner.html
0
 
LVL 1

Author Comment

by:Evan Hines
ID: 36577828
I should probably add that my desired solution is something I can either push out from my domain controller either as a login/startup script or a GPO.  But I will check the reg scanner from NirSoft.
0
 
LVL 4

Expert Comment

by:Felicia King
ID: 36577835
If you could write a script to dump that registry key (regdmp.exe) and then inspect the output file using a for loop in a batch routine, you could identify the keys that need wacking. But it's not that simple. The physical folder in C:\Users or C:\Documents and Settings also has to be wacked. I've never found a clean way to clean it up because the steps are so complicated. I think a VB script is probably the only reasonable approach.

Is it possible you could take the approach of writing a delete all profiles script except for the Administrator and Default User profile?
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 1

Author Comment

by:Evan Hines
ID: 36577946
locojalapeno-

I've kind of looked into it as with Windows Server 2008 you can push out registry keys.  I tried to delete the ProfileList key and then copy the basic subkeys from the server back to the computer and it broke the genuine activation for that machine and I had to reimage it.  Now, if I could use a script to remove all those subkeys but the necessary ones, that could work.  Of course I too have also tried to remove those user account folders and there is a GPO that is supposed to do that to accounts that have aged long enough.  However, when our anti-virus program scans the computer it updates the user folders modified date and that GPO doesn't work.  There is a fix that can be installed on each client that is supposed to correct it, but it hasn't worked in my tests.

The set up for my users uses folder redirection of major user folders to a server and not roaming profiles.  In a perfect world, they should never need the local users folders created when a user logs in as folder synchronization has been disabled.  But that isn't always the case.  So I am a little reluctant to delete the users folders.  However I am open to suggestions.

Thanks.
0
 
LVL 4

Expert Comment

by:Felicia King
ID: 36577993
I understand your reluctance. Once the profile list gets out of sync with the actual folders, havoc ensues. I'm not sure there is any point in deleting the reg keys if you aren't going to wack the user profile folder at the same time because if you leave the user profile folder, next time the user logs on, Windows may just up and decide that it's not going to use that folder but will make one called username.000 or something like that. I'm sure you've seen that. Not sure I have any other good ideas for you other than manual cleanup. Sounds like a really tough issue.

Regarding the breaking of the genuine activation, I think that might have to do with the administrator or system profile and it's reg keys. That's why I was suggesting the enumerate, for loop, skip the first n, and then wack. As you know, the first few profiles are system, admin, network service, local service and the like.

Your post honed in on the .bak profiles. I'm really good at command and batch scripts with for loops and file processing, but not VB. Since this is a reg key and not some directory contents, I'm not sure how the code would look to dump the key, then enumerate the list of profile GUIDs that end in .bak, and then feed that to a delete command. If you could find the code for that, the process sounds like it could work.
0
 
LVL 1

Author Comment

by:Evan Hines
ID: 36579442
I think I'm ready to take the plunge and test out an idea to wack both the user folder and reg keys on some test machines and see if it works.  If I'm not mistaken there should be a way to automatically delete a profile folder upon logoff, so I'll check into that.  That, however, may not clear out my existing users & keys.

So far, anytime I have wiped out a reg key without removing the corresponding folder I haven't had any issues.  I have seen the username.000 before but that was on XP machines and I dont' believe I've yet seen that occur on any Windows 7 machines.  If there is a suggestion on how to enumerate through and systematically delete all domain user keys from the ProfileList key, I'm all ears.  Once that part is done developing a script to eliminate user folders sounds like the easy part using batch scripts, at least for locojalapeno.

There is that part of Windows GPO where you can add or remove registry entries but from my experience it doesn't seem to accept wildcards - that is where I tried to eliminate the entire key and add a few back and broke genuine activation.  If anyone knows how to tweak that to use wildcards (since all my domain keys start off the same), that would be an easy fix.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36581715
In most cases, the profile is still good.... I wouldnt personally whack the profile folders, just the subkeys.... I tyhink something simple might work (or at least provide the groundwork for something prettier....

Did not get a chance to test though......


CODE REMOVED AT THE REQUEST OF JOHNB6767

Open in new window

0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36581973
WAIT... DO NOT USE THIS CODE....
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 500 total points
ID: 36581990
There was a space, that separated the contents of the .txt file into two tokens..... Officially making the reg delete command stop at "Windows"..... Not good....

I decided to test it, and had to do a System Restore, which is how I figured it out.....  :-(

This looks better....
REM This only lists the KEYS under ProfileList with the .BAK extension
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList" | find ".bak">%temp%\regbak.txt
REM remove the echo once you see it populates the command ok....
for /f "tokens=1,2" %%a in (%temp%\regbak.txt) do echo reg delete "%%a %%b" /f

Open in new window

0
 
LVL 4

Expert Comment

by:Felicia King
ID: 36582012
aboell,
if you need a good reference for the for loop stuff, check Rob Vanderwoude's site.
http://www.robvanderwoude.com/
0
 
LVL 1

Author Comment

by:Evan Hines
ID: 36587416
I will try that code early next week and report back with my results.  Thank you for your assistance.
0
 
LVL 1

Author Comment

by:Evan Hines
ID: 36946348
Ok, great news!  The script works just perfectly and all the .bak registry keys are successfully deleted upon user logout.  I also decided to combine this script with a small app called DelProf2 http://helgeklein.com/free-tools/delprof2-user-profile-deletion-tool/.  I have set up my GPO to call both the .bak registry removal of any profile with a .bak key and any user profile not accessed in the last 10 days.  While I'm just now reaching the 10 day period to really see how well it work, my preliminary tests are coming back favorable.

I did have to get a little creative in my scripting since altering the registry requires elevated privlieges, but Google helped with that.  The only thing left for me to research is to find out just how the .bak profiles occur in the first place.  I'm coming to find out that there are some users that every time they log on then log off after normal use, their profile is placed in Backup mode.  But until I figure that out these scripts will help minimize the negative effects.  Thanks a bunch!
0
 
LVL 1

Author Closing Comment

by:Evan Hines
ID: 36946355
Simple yet excellent in execution.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36946371
Glad it worked... I like simple, as I skipped learning the hard stuff....   :-)
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sweet32 Vulnerability in Microsoft IIS7.5 6 299
Risks of using Camtasia Studio 9 46
Windows 7 backup in Windows 8 - can't find 23 66
USB 2 Driver 7 25
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question