Search code examples
powershellinheritanceprofiles

Powershell: Recursively set inheritance on profiles and also delete old profiles

Scenario: We have roaming profiles at work. During our upgrade of client machines from XP to Win7, the Win7.v2 subfolder is not being created with the inheritance flag set (minor problem easily fixed). On top of this, we also have a plethora of old profiles (winxp, winxp.old, winxp_old, winxp_, win7.v2_old etc) that need to be purged. I have come up with a script to attempt to do this but am stuck on the deletion of old profiles.

Environment: Roaming profiles are in the following format:

  • P:\Profiles$\User1\WIN7.V2
  • P:\Profiles$\User1\winxp
  • P:\Proifles$\User1\WIN7.V2_old
  • ...

I am self taught so apologies for rubbish scripting. I haven't used the $date variable yet but will look to not delete any folder that was modified in the last 10 days.

cls
# Date and time script is started
$StartDate = date

# Date variable for 30 day buffer
$date = (Get-Date).AddDays(-30)

# Sets path and log variables
$ProfilePath = "D:\Work\Profiles"
$LogPath = "D:\Work\Logs"
$Takeownlog = "$LogPath\Takeown.log"
$Icaclslog = "$LogPath\icacls.log"
$NoWIN7FolderLog = "$LogPath\NoWin7Folder.log"

# Deletes any previous log entries
del $Takeownlog
del $Icaclslog
del $NoWIN7FolderLog

# Gets Subfolder list
$FolderList = Get-ChildItem $ProfilePath

# Main body of script. 
foreach ($SubFolder in $FolderList)
{
$winxp = "$ProfilePath\$subfolder\winxp"
$winos = "$ProfilePath\$subfolder\%winos%"
$winvar = "$ProfilePath\$subfolder\win"
   # Checks if the WIN7.V2 folder exists. If it doesn't, it logs it and moves to next folder
    if(-not(Test-Path -path $ProfilePath\$SubFolder\WIN7.V2)){
        Write-Host "$SubFolder\WIN7.V2 does not exist. Moving on..." -ForegroundColor Red
        Write-Output "$ProfilePath\$SubFolder\WIN7.V2 does not exist" | Out-File  $NoWIN7FolderLog -Append -encoding default
        } Else
    {
    # If the WIN7.V2 folder does exist it will recursively set Ownership to Administrators and then set the inheritance on the WIN7.V2 folder
        Write-Host "Fixing ownership and inheritance: $ProfilePath\$SubFolder" -foregroundcolor Green
        Write-Output "Fixing ownership and ineritance: $ProfilePath\$SubFolder\WIN7.V2" | Out-File $Takeownlog -append -encoding Default
        takeown /f $ProfilePath\$SubFolder\WIN7.V2 /A /R /D Y | Out-File $Takeownlog -append -encoding Default
        Write-Output "" | Out-File $Takeownlog -append -encoding Default
        #
        Write-Output "" | Out-File $Icaclslog -append -encoding Default
        Write-Output "Fixing inheritance: $ProfilePath\$SubFolder\WIN7.V2" | Out-File $Icaclslog -append -encoding Default
        ICACLS $ProfilePath\$SubFolder\WIN7.V2 /inheritance:e /c /t | Out-File $Icaclslog -append -encoding Default
    }
        # Deletes any old profiles winxp or win7.v2_*
        Write-Host "Removing any old profiles..."
        if(Test-Path -path $winxp){
        #if((-not(Test-Path -Path $winxp)) -and (-not(Test-Path -Path $winos)) -and (-not(Test-Path -Path $winvar)) {
        write-host "No old profiles to delete for $SubFolder"
        } Else
    {
    # If any old profiles are found it will delete them
    Write-Host "Old profiles found for $subfolder. Deleting now..."
    Remove-Item  -Path $winxp 

}
}


Write-Host ""
$EndDate = date
Write-Host "Started: $StartDate"
Write-Host "Ended:   $EndDate"
Write-Host ""

The first part of the script to reset inheritance works fine as below:

Fixing ownership and inheritance: D:\Work\Profiles\mcbridt 
Fixing ownership and inheritance: D:\Work\Profiles\singhj 
Fixing ownership and inheritance: D:\Work\Profiles\test1 
test2\WIN7.V2 does not exist. Moving on...

