I’ve built a relevance to find machines that have existing temp files:
exists files of folders "Appdata\Local\Temp" of folders of folders "C:\Users"
This works well and is verified to be looking at all of the user directories under C:\Users.
The issue is how to delete these files. Wouldn’t it be nice to say:
delete files of folders "Appdata\Local\Temp" of folders of folders "C:\Users"
Anyone have the magic for this?
Something like this?
delete __appendfile
delete run.bat
appendfile {(("rmdir /s /q " & character(34) & pathname of it & character(34) & "%0d%0a") of folders "\Appdata\Local\Temp" of folders of folder "C:\Users")}
move __appendfile run.bat
waithidden run.bat
I hope it goes without saying that this is a pretty scary command – should be run only with extensive testing and probably only when there are no logged on users.
Bill
I have a task that deletes only the files/folders older than a given age (in days). By default I run this as a daily Policy Action with a 7-day threshold. This one hits C:\TEMP, C:\WINDOWS\TEMP, and all temp folders under each User Profile:
action parameter query "Age" with description "Number of days of TEMP content to preserve" and with default value "7"
delete __createfile
createfile until EOF_EOF_EOF_EOF
SETLOCAL
SET FAILCOUNT=0
REM First delete individual files older than our threshold
{concatenation "%0d%0a" of ("del /q %22" & pathname of it & "%22 || @set /A FAILCOUNT+=1") of descendants whose (now - modification time of it > (parameter "Age" as integer) * day) of (folders "c:\temp"; folders "appdata\local\temp" of folders of folders ("c:\users";"C:\Documents and Settings"); folders "temp" of windows folder)}
@EXIT /B %FAILCOUNT%
EOF_EOF_EOF_EOF
delete DeleteOldFiles.cmd
move __createfile DeleteOldFiles.cmd
waithidden cmd /c DeleteOldFiles.cmd
delete __createfile
// After the files are deleted, delete any empty subdirectories (of this same set of folders we're watching)
createfile until EOF_EOF_EOF_EOF
SETLOCAL
SET FAILCOUNT=0
{concatenation "%0d%0a" of ("rd /s /q %22" & pathname of it & "%22 || @SET /A FAILCOUNT += 1") of descendant folders whose (not exists descendants of it) of (folders "c:\temp"; folders "appdata\local\temp" of folders of folders ("c:\users";"c:\documents and settings"); folders "temp" of windows folder)}
@EXIT /B %FAILCOUNT%
EOF_EOF_EOF_EOF
delete DeleteEmptyDirectories.cmd
move __createfile DeleteEmptyDirectories.cmd
waithidden cmd /c DeleteEmptyDirectories.cmdI would only recommend doing this on computers with less than X free space.
See here: https://bigfix.me/analysis/details/2994572
I also like @JasonWalker 's idea of only deleting files older than Y days, BUT I will say that this could be slightly problematic if a program has some files that are older and some that are newer and you only delete the old ones.
I definitely don’t love running this as a policy action against all systems all of the time.
There is a free and open source software called bleachbit that has a portable version that can be run from the command line. It is a competitor to CCleaner. https://www.bleachbit.org/download/windows
I have an old installer fixlet for bleachbit here: https://bigfix.me/cdb/fixlet/6079
You could preload the newest version of bleachbit portable into the utility cache of all endpoints, which would guarantee it being able to be invoked without a download or extra space on the endpoint. The tricky part would be swapping it out of the utility cache with a new version when you want to upgrade the cached copy.
You might want to use the bleachbit option in combo with something like described in this post that doesn’t require a download so that you can clear up space to make room for a utility like this.
Jason
I need to run this on both windows and linux as I am deleting files from the following path
delete "{parent folder of client as string & "\Evidence\ and delete "{parent folder of client as string & "/Evidence/
Ok, then you’ll need to write a Batch file on Windows and something else (likely a Bash script) on Linux.
Jason
Having a bit of problem modifying the line to delete files from this folder. What am I doing wrong?
(parent folder of client as string & “\Evidence”)
{concatenation “%0d%0a” of (“del /q %22” & pathname of it & “%22 || @set /A FAILCOUNT+=1”) of descendants whose (now - modification time of it > (parameter “Age” as integer) * day) of (folders "(parent folder of client as string & “\Evidence”))}
What ends up getting put into the createfile?
