Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1197
  • Last Modified:

Delete Users with backup status

I have a couple hundred multi-user machines that have potentially hundreds of unique users per month per machine.  Lately I have been noticing that some users are experiencing a temporary profile when logging in to some machines.  When I check the user registry (HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList) I notice that some users keys have a .bak on the end.  If I delete that key the user can log in with an expected profile and behavior.  It would make sense to me then to systematically remove these keys from the machines to improve general computer use.

I am struggling in finding a way to delete just the keys that end in a .bak without touching the others.  I have found some articles on EE that talk about using wildcard masks in VBscripts, but I'm not sure how to do that.  Any other solutions to this problem are also appreciated.
 Image of registry with keys
0
Evan Hines
Asked:
Evan Hines
  • 6
  • 4
  • 3
  • +1
1 Solution
 
sAiyAnstArCommented:
Hi there,

Give this a go and see if this is what you are after: http://www.nirsoft.net/utils/regscanner.html
0
 
Evan HinesAuthor Commented:
I should probably add that my desired solution is something I can either push out from my domain controller either as a login/startup script or a GPO.  But I will check the reg scanner from NirSoft.
0
 
Felicia KingCommented:
If you could write a script to dump that registry key (regdmp.exe) and then inspect the output file using a for loop in a batch routine, you could identify the keys that need wacking. But it's not that simple. The physical folder in C:\Users or C:\Documents and Settings also has to be wacked. I've never found a clean way to clean it up because the steps are so complicated. I think a VB script is probably the only reasonable approach.

Is it possible you could take the approach of writing a delete all profiles script except for the Administrator and Default User profile?
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Evan HinesAuthor Commented:
locojalapeno-

I've kind of looked into it as with Windows Server 2008 you can push out registry keys.  I tried to delete the ProfileList key and then copy the basic subkeys from the server back to the computer and it broke the genuine activation for that machine and I had to reimage it.  Now, if I could use a script to remove all those subkeys but the necessary ones, that could work.  Of course I too have also tried to remove those user account folders and there is a GPO that is supposed to do that to accounts that have aged long enough.  However, when our anti-virus program scans the computer it updates the user folders modified date and that GPO doesn't work.  There is a fix that can be installed on each client that is supposed to correct it, but it hasn't worked in my tests.

The set up for my users uses folder redirection of major user folders to a server and not roaming profiles.  In a perfect world, they should never need the local users folders created when a user logs in as folder synchronization has been disabled.  But that isn't always the case.  So I am a little reluctant to delete the users folders.  However I am open to suggestions.

Thanks.
0
 
Felicia KingCommented:
I understand your reluctance. Once the profile list gets out of sync with the actual folders, havoc ensues. I'm not sure there is any point in deleting the reg keys if you aren't going to wack the user profile folder at the same time because if you leave the user profile folder, next time the user logs on, Windows may just up and decide that it's not going to use that folder but will make one called username.000 or something like that. I'm sure you've seen that. Not sure I have any other good ideas for you other than manual cleanup. Sounds like a really tough issue.

Regarding the breaking of the genuine activation, I think that might have to do with the administrator or system profile and it's reg keys. That's why I was suggesting the enumerate, for loop, skip the first n, and then wack. As you know, the first few profiles are system, admin, network service, local service and the like.

Your post honed in on the .bak profiles. I'm really good at command and batch scripts with for loops and file processing, but not VB. Since this is a reg key and not some directory contents, I'm not sure how the code would look to dump the key, then enumerate the list of profile GUIDs that end in .bak, and then feed that to a delete command. If you could find the code for that, the process sounds like it could work.
0
 
Evan HinesAuthor Commented:
I think I'm ready to take the plunge and test out an idea to wack both the user folder and reg keys on some test machines and see if it works.  If I'm not mistaken there should be a way to automatically delete a profile folder upon logoff, so I'll check into that.  That, however, may not clear out my existing users & keys.

So far, anytime I have wiped out a reg key without removing the corresponding folder I haven't had any issues.  I have seen the username.000 before but that was on XP machines and I dont' believe I've yet seen that occur on any Windows 7 machines.  If there is a suggestion on how to enumerate through and systematically delete all domain user keys from the ProfileList key, I'm all ears.  Once that part is done developing a script to eliminate user folders sounds like the easy part using batch scripts, at least for locojalapeno.

There is that part of Windows GPO where you can add or remove registry entries but from my experience it doesn't seem to accept wildcards - that is where I tried to eliminate the entire key and add a few back and broke genuine activation.  If anyone knows how to tweak that to use wildcards (since all my domain keys start off the same), that would be an easy fix.
0
 
johnb6767Commented:
In most cases, the profile is still good.... I wouldnt personally whack the profile folders, just the subkeys.... I tyhink something simple might work (or at least provide the groundwork for something prettier....

Did not get a chance to test though......


CODE REMOVED AT THE REQUEST OF JOHNB6767

Open in new window

0
 
johnb6767Commented:
WAIT... DO NOT USE THIS CODE....
0
 
johnb6767Commented:
There was a space, that separated the contents of the .txt file into two tokens..... Officially making the reg delete command stop at "Windows"..... Not good....

I decided to test it, and had to do a System Restore, which is how I figured it out.....  :-(

This looks better....
REM This only lists the KEYS under ProfileList with the .BAK extension
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList" | find ".bak">%temp%\regbak.txt
REM remove the echo once you see it populates the command ok....
for /f "tokens=1,2" %%a in (%temp%\regbak.txt) do echo reg delete "%%a %%b" /f

Open in new window

0
 
Felicia KingCommented:
aboell,
if you need a good reference for the for loop stuff, check Rob Vanderwoude's site.
http://www.robvanderwoude.com/
0
 
Evan HinesAuthor Commented:
I will try that code early next week and report back with my results.  Thank you for your assistance.
0
 
Evan HinesAuthor Commented:
Ok, great news!  The script works just perfectly and all the .bak registry keys are successfully deleted upon user logout.  I also decided to combine this script with a small app called DelProf2 http://helgeklein.com/free-tools/delprof2-user-profile-deletion-tool/.  I have set up my GPO to call both the .bak registry removal of any profile with a .bak key and any user profile not accessed in the last 10 days.  While I'm just now reaching the 10 day period to really see how well it work, my preliminary tests are coming back favorable.

I did have to get a little creative in my scripting since altering the registry requires elevated privlieges, but Google helped with that.  The only thing left for me to research is to find out just how the .bak profiles occur in the first place.  I'm coming to find out that there are some users that every time they log on then log off after normal use, their profile is placed in Backup mode.  But until I figure that out these scripts will help minimize the negative effects.  Thanks a bunch!
0
 
Evan HinesAuthor Commented:
Simple yet excellent in execution.
0
 
johnb6767Commented:
Glad it worked... I like simple, as I skipped learning the hard stuff....   :-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 6
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now