Monday, October 10, 2011

Delete old profiles

Had an issue with a client where SCCM was mounting each user profile (NTUSER.DAT) everyday and the profile age was always the same for all users on the machine even if some had not logged in for months. so knocked this out that looks at the DateModified on the profile directory which only gets updated when the user logs out.

 using System;


using System.Collections.Generic;

using System.Text;

using Microsoft.Win32;

using System.IO;

using System.Security.Principal;

using System.Runtime.InteropServices;

using System.Diagnostics;







namespace DelProfs

{

class Program

{



private static string m_skeyName = "";



public static string skeyName

{

get { return m_skeyName; }

set { m_skeyName = value; }

}



private static string m_sHKLMkeyName = "";



public static string sHKLMkeyName

{

get { return m_sHKLMkeyName; }

set { m_sHKLMkeyName = value; }

}



private static string m_sFile2Check = "";



public static string sFile2Check

{

get { return m_sFile2Check; }

set { m_sFile2Check = value; }

}



[DllImport("userenv.dll", SetLastError = true)]

static extern bool DeleteProfile(string lpSidString, string lpProfilePath, string lpcomputername);

[DllImport("kernel32", SetLastError = true, CallingConvention = CallingConvention.Winapi)]

public extern static IntPtr LoadLibrary(string libraryName);

[DllImport("kernel32", SetLastError = true, CallingConvention = CallingConvention.Winapi)]

public extern static IntPtr GetProcAddress(IntPtr hwnd, string procedureName);



static void Main(string[] args)

{

//if (Is32BitProcessOn64BitProcessor())

//{

// skeyName = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList";

// sHKLMkeyName = "SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList";

//}

//else

//{

skeyName = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList";

sHKLMkeyName = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList";

//}



sFile2Check = "NTUSER.DAT";



//const string lpcomputername = null;

if (args.Length == 0)

{

System.Console.WriteLine("Please Enter the Age of Profiles to Delete in Days.");

System.Console.WriteLine("Usage: DelProfs ");

System.Console.WriteLine();

return;

//return 1;

}

string sdefUserDomain = "";

string sdefUserName = "";

int num;

bool test = int.TryParse(args[0], out num);



if (test == false)

{

System.Console.WriteLine("Please Enter the Age of Profiles to Delete in Days.");

System.Console.WriteLine("Usage: DelProfs ");

System.Console.WriteLine();

return;

//return 1;

}



if (args.Length == 3)

{

//get the default domain and username passed from smartbutton

sdefUserDomain = args[1].ToUpper();

sdefUserName = args[2].ToUpper();

//System.Console.WriteLine(sdefUser);

//return;

}



string sComputerName = "";

sComputerName = (string)Registry.GetValue("HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName","Computername","");

//return;

//int iMaxAge = 10;

int iMaxAge = num;

string sProfilePath = (string)Registry.GetValue(skeyName, "ProfilesDirectory", "");

sProfilePath = Environment.ExpandEnvironmentVariables(sProfilePath);

if (sProfilePath != "")

{

try

{

foreach (string sdir in Directory.GetDirectories(sProfilePath))

{

//System.Console.WriteLine(sdir);

//string sTemp = Path.Combine(sdir, "HELPASSISTANT");

if ((sdir.ToUpper().Contains(sComputerName)) && (sComputerName != ""))

{

DeleteUserProfileKey(Path.Combine(sdir, "HELPASSISTANT"));

}



DateTime dFolderAge = getFolderDateModified(sdir);

int iAge = HowOld(dFolderAge);

if (iAge > iMaxAge)

{

string scheck = Path.Combine(sdir, sFile2Check);

if ((File.Exists(scheck))

((File.GetAttributes(scheck) & FileAttributes.Hidden) == FileAttributes.Hidden))

{

//check owner

//string sowner = "";

string sowner = getFileOwner(Path.Combine(sdir, sFile2Check));



if (sowner.IndexOf("\\") > 0)

{



string[] split = null;

char[] splitchar = { '\\' };

split = sowner.Split(splitchar);



string sDomainNaime = split[0];

string sUserName = split[1];



if ((sDomainNaime.ToUpper() == "BUILTIN")

(sDomainNaime.ToUpper() == "NT AUTHORITY")



(sDomainNaime.ToUpper() == "ERROR")

(sDomainNaime.ToUpper() == "WINDOWSLIVEID")



(sDomainNaime.ToUpper() == "IIS APPPOOL")



((sDomainNaime.ToUpper() == sdefUserDomain.ToUpper()) && (sUserName.ToUpper() == sdefUserName.ToUpper())



(sUserName.ToUpper().Contains("CLEARCASE")))

)

{

//Excluded account profiles

}

else

{

//ForceDeleteDirectory(sdir);

//DeleteUserProfileKey(sdir);

DeleteUserProfileKey(sdir);

}



}

else

{

// not a domain account

}

}

else

{

//no ntuser.dat found so delete it anyway

//ForceDeleteDirectory(sdir);

//DeleteUserProfileKey(sdir);