Could be that you need pathname of parent folder of client
Jason,
This is what is in the createfile which gets created.
SETLOCAL
SET FAILCOUNT=0
REM First delete individual files older than our threshold
//
//del /q “C:\Program Files (x86)\BigFix Enterprise\BES Client\Evidence\CIP-007-R3.1 Antivirus.WIN-92P49UCHS1V.04112016.job” || @set /A FAILCOUNT+=1
del /q “C:\Program Files (x86)\BigFix Enterprise\BES Client\Evidence\CIP-010-R1.1 Windows Baseline.WIN-92P49UCHS1V.03102016.job” || @set /A FAILCOUNT+=1
del /q “C:\Program Files (x86)\BigFix Enterprise\BES Client\Evidence\CIP-010-R1.1 Windows Baseline.WIN-92P49UCHS1V.03102016.txt” || @set /A FAILCOUNT+=1
del /q “C:\Program Files (x86)\BigFix Enterprise\BES Client\Evidence\CIP-010-R1.4 Windows Security Baseline.WIN-92P49UCHS1V.03102016.job” || @set /A FAILCOUNT+=1
del /q “C:\Program Files (x86)\BigFix Enterprise\BES Client\Evidence\CIP-010-R1.4 Windows Security Baseline.WIN-92P49UCHS1V.03102016.txt” || @set /A FAILCOUNT+=1
Here is what is in the log file.
Relevant - Custom Task (fixlet:5689)
At 13:31:16 -0700 -
ActionLogMessage: (action:5689) Action signature verified for Execution
ActionLogMessage: (action:5689) starting action
At 13:31:16 -0700 - actionsite (http://itemserver.training.tivoli.edu:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded action parameter query “Age” with description “Number of days of TEMP content to preserve” and with default value “7” (action:5689)
Command succeeded delete __createfile (action:5689)
Command failed (Substitution failed while writing file) createfile until EOF_EOF_EOF_EOF (action:5689)
At 13:31:16 -0700 -
ActionLogMessage: (action:5689) ending action
At 13:31:16 -0700 - mailboxsite (http://itemserver.training.tivoli.edu:52311/cgi-bin/bfgather.exe/mailboxsite7110151)
Not Relevant - Custom Task (fixlet:5689)
Ok, that log and output is useful.
I’m going to stop guessing at what you might be doing though. You need to paste in the entire action script that is generating this error. Be sure to use the “Preformatted Text” button to format it correctly (the button with a “</>” symbol above the input window).
I don’t know if the problem is on the line
{concatenation "%0d%0a" of ("del /q %22" & pathname of it & "%22 || @set /A FAILCOUNT+=1") of descendants whose (now - modification time of it > (parameter "Age" as integer) * day) of (folders "(parent folder of client as string & "\Evidence"))}
or if it’s somewhere after that and before the end of the createfile block.
In fact that line should trigger a syntax error as well because of a bad quote in folders "(parent folder of client as string
Could be that one of the files is missing a property we’re querying or has a pathname that can’t be constructed, but more likely there’s another line in the actionscript triggering the error.
