Delete local windows profile with PowerShell - powershell

I am trying to write a script that will delete the local profile of a test account. I am using the following line to return the SID of any account that starts with "test-"
PowerShell: $UserSID = (Get-WmiObject Win32_UserProfile | Where {$_.LocalPath -like '*\test-*'}).SID
Once I had the SID I used wmic to do the deletion but, I am not sure how to translate that code into PowerShell.
WMIC:wmic /node:"localhost" path win32_UserProfile where Sid="%%b" Delete

I was thinking this would work, but I don't find a delete method on the Win32_UserProfile class
$UserSID = (Get-WmiObject Win32_UserProfile | Where {$_.LocalPath -like '*\test-*'}).SID
(gwmi -class Win32_UserProfile -filter "SID='$UserSID'").Delete()

You can also just call the Delete method directly in a single statement:
(Get-WmiObject Win32_UserProfile | Where {$_.LocalPath -like '*\test-*'}).Delete()

Another reason of getting Exception calling "Delete" with "0" argument(s) is the user you're trying to delete is currently logged in. Log him off and try again.

Get-WmiObject Win32_UserProfile -Filter "RoamingConfigured = 'True'" | Remove-WmiObject
True - Roaming profile
False - Local Profile

I resolved this issue by opening Powershell as administrator (right click, Run as Administrator).

Related

PowerShell script to identify and stop one specific service

I try to make a PowerShell script to do the following:
I want to identify the antivirus running on my PC.
I use command to do that:
$AntiVirusProduct = Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct
Write-Output $AntiVirusProduct.DisplayName
Here I get the antivirus name but, I don't know how to grep the antivirus name and put it to the next command.
The next command is:
Stop-Service -Force "$Antivirus Name"
Or if there is a better way to to this?
Edit
Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct |
Select DisplayName
DisplayName
-----------
AVG Antivirus
Windows Defender
If your display name output is a list of service names you can remove the Windows Defender entry from the list with something like this:
$svc = $AntiVirusProduct.DisplayName |
Where-Object { $_ -notlike '*Windows Defender*' }
and then stop the service like this:
$svc | Stop-Service -Force

filter Get-Service by username

I'm trying to get all the services that run under the user system, but just them (not from other users). I don't find a way to filter the result by the user name.
I tried many options, include Get-WmiObject.
Is there a command or a parameter like -IncludeUserName (Works with Get-Process) that makes it possible?
Thank you
Property called StartName is the username
below will filter out StartName = LocalSystem
Get-WmiObject -Class Win32_Service | Where-Object {$_.StartName -eq 'LocalSystem'}

Get-WmiObject from AD OU

I have a simple problem that I can't seem to work through. I need to know what servers are still running server 2008/R2.
I know that Win32_OperatingSystem's Name property contains the information that I'm looking for. I would like to be able to run Get-WmiObject against a collection of servers in an OU.
There are two problems that I'm having:
I can't figure out how to redirect the output of Get-ADComputer to something that Get-WmiObject -ComputerName can use. I think Get-ADComputer is outputting objects of type Microsoft.ActiveDirectory.Management.ADComputer, and Get-WmiObject is looking for type System.Management.ManagementObject. Here's what I came up with but it doesn't appear to work.
Get-WmiObject Win32_OperatingSystem -ComputerName (Get-ADComputer -filter * -SearchBase "OU=Member Servers,DC=Company,DC=Com" | select #{L="ComputerName";e={$_."name"}}) -Property name, csname | select csname, name | Format-Table -AutoSize
My temp workaround: I was able to create a CSV that contains the list of server names. I was able to use the CSV to run Get-WmiObject against. However, the OU contains "dead" servers. So when I try to run Get-WmiObject using the CSV-list of servers that came from AD there are connection timeouts and PowerShell waits a period of time to see if the dead server will respond. This really slows down the operation & we are working to clean this up. Until that happens, Is there a way to only pass the server names that pass a Test-Connection to Get-WmiObject?
Get-WmiObject win32_operatingsystem -ComputerName (Get-Content C:\Users\user1\Desktop\Servers.csv) -Property name, csname | select csname, name | Format-Table -AutoSize
Pick the name component first then it will pass it to the next pipeline object (select -object)
Get-WmiObject Win32_OperatingSystem -ComputerName ((Get-ADComputer -filter * -SearchBase "OU=Member Servers,DC=Company,DC=Com").Name)
Note: -ComputerName: accepts a string object so you cannot pass a base type object directly to that.

