Deleting Roaming User Profiles Batch Scipt
PREFACE
Sorry for the lapse in posts as of late. We're gearing up for a new school year and I've been a bit busy. It turns out this blog doesn't get an amazing amount of views a day, but it gets enough for me to know that it might be helping someone. I write these posts because I've always found myself having an unique issue that most forums do not answer specifically. So most of my posts are for specific issues rather than covering a broad subject.
With that said I have a batch script that I wrote today to cleanup my file server. It's very rudimentary so bear with me.
INTRO
In the education environment you have children that leave the system every year. It's amazing what a child in the extent of a year can rack up in terms of roaming data. We use roaming profiles and folder redirection here for the students data. So every year our servers get loaded with 10s of thousands of files. Every year I used to go through the folders and adjust permissions and delete. Which as you can imagine became quite the pain.
We also use this server for backing up workstations when we need to update them to a new operating system or just refresh the computer. We don't erase any data from the backups until the end of the year just in case. This can also add up to 100s of gigabytes of data and 10s of thousands of files.
ISSUE
The issue with this was simple but tedious. The folder redirection and backups were an easy solution. Just write a script to delete the folder because there are no special permissions preventing administrators from doing so. The user profile folders are a different story all together. Their permissions (at least in my case) seem to be hit or miss. I'll explain that in a minute.SOLUTION
By default the permissions set on roaming profiles is for the user of the profile to also be the owner. This means even the highest level administrator in the enterprise cannot delete this folder. I needed to take ownership of each folder where the profiles are located.<EDIT> Some people will say just set the GPO in Active Directory "Add the Administrators security group to roaming user profiles". Which is correct and I have done that, but for whatever reason it doesn't always get applied. Some folders will delete just fine and others will not. Again ......a specific answer for a specific problem. </EDIT>
I saw some PowerShell scripts out there, but they kept failing at different parts. They also did not do exactly what I needed them to do. (Why I started this blog) I'm more versed with the old ninja style of command prompts and batch files.
The first thing we must do is to take ownership of the folder structure. So if we have a folder structure like so:
Folder1
|----Folder2
|--------File1
|--------File2
We need to take ownership of Folder1 all the way down to File2. This is a recursive function. Luckily Windows is ready for that and makes a tool just for that.
TAKEOWN : this program is specifically made to take, forcefully or not, ownership of a folder, file, or folder structure.
Here is the syntax:
takeown /f <PATH> /r /d y
The /f switch is to specify a file or directory pattern.
The /r switch is to specify whether to be recursive or not.
The /d switch is to specify the default answer with confirming the operation.
*NOTE for the /d switch* Default answer used when the current user does not have the "list folder" permission on a directory. This occurs while operating recursively (/R) on sub-directories. Valid values "Y" to take ownership or "N" to skip.
Takeown will recursively travel through your folder structure taking ownership of everything in it granted that you have the given permission.
The next step is adjust the permissions on the files in the folder structure.
ICACLS : this program can recursively travel a folder structure and adjust permissions in a very simple or complex way. I used the very simple way because I'm just looking to delete these files to free up space.
Here is the syntax:
icacls <PATH> /grant Administrator:F /t /c
The /grant switch is to grant permissions to the user you specify.
The Administrator:F says that you want to grant user Administrator full access to folder and file.
The /t switch indicates that this operation is performed on all matching files/directories below the directories specified in the name. (Recursive for my use)
The /c switch says to continue even if there is an error. This is a must on large folder structures. If you do not use this switch it could fail on file 5,000 and you'd have to start the process all over.
You can also use the /s switch which suppresses output.
These processes, especially the take ownership step, will take a very LONG time. It took me around 15 minutes (estimating) to run though about 10gb of data.
The next step is just to delete the folder structure. I wanted this step automated as well so I added more to my script.
del /q C:\PATH\*
for /d %%x in (c:\PATH\*) do @rd /s /q ^"%%x^"
The del line will delete any files in the top level of PATH.
The for line will run through every folder and it's folders to delete every file in the tree and work backwards until the folder tree is deleted.
This will not delete the top level folder by design. The top level folder in my environment needed to stay intact to keep permissions consistent.
Below is my whole script. Copy into a text file and save as filename.cmd
------------------------------------- Start below this line -----------------------------------
@echo off
Echo --------------------------------------------------------
echo *
echo *
echo * This process will take quite sometime. *
echo * This process will clean the server's stored roaming *
echo * profiles, student folder redirection files, and all *
echo * computer backup files.
echo *
echo --------------------------------------------------------
echo *
echo *
echo * !!!!!!!!!!!! PROCEED WITH EXTREME CAUTION !!!!!!!!!! *
echo * *
echo * This process will remove all permissions from user *
echo * profiles. The data will be be permanently removed by *
echo * this process
echo --------------------------------------------------------
echo +
echo +
pause
Echo --------------------------------------------------------
echo *
echo * Taking ownership of E:\LAUserProfile$ *
echo * This will take a very long time. *
echo *
echo --------------------------------------------------------
takeown /f C:\PATH /r /d y
icacls C:\PATH /grant Administrator:F /t /c
echo ++ DONE ++
echo ++++++++++
echo --------------------------------------------------------
echo *
echo * Removing Student Folder Redirection files *
echo * This will not take a very long time. *
echo *
echo --------------------------------------------------------
del /q C:\PATH\*
for /d %%x in (C:\PATH\*) do @rd /s /q ^"%%x^"
echo ++ DONE ++
echo ++++++++++
echo --------------------------------------------------------
echo *
echo * Removing Student User Profiles *
echo * This can take several minutes *
echo *
echo --------------------------------------------------------
del /q C:\PATH\*
for /d %%x in (c:\PATH\*) do @rd /s /q ^"%%x^"
echo ++ DONE ++
echo ++++++++++
echo --------------------------------------------------------
echo *
echo * Removing Computer backups from e:\Transfer\Backups *
echo * This can take several minutes depending on size *
echo *
echo --------------------------------------------------------
del /q c:\PATH\*
for /d %%x in (c:\PATH\*) do @rd /s /q ^"%%x^"
echo ++ DONE ++
echo ++++++++++
Comments
Post a Comment