Search code examples
powershellbatch-filedelete-filetempgpo

Delete temp files on logout with GPO


I know the title can pretty much be summed up with Disk Cleanup. I have looked at deploying DiskCleanup with GPO through script and powershell(what little I know), as well as Task Scheduler but on logout/restart/shutdown DiskCleanup never runs or does anything. Temp files and Windows Update files continue to stay where they are at.

I have attempted to attach a script to logout that I believe runs, but never deletes anything as well. All it does is extend the logout period by 5 minutes. Quite mind blowing.

@echo off
del /s /f /q "%userprofile%\AppData\Local\Temp\*"

I haven't fleshed everything out that needs to be removed, but any thoughts or ideas would be greatly appreciated. Disk Cleanup doesn't need to be run all the time either, just once a week since we keep our machines as up to date as possible in regards to security measures. I attempted the script, because I also thought it would be more quick than an application running. I also need to deploy a solution to about 150 machines.

Thanks,


Solution

  • I suggest to use a batch file with following lines:

    @echo off
    rem Delete all files and subfolders in directory for temporary files
    rem of current user account, but keep the directory itself. Temporary
    rem files and subdirectories currently in use are silently ignored.
    del /F /Q "%TEMP%\*" 2>nul
    for /D %%D in ("%TEMP%\*") do rd /Q /S "%%~D" 2>nul
    
    rem Do the same as above for system temporary files directory.
    rem This cleanup requires administrator privileges.
    del /F /Q "%windir%\Temp\*" 2>nul
    for /D %%D in ("%windir%\Temp\*") do rd /Q /S "%%~D" 2>nul
    

    But this batch file should not be executed on log off or shutdown.

    Many installers of applications decompress itself into a subdirectory of the temporary files directory to install or update an application. If the application is already installed and one or more files can't be updated because currently in use, for example a shell extension DLL, the installer keeps the file in temporary files directory and adds a pending rename to Windows registry for replacing the file in use by the file in temporary files directory using a move operation. This pending rename (move) operation is performed by Windows on next reboot.

    Therefore deleting all files and subdirectories during a log off or shutdown is not advisable as it can result in only partly updated applications.

    Windows disk cleanup deletes by default only files and folders older than 7 days (if that has not changed since Windows XP) in "hope" that the user has rebooted Windows within the last 7 days at least once. (I doubt that this is done by users with Windows 8, 8.1 and 10 as the default on those Windows is hibernate and not shutdown on pressing power button.)

    So it is a little bit better to run this batch file after log in, best before most applications start. However, temporary files and folders currently used by already started processes are skipped by DEL and RD. Best would be to check in batch file if a pending rename operation is set in Windows registry and make the cleanup only if no pending rename operation is defined at the moment.

    Note:

    Using just rd /Q /S "%TEMP%" is no good idea in my experience as this command deletes also the temporary files directory itself. That should be never done, not even temporarily. Recreating the directory after a successful complete deletion is no good workaround as then the NTFS permissions could be different as before.