Delete user profile using Powershell - powershell

I am wondering how I can delete user profile by using Powershell?
I know the command of Get-WmiObject Win32_UserProfile which will give me the whole users on the computer.
I have 2 variables of $computername and $username.
So I wants to use the above command to delete on a remote computer (which is $computername) the profile of $username.
How I can do it?
Thanks.

Get-WMIObject can retrieve objects from remote computers with no problem, and not only does the Win32_UserProfile class have a (poorly documented) delete() method, a Win32_UserProfile object can be passed to Remove-WMIObject. This will, to all appearances, properly clean up the registry and files, and does in fact work on remote computers.
References:
Get-Help Get-WMIObject
Get-Help Remove-WMIObject
Win32_UserProfile: https://msdn.microsoft.com/en-us/library/ee886409(v=vs.85).aspx and https://msdn.microsoft.com/en-us/library/windows/desktop/hh830632(v=vs.85).aspx
My own question on this topic

Related

How do I find out from powershell if I am on a server or workstation?

This doc explains how to get your windows version, but to find it in PowerShell is harder.
[System.Environment]::OSVersion has a lot of good info but not the Server-Workstation Flag...
$osInfo = Get-CimInstance -ClassName Win32_OperatingSystem
$osInfo.ProductType
See https://msdn.microsoft.com/en-us/library/aa394239%28v=vs.85%29.aspx
ProductType
Data type: uint32
Access type: Read-only
Additional system information.
Work Station (1)
Domain Controller (2)
Server (3)
So if the value is 1, then you are on a workstation OS.
If it's 2 you're on a domain controller.
If it's 3 you're on a server that is not a domain controller.
If you're on an old version of Windows / PowerShell and want something that will work across all of them, it's the same, but with Get-WmiObject:
$osInfo = Get-WmiObject -Class Win32_OperatingSystem
$osInfo.ProductType
(Get-ComputerInfo).OsProductType
On my machines this returned either WorkStation or Server.
(Get-WmiObject win32_OperatingSystem).Caption

Is there a way to get a hostname from an IP address without depending on a DNS inquiry?

I'm trying to write a script that depends on knowing the names of the computers on a network segment, but all the scripts I've found depend on a DNS inquiry which only replys with the names of a few of the machines. For example:
[System.Net.Dns]::GetHostbyAddress($IPAddress)
I've also tried using
Ping -a $ipaddress
but this often fails to return the machine name as well. Is there a way to ask the host what it's name is directly and what level of permissions might be required in AD to get a response?
Thanks in advance.
[System.Net.DNS]::GetHostByAddress() (now [System.Net.DNS]::GetHostEntry()) doesn't only rely on DNS, despite it's name. It will also check the local C:\Windows\System32\Drivers\etc\hosts file for locally configured entries.
straight dns via nslookup can't find the name:
PS C:\Users\Tim> nslookup 192.168.1.50
Server: dns03
Address: 192.168.2.103
*** rpi03 can't find 192.168.1.50: Non-existent domain
yet, gethostentry() still finds the name:
PS C:\Users\Tim> [system.net.dns]::gethostentry('192.168.1.50')
HostName Aliases AddressList
-------- ------- -----------
localentry {} {192.168.1.50}
COMMAND:
wmic.exe /node:10.20.30.40 OS get CSName /format:list
BATCH FILE FOR WHOLE SUBNET:
for /L %%z in (1,1,254) do wmic.exe /node:10.20.30.%%z OS get CSName /format:list 2>NUL
You can try by using something like:
Invoke-Command -computername $computer {Get-Item HKLM:\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName}
The active computername is equal to your DNS name (without suffix ofcourse)
I may misunderstand the problem but you can query the Win32_ComputerSystem instance using a CIM session to the remote computer and use one of those properties (Name, DNSName, etc.) Running locally it would be like
Get-CimInstance -namespace root/cimv2 -classname Win32_ComputerSystem | fl *
I'm aware that WMI might take fairly hefty permissions (e.g., domain admin) but (a) that might not be out of the question for your use case and (b) you might be able to do some limited querying with fewer permissions.
Another idea might be to query your SCCM server if you have one:
(Get-WmiObject -Query "SELECT * from SMS_R_SYSTEM WHERE IPAddresses LIKE '%$ipaddress%'" -Namespace "root\sms\site_$SiteCode" -computerName $SCCMServer).Name
Another idea using powershell:
Get-WmiObject -Class Win32_ComputerSystem -ComputerName $Computer -Property Name | ForEach-Object {$_.Name}
Where $Computer is an IP address

