Deleting Roaming User Profiles Batch Scipt

PREFACE


Sorry for the lapse in posts as of late. We're gearing up for a new school year and I've been a bit busy. It turns out this blog doesn't get an amazing amount of views a day, but it gets enough for me to know that it might be helping someone. I write these posts because I've always found myself having an unique issue that most forums do not answer specifically. So most of my posts are for specific issues rather than covering a broad subject.

With that said I have a batch script that I wrote today to cleanup my file server. It's very rudimentary so bear with me.

INTRO


In the education environment you have children that leave the system every year. It's amazing what a child in the extent of a year can rack up in terms of roaming data. We use roaming profiles and folder redirection here for the students data. So every year our servers get loaded with 10s of thousands of files. Every year I used to go through the folders and adjust permissions and delete. Which as you can imagine became quite the pain.

We also use this server for backing up workstations when we need to update them to a new operating system or just refresh the computer. We don't erase any data from the backups until the end of the year just in case. This can also add up to 100s of gigabytes of data and 10s of thousands of files.

ISSUE

The issue with this was simple but tedious. The folder redirection and backups were an easy solution. Just write a script to delete the folder because there are no special permissions preventing administrators from doing so. The user profile folders are a different story all together. Their permissions (at least in my case) seem to be hit or miss. I'll explain that in a minute.

SOLUTION

By default the permissions set on roaming profiles is for the user of the profile to also be the owner. This means even the highest level administrator in the enterprise cannot delete this folder. I needed to take ownership of each folder where the profiles are located.

<EDIT> Some people will say just set the GPO in Active Directory "Add the Administrators security group to roaming user profiles". Which is correct and I have done that, but for whatever reason it doesn't always get applied. Some folders will delete just fine and others will not. Again ......a specific answer for a specific problem. </EDIT>

I saw some PowerShell scripts out there, but they kept failing at different parts. They also did not do exactly what I needed them to do. (Why I started this blog) I'm more versed with the old ninja style of command prompts and batch files.

The first thing we must do is to take ownership of the folder structure. So if we have a folder structure like so:

Folder1
|----Folder2
|--------File1
|--------File2

We need to take ownership of Folder1 all the way down to File2. This is a recursive function. Luckily Windows is ready for that and makes a tool just for that.

TAKEOWN : this program is specifically made to take, forcefully or not, ownership of a folder, file, or folder structure.
Here is the syntax:

takeown /f <PATH> /r /d y

 The /f switch is to specify a file or directory pattern.
The /r switch is to specify whether to be recursive or not.
The /d switch is to specify the default answer with confirming the operation.

*NOTE for the /d switch* Default answer used when the current user does not have the "list folder" permission on a directory.  This occurs while operating recursively (/R) on sub-directories. Valid values "Y" to take ownership or "N" to skip.

Takeown will recursively travel through your folder structure taking ownership of everything in it granted that you have the given permission.

The next step is adjust the permissions on the files in the folder structure.

ICACLS : this program can recursively travel a folder structure and adjust permissions in a very simple or complex way. I used the very simple way because I'm just looking to delete these files to free up space.
Here is the syntax:

icacls <PATH> /grant Administrator:F /t /c

The /grant switch is to grant permissions to the user you specify.
The Administrator:F says that you want to grant user Administrator full access to folder and file.
The /t switch indicates that this operation is performed on all matching files/directories below the directories specified in the name. (Recursive for my use)
The /c switch says to continue even if there is an error. This is a must on large folder structures. If you do not use this switch it could fail on file 5,000 and you'd have to start the process all over.
You can also use the /s switch which suppresses output.

These processes, especially the take ownership step, will take a very LONG time. It took me around 15 minutes (estimating) to run though about 10gb of data.

The next step is just to delete the folder structure. I wanted this step automated as well so I added more to my script.

del /q C:\PATH\*
for /d %%x in (c:\PATH\*) do @rd /s /q ^"%%x^"

The del line will delete any files in the top level of PATH.
The for line will run through every folder and it's folders to delete every file in the tree and work backwards until the folder tree is deleted.

