Cleanup Script for USERS folder
-
I have been stewing on this for a bit,.. but I was asked if there was a way to clean up the Users folder (C:\Users* ) of old profiles.
The computers use folder redirect, so changes are on the server, but for what ever reason, he wants the folder to be empty other than the active user.
Is this a bad idea or 'acceptable'.
And it just struck me on how to simply do this,.. using either part of the logon or logoff script option in ADUC. I know that you can use WHOAMI or %USERNAME% to determine the active user.
-
So you want to continuously delete anything that users leave behind? Why leave the active user, since if someone else sits down, even for a second, that active user will be deleted too. Leaving the active user's data around would just confuse people as to why sometimes their data persists and sometimes it does not. That would be really dangerous.
-
@scottalanmiller
I agree - and would think that deleting it in the first place would be dangerous as well. -
@gjacobse said:
@scottalanmiller
I agree - and would think that deleting it in the first place would be dangerous as well.Deleting everything is dangerous, but only a little. After a day or two, no one will make mistakes around where they store files. That's not so bad. Making the deletions confusing and capricious will make users mad, confused and almost certainly set them up for data loss that will be blamed on IT. I would only do that if you have management put, in writing, that they understand that this will socially engineer their users for extreme data loss and that IT absolutely advises against it.
It's the business' call, but it is crazy, IMHO.
-
What of in the case of employees who have left - But that seems either a long task, or one that is tied into pulling User from ADUC. Seems more like a PS script than a 'simple' .bat or .vbs script...
-
@gjacobse said:
What of in the case of employees who have left - But that seems either a long task, or one that is tied into pulling User from ADUC. Seems more like a PS script than a 'simple' .bat or .vbs script...
The local system has no way to know who has left. I would likely do that manually and only when necessary. Seems a bit mental to auto-delete what might be critical files with no one to inspect them.
-
Sounds like a client that might need to think about central storage for this stuff. Then there is only one copy of each user's data, it can be archived and cleaned up easily.
-
-
Oh, is it the nutter who got fired and then begged for service.... just do what's asked, don't worry about lost data.
-
This feels risky. Is there much chance of there being important files on the user's desktops?
-
What about instead of deleting the data, it was zipped up and send to the manager?
-
@Reid-Cooper Always.
He himself had a folder of old emails which totaled about 20GB. ON THEDESKTOP - Ugh.. Users. -
@Reid-Cooper
Uhm.. It's the Manager / Owner wanting to do the clean up. -
GPO to clean off profiles >2months old?
-
I have a work-in-progress power shell script that looks in specific locations and deletes the contents (some app data folders, desktop, documents, favourites etc) and resets the theme to default Windows theme.
The log file output doesn't work yet.
So it's more of a profile reset/clean up
-
@gjacobse said:
@Reid-Cooper
Uhm.. It's the Manager / Owner wanting to do the clean up.Put it in writing that if ANYONE sits down at his computer, even on accident, it will mean instant deletion of HIS files by HIS request.
-
I'm confused - You're using folder redirection, so the local copy of the data is only there for speed or network connectivity loss. So there should be nearly zero data loss if you delete the profile after the user logs out.
I'm not sure if there is a reg key on Windows Workstation OS, but there definitely is on Server OS for Remote Desktop Services.
This was something I've seen often turned on to keep the local storage needs of the RDS server from ballooning out of control from left over profiles.
User logs into RDS, downloads profile, user logs out - copy is pushed to the server and local directory is deleted.
Pretty standard practice.
I'd be surprised if this wasn't available on say Windows 7, etc.