# Chawn Limited - Citrix Partner - Silver Solution Advisor
# No Liability accepted - Use at your own risk
# Ensure that you validate usage of this script in a pre-prod environment
# Create a task that is triggered by System Winlogon Log Event ID 7002
# Powershell.exe -ExecutionPolicy ByPass -NoProfile -File <PathToFile>\TrasherV1.ps1

# adjust the script sleep time to allow for the user to log off fully
Start-Sleep -Seconds 3

# Define Domain Users that you wish to exclude from profile deletion - case sensitive
$excludeUsers=@("MYDOMAIN\xdadmin","MYDOMAIN\User1")

$SIDs=@()
$SIDs=gwmi -Query "Select * from win32_userprofile where Loaded='False'"  | select SID



foreach ($SID in $SIDS) {
			$objSID = New-Object System.Security.Principal.SecurityIdentifier($SID.SID)
			$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])

			if ($excludeUsers.Contains($objUser.value)) {write-eventlog -logname Application -source Winlogon -eventID 888 -entrytype Information -message "Profile retained for User: $objUser with SID: $objSID" 
                                                        continue}

			# Filter out the Local (non-Domain Users) from the Array - We don't want to delete Local profiles inc. Administrator, System and Service users
			If ($objuser.value.Split("\")[0] -ne $env:Computername) {
			try {
						# Delete the User Profile
						gwmi win32_userprofile | where SID -eq $SID.SID | Remove-WmiObject

						# Additional actions - below action is not required - just an example
						# remove-item "hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\$objSID" -recurse

						# Write to the event log for auditting
						write-eventlog -logname Application -source Winlogon -eventID 777 -entrytype Information -message "Profile deleted for User: $objUser with SID: $objSID"
			    }
			catch{ "Error encountered" }
										}
			}