This will not delete the top level folder by design. The top level folder in my environment needed to stay intact to keep permissions consistent.

Below is my whole script. Copy into a text file and save as filename.cmd

------------------------------------- Start below this line -----------------------------------
@echo off
Echo --------------------------------------------------------
echo *
echo *
echo * This process will take quite sometime.               *
echo * This process will clean the server's stored roaming  *
echo * profiles, student folder redirection files, and all  *
echo * computer backup files.
echo *
echo --------------------------------------------------------
echo *
echo *
echo * !!!!!!!!!!!! PROCEED WITH EXTREME CAUTION !!!!!!!!!! *
echo *                                                      *
echo * This process will remove all permissions from user   *
echo * profiles. The data will be be permanently removed by *
echo * this process
echo --------------------------------------------------------
echo +
echo +
pause
Echo --------------------------------------------------------
echo *
echo * Taking ownership of E:\LAUserProfile$                *
echo * This will take a very long time.                     *
echo *
echo --------------------------------------------------------
takeown /f C:\PATH /r /d y
icacls C:\PATH /grant Administrator:F /t /c
echo ++ DONE ++
echo ++++++++++
echo --------------------------------------------------------
echo *
echo * Removing Student Folder Redirection files            *
echo * This will not take a very long time.                 *
echo *
echo --------------------------------------------------------
del /q C:\PATH\*
for /d %%x in (C:\PATH\*) do @rd /s /q ^"%%x^"
echo ++ DONE ++
echo ++++++++++
echo --------------------------------------------------------
echo *
echo * Removing Student User Profiles                       *
echo * This can take several minutes                        *
echo *
echo --------------------------------------------------------
del /q C:\PATH\*
for /d %%x in (c:\PATH\*) do @rd /s /q ^"%%x^"
echo ++ DONE ++
echo ++++++++++
echo --------------------------------------------------------
echo *
echo * Removing Computer backups from e:\Transfer\Backups   *
echo * This can take several minutes depending on size      *
echo *
echo --------------------------------------------------------
del /q c:\PATH\*
for /d %%x in (c:\PATH\*) do @rd /s /q ^"%%x^"
echo ++ DONE ++
echo ++++++++++

Comments

Post a Comment

Popular posts from this blog

DISM An error occurred while attempting to start the servicing process for the image.

Image
This is an issue I've had a few times and when you look around on the forums you see multiple answers. I found the right one on an obscure forum that I can't think of right now. The quick answer is this: Use the correct version of DISM to service the image . They must be in the same "generation". For Windows 8.1 and Windows Server 2012 R2 this version is : 6.3.9600.16384 For Windows 8 and Windows Server 2012 and below this version is : 6.2.9200.16384 Background and Setup: I have a Windows Server 2012 box running System Center Configuration Manager 2012 R2. We are in the process of switching our primary OS for new systems to Windows 8.1 Enterprise x64. As I build my images the old fashioned I tend to forget a few things from time to time. In this case I built the image without installing the .NET feature. The instructions to do that are here: http://technet.microsoft.com/en-us/library/dn482069.aspx So I'm following the instructions to get a refresher on
Read more

Optiplex 380 STOP Error: NMI Parity Check/Memory Parity Error

Image
I received a support ticket today from one of our schools saying they had a strange error coming up. I asked the usual questions like did you reboot, what color is the screen, etc. She said it was the BSOD, but it looked different. After going to take a look at the machine I saw the error and I hard rebooted the machine. I came to see this error: At first thought I figured this was a memory error, but it was not. After I removed each stick of RAM one-by-one the error persisted. After a bit of Googling I ran across this article. http://www.dell.com/support/troubleshooting/bz/en/bzdhs1/KCS/KcsArticles/ArticleView?c=bz&l=en&s=dhs&docid=604790 This says it's a NIC issue and you can fix it by uninstalling the old driver and reinstalling. This, however, was not the case. The NIC was failing at POST, far too soon for a driver to be the issue. I also updated the BIOS to A07. (Was on A01) This did nothing as well. I resolved the issue by adding a NIC into the machine an
Read more