UserProfile Management with PowerShell
We have an issue where quarterly Nessus scans enumerate vulnerability findings for every user profile on an endpoint. This started me on a path to remove obsolete user profiles to reduce the noise from Nessus. I need to accomplish three things in my final script: 1. set the execution policy to bypass; 2. reset the NTUser.dat to the last write time (if this is not done, the third criteria will not return any hits); 3. find all user profiles older than 60 days and delete them. I did try the GPO to delete profiles older than a certain number of days, but it never removes all of them. I pieced together a script from a couple diff sources and came up with the below. My PowerShell-fu is not that advanced so I am looking for suggestions to make it more efficient. The script works, but I noticed that empty user profile folders at C:\Users\ were left behind. Please advise. Is this a candidate to be made into a function? $ErrorActionPreference = "SilentlyContinue" $Report = $Null $Path = "C:\Users" $UserFolders = $Path | GCI -Directory $currentDate = Get-Date $ageLimit = 60 $userProfiles = Get-ChildItem -Path $Path Set-ExecutionPolicy Bypass -Force ForEach ($UserFolder in $UserFolders) { $UserName = $UserFolder.Name If (Test-Path "$Path\$UserName\NTUSer.dat") { $Dat = Get-Item "$Path\$UserName\NTUSer.dat" -force $DatTime = $Dat.LastWriteTime If ($UserFolder.Name -ne "default") { $Dat.LastWriteTime = $UserFolder.LastWriteTime } } } ForEach ($profile in $userProfiles) { $lastWriteTime = $profile.LastWriteTime $profileAge = ($currentDate - $lastWriteTime).Days If ($profileAge -ge $ageLimit) { Remove-Item -Path $profile.FullName -Recurse -Force } }