DeleteUserProfileKey(sdir);

}

}

}

}

catch (Exception)

{

//Console.WriteLine(excpt.Message);

}

}

else { }



}





public static int HowOld(DateTime d1)

{

TimeSpan ts = DateTime.Now - d1;

return Math.Abs(ts.Days);

}





public static void DeleteUserProfileKey(string sProfilePath)

{

//string keyName = "LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList";

Boolean bfound = false;

try

{

using (RegistryKey profileList = Registry.LocalMachine.OpenSubKey(sHKLMkeyName))

{

//Get a list of SIDs corresponding to each profile on the computer

string[] sidList = profileList.GetSubKeyNames();

foreach (string ssid in sidList)

{

try

{

string sRegPath = Path.Combine(skeyName, ssid);

string sProfileTestPath = (string)Registry.GetValue(sRegPath, "ProfileImagePath", "");



if (sProfileTestPath.ToUpper() == sProfilePath.ToUpper())

{

DeleteProfile(ssid, sProfilePath, null);

bfound = true;

ForceDeleteDirectory(sProfilePath);

DeleteProfile(ssid, sProfilePath, null);

}



// }

}

catch (Exception)

{

//Console.WriteLine(e.Message);

}

}

if (bfound == false)

{



ForceDeleteDirectory(sProfilePath);

}



}

}

catch (Exception)

{

// Console.WriteLine(e.Message);



}

}



public static void deleteRegKeySub(string skey)

{

try

{

Registry.LocalMachine.DeleteSubKeyTree(skey);

}

catch (Exception)

{

}

}



public static string getFileOwner(string sFile)

{

try

{

if (File.Exists(sFile))

{

var fs = File.GetAccessControl(sFile);



var sid = fs.GetOwner(typeof(SecurityIdentifier));

//Console.WriteLine(sid); // SID



var ntAccount = sid.Translate(typeof(NTAccount));

//Console.WriteLine(ntAccount); // DOMAIN\username



return ntAccount.ToString().ToUpper();

}

else

{

return "";

}

}

catch (Exception)

{

return "";

}

}



public static DateTime getFolderDateModified(string sFolderPath)

{

try

{

string spath = @sFolderPath;

if (!Directory.Exists(spath))

{

return DateTime.Now;

}

else

{

return Directory.GetLastWriteTime(spath);

}

}

catch (Exception)

{

return DateTime.Now;

}



}



//private static void DeleteFileSystemInfo(FileSystemInfo fsi)

//{

// fsi.Attributes = FileAttributes.Normal;

// var di = fsi as DirectoryInfo;



// if (di != null)

// {

// foreach (var dirInfo in di.GetFileSystemInfos())

// DeleteFileSystemInfo(dirInfo);

// }



// fsi.Delete();

//}



public static void ForceDeleteDirectory(string path)

{

DirectoryInfo root;

Stack fols;

DirectoryInfo fol;

try

{

fols = new Stack();

root = new DirectoryInfo(path);

fols.Push(root);

while (fols.Count > 0)

{

fol = fols.Pop();

fol.Attributes = fol.Attributes & ~(FileAttributes.Archive
FileAttributes.ReadOnly
FileAttributes.Hidden);

foreach (DirectoryInfo d in fol.GetDirectories())

{

fols.Push(d);

}

foreach (FileInfo f in fol.GetFiles())

{

f.Attributes = f.Attributes & ~(FileAttributes.Archive
FileAttributes.ReadOnly
FileAttributes.Hidden);

f.Delete();

}

}

root.Delete(true);

}

catch { }

}







private delegate bool IsWow64ProcessDelegate([In] IntPtr handle, [Out] out bool isWow64Process);



public static bool IsOS64Bit()

{

try

{

if (IntPtr.Size == 8

(IntPtr.Size == 4 && Is32BitProcessOn64BitProcessor()))

{

return true;

}

else

{

return false;

}

}

catch (Exception)

{

return false;

}



}



private static IsWow64ProcessDelegate GetIsWow64ProcessDelegate()

{

try

{



IntPtr handle = LoadLibrary("kernel32");

if (handle != IntPtr.Zero)

{

IntPtr fnPtr = GetProcAddress(handle, "IsWow64Process");



if (fnPtr != IntPtr.Zero)

{

return (IsWow64ProcessDelegate)Marshal.GetDelegateForFunctionPointer((IntPtr)fnPtr, typeof(IsWow64ProcessDelegate));

}

}

}

catch (Exception)

{ }

return null;



}



private static bool Is32BitProcessOn64BitProcessor()

{

bool isWow64 = false;

bool retVal = false;

try

{

IsWow64ProcessDelegate fnDelegate = GetIsWow64ProcessDelegate();



if (fnDelegate == null)

{

return false;

}



retVal = fnDelegate.Invoke(Process.GetCurrentProcess().Handle, out isWow64);

}

catch (Exception)

{ }



if (retVal == false)

{

return false;

}

return isWow64;

}



}

}

Search Brian Hehir's sites

Loading