Forum Discussion

Joe_Friedel's avatar
Joe_Friedel
Brass Contributor
Aug 31, 2017
Solved

Issue with date modified for NTUSER.DAT

Is Microsoft aware of an issue with various Windows 10 processes causing the date modified timestamp on the NTUSER.DAT file in unused profiles to change? We have specifically noticed that installatio...
  • Joe_Friedel's avatar
    Joe_Friedel
    Feb 23, 2018

    Here is the code from the script:

     

    #Purpose: Used to set the ntuser.dat last modified date to that of the last modified date on the user profile folder.
    #This is needed because windows cumulative updates are altering the ntuser.dat last modified date which then defeats
    #the ability for GPO to delete profiles based on date and USMT migrations based on date.

    $ErrorActionPreference = "SilentlyContinue"
    $Report = $Null
    $Path = "C:\Users"
    $UserFolders = $Path | GCI -Directory

    ForEach ($UserFolder in $UserFolders)
    {
    $UserName = $UserFolder.Name
    If (Test-Path "$Path\$UserName\NTUSer.dat")
        {
        $Dat = Get-Item "$Path\$UserName\NTUSer.dat" -force
        $DatTime = $Dat.LastWriteTime
        If ($UserFolder.Name -ne "default"){
            $Dat.LastWriteTime = $UserFolder.LastWriteTime
        }
        Write-Host $UserName $DatTime
        Write-Host (Get-item $Path\$UserName -Force).LastWriteTime
        $Report = $Report + "$UserName`t$DatTime`r`n"
        $Dat = $Null
        }
    }

MB_99's avatar
MB_99
Copper Contributor
Jan 20, 2023

cameron1340 @Ryan Pertusio 

If anyone is interested I have created a script that will allow for cleanup eventually, it uses a scheduled task that writes to a file in the user profile, and then deletes based on the date contained in that file.  It is the best I could come up with, if anyone has any other ideas for capturing the last logon without using the scheduled task please let me know.  Thanks.

 

https://github.com/barrett101/Windows-User-Profile-Remover

kzapater1981's avatar
kzapater1981
Copper Contributor
Oct 13, 2023

MB_99 

 

Thank you so much for sharing this script.

 

I'm not the best at PowerShell and coding in general unfortunately, I was just querying the $WorkingFolder variable in the RemoveUserProfiles.ps1 script. I can't seem to find where the value is to change it, I've looked over the script and don't know if I'm just missing it.

 

I'm also curious as to how this could be deployed via Intune if you have any tips please? I'd assume it would be a Win32 package but I'm not sure on what the command line would be to use it.

 

Thank you once again, your help is really appreciated.

  • Ryan Pertusio's avatar
    Ryan Pertusio
    Copper Contributor
    Oct 13, 2023
    kzapater1981 (and MB_99),
    Intune has what you're looking for already.

    Intune -> Devices -> Remediations

    You can run a PowerShell script on a schedule (every X hours for example).
  • MB_99's avatar
    MB_99
    Copper Contributor
    Oct 13, 2023

    kzapater1981 

     

    Take a look at https://github.com/barrett101/Windows-User-Profile-Remover/tree/main it explains how the working folder works.  You define it as an argument when you run the PS1 file.

     

    As for deploying with Intune, a Win32 app to get it on there, but you would need to create a script to create you a scheduled task, so it runs the RemoveUserProfiles.ps1 script on a regular basis.  If you have an RMM you could probably push out on a schedule easier and have a place to log activity.  I wish Intune had a better solution for running recurring tasks.