# Chawn Limited - Citrix Partner - Silver Solution Advisor # No Liability accepted - Use at your own risk # Ensure that you validate usage of this script in a pre-prod environment # Create a task that is triggered by System Winlogon Log Event ID 7002 # Powershell.exe -ExecutionPolicy ByPass -NoProfile -File \TrasherV1.ps1 # adjust the script sleep time to allow for the user to log off fully Start-Sleep -Seconds 3 # Define Domain Users that you wish to exclude from profile deletion - case sensitive $excludeUsers=@("MYDOMAIN\xdadmin","MYDOMAIN\User1") $SIDs=@() $SIDs=gwmi -Query "Select * from win32_userprofile where Loaded='False'" | select SID foreach ($SID in $SIDS) { $objSID = New-Object System.Security.Principal.SecurityIdentifier($SID.SID) $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) if ($excludeUsers.Contains($objUser.value)) {write-eventlog -logname Application -source Winlogon -eventID 888 -entrytype Information -message "Profile retained for User: $objUser with SID: $objSID" continue} # Filter out the Local (non-Domain Users) from the Array - We don't want to delete Local profiles inc. Administrator, System and Service users If ($objuser.value.Split("\")[0] -ne $env:Computername) { try { # Delete the User Profile gwmi win32_userprofile | where SID -eq $SID.SID | Remove-WmiObject # Additional actions - below action is not required - just an example # remove-item "hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\$objSID" -recurse # Write to the event log for auditting write-eventlog -logname Application -source Winlogon -eventID 777 -entrytype Information -message "Profile deleted for User: $objUser with SID: $objSID" } catch{ "Error encountered" } } }