Solved

Delete Users with backup status

Posted on 2011-09-21
14
1,119 Views
Last Modified: 2012-05-12
I have a couple hundred multi-user machines that have potentially hundreds of unique users per month per machine.  Lately I have been noticing that some users are experiencing a temporary profile when logging in to some machines.  When I check the user registry (HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList) I notice that some users keys have a .bak on the end.  If I delete that key the user can log in with an expected profile and behavior.  It would make sense to me then to systematically remove these keys from the machines to improve general computer use.

I am struggling in finding a way to delete just the keys that end in a .bak without touching the others.  I have found some articles on EE that talk about using wildcard masks in VBscripts, but I'm not sure how to do that.  Any other solutions to this problem are also appreciated.
 Image of registry with keys
0
Comment
Question by:Evan Hines
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
  • +1
14 Comments
 
LVL 4

Expert Comment

by:sAiyAnstAr
ID: 36577803
Hi there,

Give this a go and see if this is what you are after: http://www.nirsoft.net/utils/regscanner.html
0
 
LVL 1

Author Comment

by:Evan Hines
ID: 36577828
I should probably add that my desired solution is something I can either push out from my domain controller either as a login/startup script or a GPO.  But I will check the reg scanner from NirSoft.
0
 
LVL 4

Expert Comment

by:Felicia King
ID: 36577835
If you could write a script to dump that registry key (regdmp.exe) and then inspect the output file using a for loop in a batch routine, you could identify the keys that need wacking. But it's not that simple. The physical folder in C:\Users or C:\Documents and Settings also has to be wacked. I've never found a clean way to clean it up because the steps are so complicated. I think a VB script is probably the only reasonable approach.

Is it possible you could take the approach of writing a delete all profiles script except for the Administrator and Default User profile?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:Evan Hines
ID: 36577946
locojalapeno-

I've kind of looked into it as with Windows Server 2008 you can push out registry keys.  I tried to delete the ProfileList key and then copy the basic subkeys from the server back to the computer and it broke the genuine activation for that machine and I had to reimage it.  Now, if I could use a script to remove all those subkeys but the necessary ones, that could work.  Of course I too have also tried to remove those user account folders and there is a GPO that is supposed to do that to accounts that have aged long enough.  However, when our anti-virus program scans the computer it updates the user folders modified date and that GPO doesn't work.  There is a fix that can be installed on each client that is supposed to correct it, but it hasn't worked in my tests.

The set up for my users uses folder redirection of major user folders to a server and not roaming profiles.  In a perfect world, they should never need the local users folders created when a user logs in as folder synchronization has been disabled.  But that isn't always the case.  So I am a little reluctant to delete the users folders.  However I am open to suggestions.

Thanks.
0
 
LVL 4

Expert Comment

by:Felicia King
ID: 36577993
I understand your reluctance. Once the profile list gets out of sync with the actual folders, havoc ensues. I'm not sure there is any point in deleting the reg keys if you aren't going to wack the user profile folder at the same time because if you leave the user profile folder, next time the user logs on, Windows may just up and decide that it's not going to use that folder but will make one called username.000 or something like that. I'm sure you've seen that. Not sure I have any other good ideas for you other than manual cleanup. Sounds like a really tough issue.

Regarding the breaking of the genuine activation, I think that might have to do with the administrator or system profile and it's reg keys. That's why I was suggesting the enumerate, for loop, skip the first n, and then wack. As you know, the first few profiles are system, admin, network service, local service and the like.

Your post honed in on the .bak profiles. I'm really good at command and batch scripts with for loops and file processing, but not VB. Since this is a reg key and not some directory contents, I'm not sure how the code would look to dump the key, then enumerate the list of profile GUIDs that end in .bak, and then feed that to a delete command. If you could find the code for that, the process sounds like it could work.
0
 
LVL 1

Author Comment

by:Evan Hines
ID: 36579442
I think I'm ready to take the plunge and test out an idea to wack both the user folder and reg keys on some test machines and see if it works.  If I'm not mistaken there should be a way to automatically delete a profile folder upon logoff, so I'll check into that.  That, however, may not clear out my existing users & keys.

So far, anytime I have wiped out a reg key without removing the corresponding folder I haven't had any issues.  I have seen the username.000 before but that was on XP machines and I dont' believe I've yet seen that occur on any Windows 7 machines.  If there is a suggestion on how to enumerate through and systematically delete all domain user keys from the ProfileList key, I'm all ears.  Once that part is done developing a script to eliminate user folders sounds like the easy part using batch scripts, at least for locojalapeno.

There is that part of Windows GPO where you can add or remove registry entries but from my experience it doesn't seem to accept wildcards - that is where I tried to eliminate the entire key and add a few back and broke genuine activation.  If anyone knows how to tweak that to use wildcards (since all my domain keys start off the same), that would be an easy fix.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36581715
In most cases, the profile is still good.... I wouldnt personally whack the profile folders, just the subkeys.... I tyhink something simple might work (or at least provide the groundwork for something prettier....

Did not get a chance to test though......


CODE REMOVED AT THE REQUEST OF JOHNB6767

Open in new window

0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36581973
WAIT... DO NOT USE THIS CODE....
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 500 total points
ID: 36581990
There was a space, that separated the contents of the .txt file into two tokens..... Officially making the reg delete command stop at "Windows"..... Not good....

I decided to test it, and had to do a System Restore, which is how I figured it out.....  :-(

This looks better....
REM This only lists the KEYS under ProfileList with the .BAK extension
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList" | find ".bak">%temp%\regbak.txt
REM remove the echo once you see it populates the command ok....
for /f "tokens=1,2" %%a in (%temp%\regbak.txt) do echo reg delete "%%a %%b" /f

Open in new window

0
 
LVL 4

Expert Comment

by:Felicia King
ID: 36582012
aboell,
if you need a good reference for the for loop stuff, check Rob Vanderwoude's site.
http://www.robvanderwoude.com/
0
 
LVL 1

Author Comment

by:Evan Hines
ID: 36587416
I will try that code early next week and report back with my results.  Thank you for your assistance.
0
 
LVL 1

Author Comment

by:Evan Hines
ID: 36946348
Ok, great news!  The script works just perfectly and all the .bak registry keys are successfully deleted upon user logout.  I also decided to combine this script with a small app called DelProf2 http://helgeklein.com/free-tools/delprof2-user-profile-deletion-tool/.  I have set up my GPO to call both the .bak registry removal of any profile with a .bak key and any user profile not accessed in the last 10 days.  While I'm just now reaching the 10 day period to really see how well it work, my preliminary tests are coming back favorable.

I did have to get a little creative in my scripting since altering the registry requires elevated privlieges, but Google helped with that.  The only thing left for me to research is to find out just how the .bak profiles occur in the first place.  I'm coming to find out that there are some users that every time they log on then log off after normal use, their profile is placed in Backup mode.  But until I figure that out these scripts will help minimize the negative effects.  Thanks a bunch!
0
 
LVL 1

Author Closing Comment

by:Evan Hines
ID: 36946355
Simple yet excellent in execution.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36946371
Glad it worked... I like simple, as I skipped learning the hard stuff....   :-)
0

Featured Post

Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question