2

I'm using active directory to manage logins to a large number of servers. We have various admins that will be connecting via RDP to these servers. Is there a way I can force windows to remove their local profiles after they log out?

I found the 'Delete user profiles older then a specified number of days on system restart' and 'Delete cached copies of roaming profiles', however the former doesn't help a whole lot (these servers generally only get restarted for windows updates), and the latter doesn't seem to apply to local profiles.

I might be able to accomplish this with a script that runs on logout, however I'd rather not do that unless absolutely necessary.

devicenull
  • 5,622
  • 1
  • 26
  • 31

4 Answers4

4

What you can do is making a simple schedule task, using a tool like delprof2, that runs at the interval you want. You would would likely have to add a check to make sure you dont try to delete the profile of a user that is logged in.

This being said you should take into account the much longer login time after a profile is deleted ( In terms of how often its done).

EKS
  • 535
  • 1
  • 5
  • 14
  • I was just going to suggest the use of my tool Delpro2, mentioned kindly by @EKS. You do not have to worry about the profiles of users that are currently logged on - Delprof2 excludes those automatically. I would also like to mention that there is no functionality built into Windows to remove local profiles at logoff. – Helge Klein Mar 07 '12 at 13:20
  • Delprof doesn't work after Windows XP/2003. If you use it on 2008/2008R2/Vista/7 it will *not* be pretty. Make sure that you're using delprof2. – MDMarra Mar 07 '12 at 14:08
  • Version of Delprof that i linked to works with newer OS @MDMarra – EKS Mar 07 '12 at 14:22
  • 1
    Right. You linked to delprof2, but said delprof, which are two different programs. I'm just making it clear to anyone that reads your answer but doesn't actually follow your link. They are two different applications. Delprof was a Microsoft tool. Delprof2 is not. – MDMarra Mar 07 '12 at 14:36
  • Perfectly fine, i changed my text to make clear. – EKS Mar 07 '12 at 15:05
0

This is not 100% an answer to your question but rather then having them having local profiles you could configure them to use roaming profiles. This will keep the local profiles from being generated on the servers they log into. Not sure if you have considered this or not but it seems like a solution to your problem.

More on roaming profiles set up here: http://technet.microsoft.com/en-us/library/cc738596%28v=ws.10%29.aspx

jer.salamon
  • 449
  • 4
  • 12
  • I thought about that, the problem is many of our locations are remote and have high ping and relatively low bandwidth. Having to sync remote profiles to the machines would take quite a bit of time, which would be annoying when trying to log in. – devicenull Mar 07 '12 at 03:30
0

You can specify the following settings:

Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Profiles

"Use mandatory profiles on the RD Session Host server"
"Set path for Remote Desktop Services Roaming User Profile"

and combine that with System > Profiles

"Delete cached copies of roaming profiles".

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
0

The problem with local profile deletion in windows is if a user logs on, you cannot delete the profile without rebooting or forcing their GUID to unmount in the registry. Also, on a windows vista,including server versions, and up machine you would have to remove the profile from the HKLM\Software\Microsoft\windows Nt\CurrentVersion\profilelist area.

Phillip R.
  • 341
  • 2
  • 9