`// Enter your action script here
action parameter query "Age" with description "Number of days of TEMP content to preserve" and with default value "7"
delete __createfile
createfile until EOF_EOF_EOF_EOF
SETLOCAL
SET FAILCOUNT=0
REM First delete individual files older than our threshold
//{concatenation "%0d%0a" of ("del /q %22" & pathname of it & "%22 || @set /A FAILCOUNT+=1") of descendants whose (now - modification time of it > (parameter "Age" as integer) * day) of (folders "c:\temp"; folders "appdata\local\temp" of folders of folders ("c:\users";"C:\Documents and Settings"); folders "temp" of windows folder)}
//{concatenation "%0d%0a" of ("del /q %22" & pathname of it & "%22 || @set /A FAILCOUNT+=1") of descendants whose (now - modification time of it > (parameter "Age" as integer) * day) of (folders "C:\Program Files (x86)\BigFix Enterprise\BES Client\Evidence")}
{concatenation "%0d%0a" of ("del /q %22" & pathname of it & "%22 || @set /A FAILCOUNT+=1") of descendants whose (now - modification time of it > (parameter "Age" as integer) * day) of (folders "(parent folder of client as string & "\Evidence"))}
@EXIT /B %FAILCOUNT%
EOF_EOF_EOF_EOF
delete DeleteOldFiles.cmd
move __createfile DeleteOldFiles.cmd
waithidden cmd /c DeleteOldFiles.cmd
delete __createfile
// After the files are deleted, delete any empty subdirectories (of this same set of folders we're watching)
//createfile until EOF_EOF_EOF_EOF
//SETLOCAL
//SET FAILCOUNT=0
//{concatenation "%0d%0a" of ("rd /s /q %22" & pathname of it & "%22 || @SET /A FAILCOUNT += 1") of descendant folders whose (not exists descendants of it) of (folders "c:\temp"; folders "appdata\local\temp" of folders of folders ("c:\users";"c:\documents and settings"); folders "temp" of windows folder)}
//@EXIT /B %FAILCOUNT%
//EOF_EOF_EOF_EOF
//delete DeleteEmptyDirectories.cmd
//move __createfile DeleteEmptyDirectories.cmd
//waithidden cmd /c DeleteEmptyDirectories.cmd
`Ok, I see some things worth looking at in there.
The ActionScript lines that are intended to be comments, are actually being put into the __createfile. The “//” characters that are normally comment delimiters in ActionScript, are being literally included and the “commented-out” Relevance is being evaluated. Notice how the __createfile output includes the “//” -
There are three Relevance substitutions that are attempting to evaluate inside the createfile -
//{concatenation "%0d%0a" of ("del /q %22" & pathname of it & "%22 || @set /A FAILCOUNT+=1") of descendants whose (now - modification time of it > (parameter "Age" as integer) * day) of (folders "c:\temp"; folders "appdata\local\temp" of folders of folders ("c:\users";"C:\Documents and Settings"); folders "temp" of windows folder)}
//{concatenation "%0d%0a" of ("del /q %22" & pathname of it & "%22 || @set /A FAILCOUNT+=1") of descendants whose (now - modification time of it > (parameter "Age" as integer) * day) of (folders "C:\Program Files (x86)\BigFix Enterprise\BES Client\Evidence")}
{concatenation "%0d%0a" of ("del /q %22" & pathname of it & "%22 || @set /A FAILCOUNT+=1") of descendants whose (now - modification time of it > (parameter "Age" as integer) * day) of (folders "(parent folder of client as string & "\Evidence"))}
One of these three is triggering a Relevance error. What it looks like to me, is that the first Relevance is giving no result - hence the line of only “//” in the output. The second Relevance is giving results (preceding by “//”). I think the error is in the third Relevance substitution.
You should remove all of the attempts at commented-out Relevance substitutions inside the createfile until block, and I think the third substitution probably only needs some changes in how the folders() is evaluated. Try
{concatenation "%0d%0a" of ("del /q %22" & pathname of it & "%22 || @set /A FAILCOUNT+=1") of descendants whose (now - modification time of it > (parameter "Age" as integer) * day) of folders (pathname of parent folder of client & "\Evidence")}
Jason,
Thanks for the explanations as to why the action was script with noted out comments still had an effect within the script and how to recognize this. Making all the changes you suggested solved the problem and the script works correctly.
This is all great stuff. Do you mind posting the functional script here? I think I’m getting all of this input, but want to make sure.
Thanks for the help!
Final Action Script
// Enter your action script here
action parameter query "Age" with description "Number of days of TEMP content to preserve" and with default value "7"
delete __createfile
createfile until EOF_EOF_EOF_EOF
SETLOCAL
SET FAILCOUNT=0
REM First delete individual files older than our threshold
{concatenation "%0d%0a" of ("del /q %22" & pathname of it & "%22 || @set /A FAILCOUNT+=1") of descendants whose (now - modification time of it > (parameter "Age" as integer) * day) of folders (pathname of parent folder of client & "\Evidence")}
@EXIT /B %FAILCOUNT%
EOF_EOF_EOF_EOF
delete DeleteOldFiles.cmd
move __createfile DeleteOldFiles.cmd
waithidden cmd /c DeleteOldFiles.cmd
delete __createfile