Forum Discussion
Issue with date modified for NTUSER.DAT
Here is the code from the script:
#Purpose: Used to set the ntuser.dat last modified date to that of the last modified date on the user profile folder.
#This is needed because windows cumulative updates are altering the ntuser.dat last modified date which then defeats
#the ability for GPO to delete profiles based on date and USMT migrations based on date.$ErrorActionPreference = "SilentlyContinue"
$Report = $Null
$Path = "C:\Users"
$UserFolders = $Path | GCI -DirectoryForEach ($UserFolder in $UserFolders)
{
$UserName = $UserFolder.Name
If (Test-Path "$Path\$UserName\NTUSer.dat")
{
$Dat = Get-Item "$Path\$UserName\NTUSer.dat" -force
$DatTime = $Dat.LastWriteTime
If ($UserFolder.Name -ne "default"){
$Dat.LastWriteTime = $UserFolder.LastWriteTime
}
Write-Host $UserName $DatTime
Write-Host (Get-item $Path\$UserName -Force).LastWriteTime
$Report = $Report + "$UserName`t$DatTime`r`n"
$Dat = $Null
}
}
hi Joe
We struggle with the same problem in our school. Could you share the powershell script with us?
Here is the code from the script:
#Purpose: Used to set the ntuser.dat last modified date to that of the last modified date on the user profile folder.
#This is needed because windows cumulative updates are altering the ntuser.dat last modified date which then defeats
#the ability for GPO to delete profiles based on date and USMT migrations based on date.
$ErrorActionPreference = "SilentlyContinue"
$Report = $Null
$Path = "C:\Users"
$UserFolders = $Path | GCI -Directory
ForEach ($UserFolder in $UserFolders)
{
$UserName = $UserFolder.Name
If (Test-Path "$Path\$UserName\NTUSer.dat")
{
$Dat = Get-Item "$Path\$UserName\NTUSer.dat" -force
$DatTime = $Dat.LastWriteTime
If ($UserFolder.Name -ne "default"){
$Dat.LastWriteTime = $UserFolder.LastWriteTime
}
Write-Host $UserName $DatTime
Write-Host (Get-item $Path\$UserName -Force).LastWriteTime
$Report = $Report + "$UserName`t$DatTime`r`n"
$Dat = $Null
}
}
- It does not work for me. Windows Server 2016.
- Wrong thread
- Many thanks Joe for this script !
It works perfectly in our domain and now the GPO (delete user profiles older than...) works for the computers Windows 10 after a restart.
In other situation, we use this script and this command :
Get-WMIObject -class Win32_UserProfile | Where {(!$_.Special) -and ($_.ConvertToDateTime($_.LastUseTime) -lt (Get-Date).AddDays(-15))} | Remove-WmiObject
Why MS don’t solve this problem with a hotfix ?- Hello,
There were a number of fixes to address this issue, so that the Group Policy should be working with current updated builds. If you are still having issues with the Group Policy not working please file Feedback bugs.
Thanks
Darrell- Hello Darell,
Thanks for your reply.
Do you know the KB concerned ?
(We have W10 1903 build 18362)
In testing and across several computers I have found that the last modified date of the C:\users\username folder is not always accurate to when the user last logged in. For example on my computer my folder is last modified in August 2020, and it is now Oct 2020 and I use my account daily. I did test across several user account and the only file I found that gave an accurate date of any kind was the C:\Users\username\AppData\Local\IconCache.db file. It has a time stamp of when the user last logged off the computer. In most cases the user profile has this file, and it was the best option I could use to determine whether a profile was being used or not. Unfortunately the delprof2.exe tool was working great until the Windows Updates started modifying the ntuser.dat file for all users causing this whole problem, the delprof tool would not longer delete profile older the x days.
To get a list of files in a user profile I ran the below to identify the IconCache.db file. Hope this helps someone, as this thread got me going on the right track.
Get-ChildItem c:\Users\username -Recurse -Hidden| Select-Object FullName,LastWriteTime | sort-object -property Lastwritetime -descending | Out-File c:\temp\log.txt
Thanks for the script folks! I have modified it to add an excluded user profiles list and based mine on the date of UserClass.dat instead of IconCache as I found some users did not have one and UserClass was the next closest I could find.
