Deleting offline users' local folders

adeilson 2023-08-13 19:20:52 UTC #1

Hello,

I am trying to find a way on how to delete local folders from “C:\Users” from users who have not logged for more than 90 days. I have come to the following:

parameter "LocalUserNames" = "{(concatenation "; " of (names of local users))}"

parameter "Threshold" = "1*minute"

parameter "UsersToDelete" = "{{(set of (name of local users whose (exists last logon of it AND now - (last logon of it) > parameter "Threshold" AND (not (it as lowercase contains "administrator" OR it as lowercase contains "default" OR it as lowercase contains "all users")))))}"

delete __appendfile
appendfile action uses wow64 redirection false
appendfile delete {{pathname of folder ("C:\Users\" & it) of members of parameter "UsersToDelete"}
waithidden cmd.exe /C __appendfile

(For testing purposes, I have changed to 1 minute, because I created a local user account to test it)

Default local users folders such as “Administrator, Default, Guest”, etc should not be deleted, in my testing, only Michael_Scott’s folder should be deleted.

The thing is, I tested on the Fixlet Debugger on the (action) tab and although I have had come to something, it’s not working. It completes successfully but it doesn’t actually delete the folders within “C:\Users”.

Would you help me fix this action script and point the errors that are making this fail?

Thank you.

JasonWalker 2023-08-13 20:12:37 UTC #2

The “delete” command in CMD shell does not delete directories.

You need rd /s /q "pathname" to do a recursive, silent “remove directory”

Edit: also, a parameter value is always a string, you won’t be able to check “members of group” once it’s in a parameter. You need to build the parameter with something like concatenation ";" of... and then when building the batch file use substrings separated by ";" of parameter

adeilson 2023-08-13 20:42:30 UTC #3

Ok, just by curiosity. Would there be a way to delete these folders without using cmd and only BigFix ActionScript alone?

Another thing is that I’m guessing it won’t be able to delete users folders since the code I created may know the users who have not logged for >1*minute, but it doesn’t know the path for the user folder.

So, even when trying to make the changes you suggested quickly, I couldn’t get it to work.

JasonWalker 2023-08-13 21:24:44 UTC #4

The ‘folder delete’ ActionScript command can recursively delete a folder, but native ActionScript lacks a mechanism for looping through multiple folders; so you’ll still need to build a shell script to delete multiple folders.

adeilson 2023-08-14 17:37:20 UTC #5

I think what I’m trying to accomplish is quite challenging:

First I have to identify accounts whi have not logged for 90 days;
Then I have to identify the folder belonging to that particular account;
Then delete the entire folder belonged to that account.

I got this info that may help me:

But I hardly think I’ll be able to correlate it to the user, since the SID is different and has numbers instead of the actual name:

It’s an impossible task I guess.

JasonWalker 2023-08-14 18:20:03 UTC #6

Not impossible, but yeah it is tricky.
It’s possible to do the iteration you’re talking about, but much easier to set up a GPO or Local Group Policy to do it for you.

https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.UserProfiles::CleanupProfiles

DavidWFranklin 2023-08-16 21:20:17 UTC #7

I was going to jump and and suggest using powershell for the task:

Get-CimInstance -ClassName Win32_UserProfile -ComputerName $comp | Where-Object {(!$.Special) -and ($.LastUseTime -lt (Get-Date).AddDays(-90)) } | Remove-CimInstance -Verbose -Confirm:$false}

But I like Jason’s suggestion better!

adeilson 2023-08-28 17:36:16 UTC #8

I mean, not gonna lie that I haven’t rest myself since the day I posted here on forum to try and work for a solution. I haven’t made much progress tho, most of scripts I tried query the “general” AD last login and the “Get-CimInstance -ClassName Win32_UserProfile -ComputerName $comp | Where-Object {(!$.Special) -and ($.LastUseTime -lt (Get-Date).AddDays(-90)) } | Remove-CimInstance -Verbose -Confirm:$false}” return the current date any time i try to query the Win32_UserProfile.

The way @JasonWalker suggested would be a good approach, but it seems to not work to add exceptions and also it is not removing the folder.
I had good approaches on removing local folders from local users, but anytime I try to know when a user last logged in a specific computer, it returns me with inconsistent data.

I just thought that BigFix would somehow be capable of storing this information somewhere for better management of endpoints.

I am not done yet and will continue to try different approaches.

adeilson 2023-09-06 19:12:29 UTC #9

I managed to somehow do it by looking at the modification time of the file IconCache.db present in Appdata\Local in each user folder.
What I am trying to do now is set the relevance for a correct manner, but failed to do so still, i think my logic might be incorrect.

I want to add an exclusion list so that the query ignores some folders, I did it like this:

exists files whose (name of it = "IconCache.db" and modification time of it > now - 60 * day) of folders "AppData\Local" of folders of folder "C:\Users" whose (name of it as lowercase does not contain "all users" OR name of it as lowercase does not contain "default" OR name of it as lowercase does not contain "public" OR name of it as lowercase does not contain "administrator")

In this case, the IconCache has not been modified in the last 60 days, but still my query is returning “true”.

Any logical approach to this error?

Just adding that the following: exists files whose (name of it = "IconCache.db" and modification time of it > now - 60 * day) of folders "AppData\Local" of folders of folder "C:\Users" works perfectly.

MMosley 2023-09-07 15:38:49 UTC #10

The modification times for iconcache.db and even the user folder itself will not always be 100% accurate with the last time someone logged in, but they will generally be pretty close.
If you decide to go that route, here’s an example of deleting folder “Test2” of “C:\users…\Test1\Test2” from all user folders that have not been modified in over 60 days, and excluding a few of the defaults you mentioned.

parameter "1" = "{"%22" & concatenation "%22 %22" of pathnames of folders "Test1\Test2" of folders whose(modification time of it < now - 60 * day and name of it as lowercase != "administrator" and name of it as lowercase != "all users" and name of it as lowercase != "default" and name of it as lowercase != "default user" and name of it as lowercase != "public" and name of it as lowercase != "defaultapppool") of folder "C:\Users" & "%22"}"
runhidden cmd.exe /c "for %a in ({parameter "1"}) do rmdir /q /s %a"