Removing Local User with Group Policy

Good Day,

We have encountered an issue with several PCs in regards to updating properly with SCCM. During our troubleshooting we encountered a Local User in the Local Admin group created by ThinkVantage System Update. These users are dynamically created, each beginning with tvsu_tmp_  and then random Alpha-Numeric characters after the underscore. According to Lenovo, these accounts should automatically disappear once operations have finished, but they have not.

Somehow they seem to interfering with SCCM updating PCs, or either it is coincident that SCCM updates begin working properly once the account is removed from the PC.

Is there a way to use a wildcard after tvsu_tmp_ to allow group policy to delete these user accounts from the PCs? It will be time consuming to go to 200+ machines to remove these.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This will work in Windows 7 and up
Create a new GPO
Computer Configuration>Preferences>Control Panel Settings> Local Users and Groups >Right Click in window> New>Local User
Change "Action" to delete
Complete the rest of the form
Apply this to the OU that has the pc's you want the account deleted from
BrockstedtAuthor Commented:

Thanks you for the quick response.

We are needing to know if there is a way to use a wildcard after tvsu_tmp_ in the username due that the Lenovo software adds a random alpha-numeric string to the end of each username. t=The one constant is the beginning of the username "tvsu_tmp_"

Hi Brockstedt.

Use a batch one-liner as a startup script and they're gone:
for /f %%a in ('net localgroup administrators ^| findstr tvsu_tmp_') do net user /delete %%a

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I do not believe there is a way to use a wildcard for this. However you can use the same gpo and add multiple id's for all the user names you want to delete. I know if it not ideal but without special software, this is the way it can be done.
BrockstedtAuthor Commented:
Good Day McKnife,

Tested this on our test environment and worked perfectly.

Thank you for your assistance.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.