Cleaned up
This commit is contained in:
poslop
@@ -1,111 +1,107 @@
|
|||||||
#Requires -RunAsAdministrator
|
#Requires -RunAsAdministrator
|
||||||
[cmdletbinding(ConfirmImpact = 'High', SupportsShouldProcess=$True)]
|
[cmdletbinding(ConfirmImpact = 'High', SupportsShouldProcess=$True)]
|
||||||
|
|
||||||
$UserName = "*"
|
# CHANGE ME
|
||||||
$ExcludedUserNames = @("Administrator", "Default Profile")
|
# Change these settings
|
||||||
|
|
||||||
|
$ExcludedUserNames = @("Administrator", "Example Profile")
|
||||||
$InactiveDays = 14
|
$InactiveDays = 14
|
||||||
|
|
||||||
|
|
||||||
|
$profilesFound = 0
|
||||||
$ComputerName = $env:computername
|
$ComputerName = $env:computername
|
||||||
|
|
||||||
|
Try {
|
||||||
|
$profiles = Get-CimInstance -Class Win32_UserProfile
|
||||||
ForEach ($computer in $ComputerName)
|
} Catch {
|
||||||
{
|
Write-Warning "Failed to retreive user profiles on $ComputerName"
|
||||||
$profilesFound = 0
|
Exit
|
||||||
Try {
|
}
|
||||||
$profiles = Get-CimInstance -Class Win32_UserProfile
|
|
||||||
} Catch {
|
|
||||||
Write-Warning "Failed to retreive user profiles on $ComputerName"
|
ForEach ($profile in $profiles) {
|
||||||
Exit
|
$sid = New-Object System.Security.Principal.SecurityIdentifier($profile.SID)
|
||||||
}
|
$account = $sid.Translate([System.Security.Principal.NTAccount])
|
||||||
|
$accountDomain = $account.value.split("\")[0]
|
||||||
|
$accountName = $account.value.split("\")[1]
|
||||||
ForEach ($profile in $profiles) {
|
$profilePath = $profile.LocalPath
|
||||||
$sid = New-Object System.Security.Principal.SecurityIdentifier($profile.SID)
|
$loaded = $profile.Loaded
|
||||||
$account = $sid.Translate([System.Security.Principal.NTAccount])
|
$lastUseTime = $profile.LastUseTime
|
||||||
$accountDomain = $account.value.split("\")[0]
|
$isExcluded = $False
|
||||||
$accountName = $account.value.split("\")[1]
|
$special = $profile.Special
|
||||||
$profilePath = $profile.LocalPath
|
|
||||||
$loaded = $profile.Loaded
|
|
||||||
$lastUseTime = $profile.LastUseTime
|
# Check if the account is special/system account
|
||||||
$isExcluded = $False
|
If ($special) {continue}
|
||||||
$special = $profile.Special
|
|
||||||
|
# Check if the account is Excluded or not
|
||||||
|
ForEach ($eun in $ExcludedUserNames) {
|
||||||
# Check if the account is special/system account
|
If($eun -ne [string]::Empty -And -Not $eun.Contains("*") -And ($accountName.ToLower() -eq $eun.ToLower())){
|
||||||
If ($special) {continue}
|
$isExcluded = $True
|
||||||
|
break
|
||||||
# Check if the account is Excluded or not
|
}
|
||||||
If($accountName.ToLower() -Eq $UserName.ToLower() -Or
|
If($eun -ne [string]::Empty -And $eun.Contains("*") -And ($accountName.ToLower() -Like $eun.ToLower())){
|
||||||
($UserName.Contains("*") -And $accountName.ToLower() -Like $UserName.ToLower())) {
|
$isExcluded = $True
|
||||||
ForEach ($eun in $ExcludedUserNames) {
|
break
|
||||||
If($eun -ne [string]::Empty -And -Not $eun.Contains("*") -And ($accountName.ToLower() -eq $eun.ToLower())){
|
}
|
||||||
$isExcluded = $True
|
}
|
||||||
break
|
|
||||||
}
|
# Continue if excluded
|
||||||
If($eun -ne [string]::Empty -And $eun.Contains("*") -And ($accountName.ToLower() -Like $eun.ToLower())){
|
If($isExcluded) {
|
||||||
$isExcluded = $True
|
Write-Host "`nProfile $accountName was excluded!" -ForegroundColor Blue
|
||||||
break
|
continue
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
# Continue if excluded
|
#Calculation of the login date
|
||||||
If($isExcluded) {
|
$lastLoginDate = $null
|
||||||
Write-Host "`nProfile $accountName was excluded!" -ForegroundColor Blue
|
If ($accountDomain.ToUpper() -eq $computer.ToUpper()) {$lastLoginDate = [datetime]([ADSI]"WinNT://$computer/$accountName").LastLogin[0]}
|
||||||
continue
|
|
||||||
}
|
#Calculation of the unused days of the profile
|
||||||
|
$profileUnusedDays=0
|
||||||
|