gwmi Win32_UserAccount freezes PowerShell

So this is the core of my "Get Local Admin Account Info" script:
Get-WmiObject -Class Win32_UserAccount -ComputerName $server -Credential $Creds -Filter "Domain='$env:USERDOMAIN' AND SID LIKE '%500'"
Running this freezes both PS Console and the ISE, requiring Task Manager to kill them.
I understand based on other questions here on stackoverflow that querying Win32_UserAccount can result in a lot of data being pulled over the network. But I would think that specifying a single computer and a single SID would filter that volume of data down to a miniscule amount. I certainly don't have this problem querying other WMI Objects on remote servers.
Am I missing something?
EDIT: This freezes PS too:
gwmi win32_useraccount -computername $server "SID LIKE '%500'"
Need to specify the server name as the domain in the query. I.e "Domain='$server' AND SID LIKE '%500'"
This may still perform poorly though. See http://msdn.microsoft.com/en-us/library/aa394507(v=vs.85).aspx
Could also try filtering on LocalAccount property I.e "LocalAccount='$True'"
If you could do domain = and name =, it would be fast, because those are the indexes.
# fast
Get-WmiObject Win32_UserAccount -Filter "Domain='$env:USERDOMAIN' AND
name = 'js2010'"
Strangely, specifying localaccount by itself is fast, but not with a name or sid too.
# slow (AD joined)
Get-WmiObject Win32_UserAccount -Filter "localaccount = 'true' and
name = 'js2010'"
# fast
Get-WmiObject Win32_UserAccount -Filter "localaccount = 'true'" |
where name -eq js2010
# fast
get-wmiobject win32_useraccount -filter "localaccount = 'true'" |
where sid -like *500
# fast
get-wmiobject win32_useraccount -filter "domain = '$env:computername' and
sid like '%500'"
There's also a get-localuser:
# fast
Get-Localuser | where sid -like *500

Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x80070 6BA

I have what should be a simple script that will connect to all the servers in a domain and build a table of all the services running on each server. However, when I try to automate the script to grab all the servers in a foreach loop I get an RPC error. If the $name variable is replaced with the server DNS name everything works as expected. I've checked the firewall and DCOM services on my system (win7) and the servers (2000 - 2008R2) and these are all enabled or disabled appropriately. So, I'm thinking something in the script is broke. I'm still learning powershell, so any tips are appreciated.
Here is the script so far.
$servernames = get-adobject -Filter 'ObjectClass -eq "Computer" ' -Searchbase "OU=Servers,DC=E,DC=BENEFIS,DC=ORG"
foreach ($name in $servernames) {
Get-WMIObject win32_service -computername $name -Property SystemName,Name,StartName,StartMode |
Format-table SystemName, Name, Startname >c:\serverservices.txt }
Each object you get back have a name property so you need to pass its value to the ComputerName parameter. In addition, to get computer object use the Get-ADComputer cmdlet, you also need to specify the Append switch when you export to the file otherwise content will be overwritten and what you'll see finally is the output of the last computer only.
$servernames = Get-ADComputer -SearchBase "OU=Servers,DC=E,DC=BENEFIS,DC=ORG" -Filter *
foreach ($name in $servernames)
{
Get-WMIObject win32_service -computername $name.Name -Property SystemName,Name,StartName,StartMode |
Format-table SystemName, Name, Startname | Out-File c:\serverservices.txt -Append
}