#Purpose: Used to set the ntuser.dat last modified date to that of the last modified date on the users UsrClass.dat file. #This is needed because windows cumulative updates are altering the ntuser.dat last modified date which then defeats #the ability for GPO to delete profiles based on date and USMT migrations based on date. $ErrorActionPreference = "SilentlyContinue" $Report = $Null $Path = "C:\Users" $ExcludedUsers ="Public","zabbix_agent","svc",”user_1”,”user_2”,"default","defaultuser0","public","administrator" $UserFolders = $Path | GCI -Directory -Exclude $ExcludedUsers ForEach ($UserFolder in $UserFolders) { $UserName = $UserFolder.Name If (Test-Path "$Path\$UserName\NTUSer.dat") { $Dat = Get-Item "$Path\$UserName\NTUSer.dat" -force $DatTime = $Dat.LastWriteTime $Db = Get-Item "$Path\$Username\AppData\Local\Microsoft\Windows\UsrClass.dat" -force $UserClass = $Db.LastWriteTime $Dat.LastWriteTime = $UserClass Write-Host $UserName $DatTime Write-Host (Get-item $Path\$UserName\AppData\Local\Microsoft\Windows\UsrClass.dat -Force).LastWriteTime $Report = $Report + "$UserName`t$DatTime`r`n" $Dat = $Null $Db = $Null } }
SSUtech wrote:Thanks for the script folks! I have modified it to add an excluded user profiles list and based mine on the date of UserClass.dat instead of IconCache as I found some users did not have one and UserClass was the next closest I could find.
#Purpose: Used to set the ntuser.dat last modified date to that of the last modified date on the users UsrClass.dat file. #This is needed because windows cumulative updates are altering the ntuser.dat last modified date which then defeats #the ability for GPO to delete profiles based on date and USMT migrations based on date. $ErrorActionPreference = "SilentlyContinue" $Report = $Null $Path = "C:\Users" $ExcludedUsers ="Public","zabbix_agent","svc",”user_1”,”user_2”,"default","defaultuser0","public","administrator" $UserFolders = $Path | GCI -Directory -Exclude $ExcludedUsers ForEach ($UserFolder in $UserFolders) { $UserName = $UserFolder.Name If (Test-Path "$Path\$UserName\NTUSer.dat") { $Dat = Get-Item "$Path\$UserName\NTUSer.dat" -force $DatTime = $Dat.LastWriteTime $Db = Get-Item "$Path\$Username\AppData\Local\Microsoft\Windows\UsrClass.dat" -force $UserClass = $Db.LastWriteTime $Dat.LastWriteTime = $UserClass Write-Host $UserName $DatTime Write-Host (Get-item $Path\$UserName\AppData\Local\Microsoft\Windows\UsrClass.dat -Force).LastWriteTime $Report = $Report + "$UserName`t$DatTime`r`n" $Dat = $Null $Db = $Null } }Future copy-pasters: Be sure to edit the quotation marks next to "user_1" and "user_2" -- looks like this awesome code snippet from SSUtech accidentally brought in the stupid kind that breaks code.
FIXED QUOTES:
#Purpose: Used to set the ntuser.dat last modified date to that of the last modified date on the users UsrClass.dat file. #This is needed because windows cumulative updates are altering the ntuser.dat last modified date which then defeats #the ability for GPO to delete profiles based on date and USMT migrations based on date. $ErrorActionPreference = "SilentlyContinue" $Report = $Null $Path = "C:\Users" $ExcludedUsers ="Public","zabbix_agent","svc","user_1","user_2","default","defaultuser0","public","administrator" $UserFolders = $Path | GCI -Directory -Exclude $ExcludedUsers ForEach ($UserFolder in $UserFolders) { $UserName = $UserFolder.Name If (Test-Path "$Path\$UserName\NTUSer.dat") { $Dat = Get-Item "$Path\$UserName\NTUSer.dat" -force $DatTime = $Dat.LastWriteTime $Db = Get-Item "$Path\$Username\AppData\Local\Microsoft\Windows\UsrClass.dat" -force $UserClass = $Db.LastWriteTime $Dat.LastWriteTime = $UserClass Write-Host $UserName $DatTime Write-Host (Get-item $Path\$UserName\AppData\Local\Microsoft\Windows\UsrClass.dat -Force).LastWriteTime $Report = $Report + "$UserName`t$DatTime`r`n" $Dat = $Null $Db = $Null } }
Thanks so much for this script, it saved me a ton of troubleshooting time!
Can you please explain step by step how you made it work? I created the Computer Policy "delete user profiles older than.." and then I also configured the startup script using the powershell script file. But nothing happens.
If you could help I would be glad.
Thanks.
thanks, I will try this and give you feedback!