Running Command as Administrator from a SYSTEM Process

So I need to clear a user's run dialog history which I can do perfectly fine with "reg delete HKEY_CURRENT_USER\Software\Windows etc..." from an elevated powershell window on the logged in user's machine, but what I'm looking to do is that same command but from a SYSTEM powershell process. I have already used psexec to create a powershell window which runs as SYSTEM, but because you can't just use HKEY_CURRENT_USER as SYSTEM with the same results, I am finding it quite difficult. If I could just run that command but as username\Administrator then I wouldn't have this problem.
Also to note, if I can somehow grab the username of the logged on user (from SYSTEM still) in one line in plain text (with no other output in sight), then I can store the username in a variable and convert that to an SID and use HKEY_USERS instead.
P.S. Don't ask why I'm running powershell as SYSTEM, I know what I'm doing :D
you can use get-process under the system context powershell and filter where explorer.exe process is running, get the account it is running under then use to convert to SID and go through the registry.
something like this assuming only 1 explorer.exe process is running which is the norm on windows client OS.
$proc = Get-CimInstance Win32_Process -Filter "name = 'explorer.exe'"
$owner = Invoke-CimMethod -InputObject $proc -MethodName GetOwner
$username = $owner.user
$username will contain the user, $owner will also contain domain and a few other things.
to convert to sid
$objUser = New-Object System.Security.Principal.NTAccount($owner.Domain, $owner.User)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value

Force Powershell script to continue when prompted

I am creating a Powershell script that uses the command net share $ShareName $ServerName /delete to stop sharing a folder. The problem is, if there are open files, it will pause and require the user to press Y to continue. I plan on scheduling this script to run overnight (users shouldn't be leaving stuff open overnight) and would like the script to continue automatically no matter what.
Is there a way to send input to the console to imitate pressing the key, or is there some way to specify in the command to force the delete?
Try this:
echo y|net share $ShareName $ServerName /delete
If you're worried about multiple prompts, just do more ys, like echo yyyyyy|.
Use WMI for the operation:
$share = Get-WmiObject -Computer $ServerName -Class Win32_Share -Filter "Name='$ShareName'"
$share.Delete()
Quoting from the documentation:
The Delete WMI class method deletes a share name from a server's list of shared resources, disconnecting connections to the shared resource.
net share $ShareName $ServerName /delete /yes

Get user's last logon from sccm with powershell

I'm trying to create wmi query to sccm to get PC, where was user's last logon.
Something like:
Get-WmiObject -namespace $SCCMNameSpace -computer $SCCMServer -query "select lastlogon, PCname from sms_? where LastLogonUserName='$SamAccountName'" | select lastlogon, PCname.
I can see this information in sccm report, but I don't know what class I have to use for a query. I'm using sms_r_system for getting IP and computer name.
Is anyone knew sccm class with this information or sql queries will be better for me?
Which report are you viewing the data with? You might want to open up the report's SQL code, figure out which ConfigMgr SQL views it's referencing, and then translate that to the SCCM WMI class names. The WMI class names closely correlate to the SQL view names.
Use a WMI browser like SAPIEN's free WMI Explorer GUI tool to help explore the root\sms\site_xyz WMI namespace and discover which class you are looking for. You can also use Windows PowerShell to help discover which class contains this property:
gwmi -name root\cimv2 -list | ? { ($_.Properties.Name -join ',') -match 'lastlogon' }
Note: Make sure you're using PowerShell version 3.0 Release Preview for the above command, otherwise it won't work right.