If (-Not $loaded){
|
||||||
#Calculation of the login date
|
If($lastLoginDate -eq $null){ $profileUnusedDays = (New-TimeSpan -Start $lastUseTime -End (Get-Date)).Days }
|
||||||
$lastLoginDate = $null
|
Else{$profileUnusedDays = (New-TimeSpan -Start $lastLoginDate -End (Get-Date)).Days}
|
||||||
If ($accountDomain.ToUpper() -eq $computer.ToUpper()) {$lastLoginDate = [datetime]([ADSI]"WinNT://$computer/$accountName").LastLogin[0]}
|
}
|
||||||
|
|
||||||
#Calculation of the unused days of the profile
|
|
||||||
$profileUnusedDays=0
|
If($InactiveDays -ne [uint32]::MaxValue -And $profileUnusedDays -le $InactiveDays){
|
||||||
If (-Not $loaded){
|
|
||||||
If($lastLoginDate -eq $null){ $profileUnusedDays = (New-TimeSpan -Start $lastUseTime -End (Get-Date)).Days }
|
Write-Host "`nSkipping ""$account"" as it is recently used." -ForegroundColor Blue
|
||||||
Else{$profileUnusedDays = (New-TimeSpan -Start $lastLoginDate -End (Get-Date)).Days}
|
Write-Host "Account SID: $sid"
|
||||||
}
|
Write-Host "Special system service user: $special"
|
||||||
|
Write-Host "Profile Path: $profilePath"
|
||||||
|
Write-Host "Loaded : $loaded"
|
||||||
If($InactiveDays -ne [uint32]::MaxValue -And $profileUnusedDays -le $InactiveDays){
|
Write-Host "Last use time: $lastUseTime"
|
||||||
|
If ($lastLoginDate -ne $null) { Write-Host "Last login: $lastLoginDate" }
|
||||||
Write-Host "`nSkipping ""$account"" as it is recently used." -ForegroundColor Blue
|
Write-Host "Profile unused days: $profileUnusedDays"
|
||||||
Write-Host "Account SID: $sid"
|
continue}
|
||||||
Write-Host "Special system service user: $special"
|
|
||||||
Write-Host "Profile Path: $profilePath"
|
$profilesFound ++
|
||||||
Write-Host "Loaded : $loaded"
|
|
||||||
Write-Host "Last use time: $lastUseTime"
|
If ($profilesFound -gt 1) {Write-Host "`n"}
|
||||||
If ($lastLoginDate -ne $null) { Write-Host "Last login: $lastLoginDate" }
|
Write-Host "`nStart deleting profile ""$account"" on computer ""$computer"" ..." -ForegroundColor Red
|
||||||
Write-Host "Profile unused days: $profileUnusedDays"
|
Write-Host "Account SID: $sid"
|
||||||
continue}
|
Write-Host "Special system service user: $special"
|
||||||
|
Write-Host "Profile Path: $profilePath"
|
||||||
$profilesFound ++
|
Write-Host "Loaded : $loaded"
|
||||||
|
Write-Host "Last use time: $lastUseTime"
|
||||||
If ($profilesFound -gt 1) {Write-Host "`n"}
|
If ($lastLoginDate -ne $null) { Write-Host "Last login: $lastLoginDate" }
|
||||||
Write-Host "`nStart deleting profile ""$account"" on computer ""$computer"" ..." -ForegroundColor Red
|
Write-Host "Profile unused days: $profileUnusedDays"
|
||||||
Write-Host "Account SID: $sid"
|
|
||||||
Write-Host "Special system service user: $special"
|
If ($loaded) {
|
||||||
Write-Host "Profile Path: $profilePath"
|
Write-Warning "Cannot delete profile because is in use"
|
||||||
Write-Host "Loaded : $loaded"
|
Continue
|
||||||
Write-Host "Last use time: $lastUseTime"
|
}
|
||||||
If ($lastLoginDate -ne $null) { Write-Host "Last login: $lastLoginDate" }
|
|
||||||
Write-Host "Profile unused days: $profileUnusedDays"
|
Try {
|
||||||
|
Remove-CimInstance $profile
|
||||||
If ($loaded) {
|
Write-Host "Profile deleted successfully" -ForegroundColor Green
|
||||||
Write-Warning "Cannot delete profile because is in use"
|
} Catch {
|
||||||
Continue
|
Write-Host "Error during delete the profile" -ForegroundColor Red
|
||||||
}
|
}
|
||||||
|
}
|
||||||
Try {
|
|
||||||
Remove-CimInstance $profile
|
If($profilesFound -eq 0){
|
||||||
Write-Host "Profile deleted successfully" -ForegroundColor Green
|
Write-Warning "No profiles to delete"
|
||||||
} Catch {
|
|
||||||
Write-Host "Error during delete the profile" -ForegroundColor Red
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
If($profilesFound -eq 0){
|
|
||||||
Write-Warning "No profiles to delete"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user