A common pain point in an IT administrator’s career is user profiles. User profiles are a ubiquitous part of a Windows IT pro’s life; especially those that manage virtual desktop environments like Remote Desktop Services (RDS) or Citrix. In this post, I’m going to demonstrate a way you take out your aggression by using PowerShell to delete user profiles (and discover them).

Windows system administrators have to deal with:

corrupted user registry hives

files that need shared across all user profiles

figuring out how to recreate corrupt profiles

…and more

What was once a frustrating experience has gotten a little less frustrating with PowerShell. Here are a few ways that PowerShell can make managing Windows user profiles easier.

Enumerating User Profiles

It’s easy to take a peek at user profiles on the file system on a single Windows computer. Simply look in the C:\Users folder. But not only are you not getting the full picture when you do this, it’s also troublesome due to potential file system access problems. There’s a better way and that’s through WMI or CIM. In CIM, a class exists called Win32_UserProfile. This class contains all of the profiles that exist on a machine and lots of other useful information that a simple file system folder won’t tell you.

Using PowerShell, you can access this CIM class with the Get-CimInstance command.

Below, I’m finding the first user profile on the the local computer. You’ll notice many useful tidbits of information like LastUseTime , SID and so on.

PS C:\> Get-CimInstance -ClassName win32_userprofile | Select-Object -First 1 AppDataRoaming : Win32_FolderRedirectionHealth Contacts : Win32_FolderRedirectionHealth Desktop : Win32_FolderRedirectionHealth Documents : Win32_FolderRedirectionHealth Downloads : Win32_FolderRedirectionHealth Favorites : Win32_FolderRedirectionHealth HealthStatus : 3 LastAttemptedProfileDownloadTime : LastAttemptedProfileUploadTime : LastBackgroundRegistryUploadTime : LastDownloadTime : LastUploadTime : LastUseTime : 3/14/2019 3:06:39 PM Links : Win32_FolderRedirectionHealth Loaded : False LocalPath : C:\Users\.NET v4.5 Classic Music : Win32_FolderRedirectionHealth Pictures : Win32_FolderRedirectionHealth RefCount : RoamingConfigured : False RoamingPath : RoamingPreference : SavedGames : Win32_FolderRedirectionHealth Searches : Win32_FolderRedirectionHealth SID : S-1-5-82-3876422241-1344743610-1729199087-774402673-2621913236 Special : False StartMenu : Win32_FolderRedirectionHealth Status : 0 Videos : Win32_FolderRedirectionHealth PSComputerName :

The Get-CimInstance cmdlet not only works locally but remotely as well. By using the ComputerName parameter, you can specify, 1, 10 or 100 different remote computers and it will happily query each one.

PS C:\> Get-CimInstance -ClassName Win32_UserProfile -ComputerName localhost,WINSRV

Deleting User Profiles

Once you understand how to enumerate user profiles on computers, you can take it one step further and delete those user profiles as well.

I can’t count how many times I’ve had to delete user profiles because something got corrupted and I just needed the user to log in again and recreate it. At one time, I would simply have the user log off and remove the C:\Users<UserName> folder from the file system. Usually it works, sometimes it didn’t. What I didn’t realize was that I was actually leaving some remnants behind.

The proper way to do this is to initiate a removal via CIM.

Using the same CIM class you just went over, it’s possible to not only just view profiles but you can completely remove them as well. This is the same as going into the User Profiles box under System settings and hitting the Delete button.

User Profiles

To do this, enumerate the user profiles again and this time apply a filter to pick a single user profile to remove. In this case, remove the user profile called UserA. You can do this by using PowerShell’s Where-Object cmdlet and some string manipulation to grab the user folder name from the LocalPath property as shown below.

Once you’re able to narrow down that single profile you can pass that CIM instance to the Remove-CimInstance cmdlet for each object that Get-CimInstance returns. This process will remove the user profile from the file system and the registry.

Get-CimInstance -Class Win32_UserProfile | Where-Object { $_.LocalPath.split('\')[-1] -eq 'UserA' } | Remove-CimInstance

Again, if you’d like to extend this to multiple computers you’d simply use the ComputerName parameter on Get-CimInstance .

Get-CimInstance -ComputerName SRV1,SRV2,SRV3 -Class Win32_UserProfile | Where-Object { $_.LocalPath.split('\')[-1] -eq 'UserA' } | Remove-CimInstance

Summary

You’ve now seen an easy way to enumerate and delete Windows user profiles. If you weren’t aware of the CIM class Win32_UserProfile you may have been correlating the C:\Users<Username> folder as the profile but you should know to delete the Win32_UserProfile CIM instance now.

You can see there’s much more to the user profile than a simple file system folder. Use CIM the next time you need to query or delete user profiles from Windows computers in your environment.