Started: 04/13/2015 16:25:09 
Ended:   04/13/2015 16:25:09

But the second part to delete any 'old' profiles does not work at all. I have tried many iterations of remove-item but cannot for the life of me figure it out. I appreciate any suggestions and fixes.

Many thanks

Solution

  • Many thanks to the 2 users above that were able to steer me in the right direction. After some slight modification I was able to get it working. It's not pretty, but it works.

    cls
# Date and time script is started
$StartDate = date

# Date variable for 30 day buffer
$date = (Get-Date).AddDays(-30)

# Sets path and log variables
$ProfilePath = "<local drive>\<share>"
$LogPath = "C:\temp"
$Takeownlog = "$LogPath\Takeown.log"
$Icaclslog = "$LogPath\icacls.log"
$NoWIN7FolderLog = "$LogPath\NoWin7Folder.log"

# Deletes any previous log entries
del $Takeownlog -ErrorAction SilentlyContinue
del $Icaclslog -ErrorAction SilentlyContinue
del $NoWIN7FolderLog -ErrorAction SilentlyContinue

# Gets Subfolder list
$FolderList = Get-ChildItem $ProfilePath

# Main body of script. 
foreach ($SubFolder in $FolderList)
{
# Sets commonly known 'old' profile folder names
$winxpold = "$ProfilePath\$SubFolder\winx*"
$winosold = "$ProfilePath\$subfolder\%win*"
$win7old = "$ProfilePath\$subfolder\WIN7.V2.*"
$win7old2 = "$ProfilePath\$SubFolder\WIN7.V2_*"

   # Checks if the WIN7.V2 folder exists. If it doesn't, it logs it and moves to next folder
    if(-not(Test-Path -path $ProfilePath\$SubFolder\WIN7.V2)){
        Write-Host "No WIN7.V2 folders exists for: $subfolder" -ForegroundColor Red
        Write-Output "No WIN7.V2 folders exists for: $subfolder" | Out-File $NoWIN7FolderLog -Append -encoding default
        } Else
    {
    # If the WIN7.V2 folder does exist it will recursively set Ownership to Administrators and then set the inheritance on the WIN7.V2 folder
        Write-Host "Fixing ownership and inheritance for: $SubFolder" -foregroundcolor Green
        Write-Host "Path: $ProfilePath\$SubFolder" -ForegroundColor Green
        Write-Output "Fixing ownership and ineritance for: $ProfilePath\$SubFolder\WIN7.V2" | Out-File $Takeownlog -append -encoding Default
        takeown /f $ProfilePath\$SubFolder\WIN7.V2 /A /R /D Y | Out-File $Takeownlog -append -encoding Default
        Write-Output "" | Out-File $Takeownlog -append -encoding Default
        #
        Write-Output "" | Out-File $Icaclslog -append -encoding Default
        Write-Output "Fixing inheritance: $ProfilePath\$SubFolder\WIN7.V2" | Out-File $Icaclslog -append -encoding Default
        ICACLS $ProfilePath\$SubFolder\WIN7.V2 /inheritance:e /c /t | Out-File $Icaclslog -append -encoding Default
    }
        # Deletes any old profiles winxp or win7.v2_*
        if((Test-Path -path $winxpold) -or 
            (Test-path -Path $winosold) -or
            (Test-path -Path $Win7old) -or
            (Test-Path -path $win7old2)){
        Write-Host "Old profiles found for: $subfolder. Deleting now..." -ForegroundColor Yellow 
        Write-Output "Old profiles found for: $subfolder. Deleting now..." | Out-File $Icaclslog -append -encoding Default
        Get-ChildItem -Path $ProfilePath\$subfolder -Force | 
        Where-Object { $_.PSIsContainer -and $_.LastWriteTime -lt $date -and $_.Name -like "winx*" -or $_.Name -like "%win*" -or $_.Name -like "WIN7.V2.*" -or $_.Name -like "WIN7.V2_*" } | 
        Remove-Item -Recurse -Force
        } Else{
        write-host "No old profiles to delete for: $SubFolder" -ForegroundColor Green}
        Write-Host ""

}
Write-Host ""
$EndDate = date
Write-Host "Started: $StartDate"
Write-Host "Ended:   $EndDate"
Write-Host ""