A common pain point in an IT administrator’s career is user profiles. User profiles are a ubiquitous part of a Windows IT pro’s life; especially those that manage virtual desktop environments like Remote Desktop Services (RDS) or Citrix. In this post, I’m going to demonstrate a way you take out your aggression by using PowerShell to delete user profiles (and discover them).
Windows system administrators have to deal with:
- corrupted user registry hives
- files that need shared across all user profiles
- figuring out how to recreate corrupt profiles
- …and more
What was once a frustrating experience has gotten a little less frustrating with PowerShell. Here are a few ways that PowerShell can make managing Windows user profiles easier.
Enumerating User Profiles
It’s easy to take a peek at user profiles on the file system on a single Windows computer. Simply look in the C:\Users folder. But not only are you not getting the full picture when you do this, it’s also troublesome due to potential file system access problems. There’s a better way and that’s through WMI or CIM. In CIM, a class exists called Win32_UserProfile. This class contains all of the profiles that exist on a machine and lots of other useful information that a simple file system folder won’t tell you.
Using PowerShell, you can access this CIM class with the Get-CimInstance
command.
Below, I’m finding the first user profile on the the local computer. You’ll notice many useful tidbits of information like LastUseTime
, SID
and so on.
PS C:\> Get-CimInstance -ClassName win32_userprofile | Select-Object -First 1
AppDataRoaming : Win32_FolderRedirectionHealth
Contacts : Win32_FolderRedirectionHealth
Desktop : Win32_FolderRedirectionHealth
Documents : Win32_FolderRedirectionHealth
Downloads : Win32_FolderRedirectionHealth
Favorites : Win32_FolderRedirectionHealth
HealthStatus : 3
LastAttemptedProfileDownloadTime :
LastAttemptedProfileUploadTime :
LastBackgroundRegistryUploadTime :
LastDownloadTime :
LastUploadTime :
LastUseTime : 3/14/2019 3:06:39 PM
Links : Win32_FolderRedirectionHealth
Loaded : False
LocalPath : C:\Users\.NET v4.5 Classic
Music : Win32_FolderRedirectionHealth
Pictures : Win32_FolderRedirectionHealth
RefCount :
RoamingConfigured : False
RoamingPath :
RoamingPreference :
SavedGames : Win32_FolderRedirectionHealth
Searches : Win32_FolderRedirectionHealth
SID : S-1-5-82-3876422241-1344743610-1729199087-774402673-2621913236
Special : False
StartMenu : Win32_FolderRedirectionHealth
Status : 0
Videos : Win32_FolderRedirectionHealth
PSComputerName :
The Get-CimInstance
cmdlet not only works locally but remotely as well. By using the ComputerName
parameter, you can specify, 1, 10 or 100 different remote computers and it will happily query each one.
PS C:\> Get-CimInstance -ClassName Win32_UserProfile -ComputerName localhost,WINSRV
Deleting User Profiles
Once you understand how to enumerate user profiles on computers, you can take it one step further and delete those user profiles as well.
I can’t count how many times I’ve had to delete user profiles because something got corrupted and I just needed the user to log in again and recreate it. At one time, I would simply have the user log off and remove the C:\Users<UserName> folder from the file system. Usually it works, sometimes it didn’t. What I didn’t realize was that I was actually leaving some remnants behind.
The proper way to do this is to initiate a removal via CIM.
Using the same CIM class you just went over, it’s possible to not only just view profiles but you can completely remove them as well. This is the same as going into the User Profiles box under System settings and hitting the Delete button.
To do this, enumerate the user profiles again and this time apply a filter to pick a single user profile to remove. In this case, remove the user profile called UserA. You can do this by using PowerShell’s Where-Object
cmdlet and some string manipulation to grab the user folder name from the LocalPath
property as shown below.
Once you’re able to narrow down that single profile you can pass that CIM instance to the Remove-CimInstance
cmdlet for each object that Get-CimInstance
returns. This process will remove the user profile from the file system and the registry.
Get-CimInstance -Class Win32_UserProfile | Where-Object { $_.LocalPath.split('\')[-1] -eq 'UserA' } | Remove-CimInstance
Again, if you’d like to extend this to multiple computers you’d simply use the ComputerName
parameter on Get-CimInstance
.
Get-CimInstance -ComputerName SRV1,SRV2,SRV3 -Class Win32_UserProfile | Where-Object { $_.LocalPath.split('\')[-1] -eq 'UserA' } | Remove-CimInstance
Manage and Report Active Directory, Exchange and Microsoft 365 with ManageEngine ADManager Plus. Download Free Trial!
Summary
You’ve now seen an easy way to enumerate and delete Windows user profiles. If you weren’t aware of the CIM class Win32_UserProfile you may have been correlating the C:\Users<Username> folder as the profile but you should know to delete the Win32_UserProfile CIM instance now.
You can see there’s much more to the user profile than a simple file system folder. Use CIM the next time you need to query or delete user profiles from Windows computers in your environment.