Friday, July 17, 2015

Code Dump: Get-UserProfile / Remove-UserProfile

function Get-UserProfile{
        <#
        .SYNOPSIS
            Use WMI to query a computer about local profiles on the machine
        .Description
            This Fucntion is used to get information about local profiles on a computer. This will return information about any local profile, including the local cache of the domain accounts. By default returns the SID, Local path, and Last Use Time of the account; the -verbose flag can be used to return additional information.
        .PARAMETER UserID
            UserID to search for. If left blank will default to all users. By default UserID must match exactly, but you can use the wildcard '%' to perform more general seraches
        .PARAMETER Computer
            Computer to query for user accounts. Leaving Blank will default to 'localhost'. 
        .PARAMETER ExcludeSystemAccounts
            Filters out System accounts (e.g. System, Network Service). This is done by looking at the 'special' property, which does not filter out users non-windows programs may create.
        .PARAMETER OnlyLoaded
            Setting this parameter shows only profiles that are currently in Use -- Combine with -ExcludeSystemAccounts and you can get a pretty good idea of who is currently logged into a machine.
        .PARAMETER ExcludeLoaded
            Returns only user profiles that are not currently in use. This is useful if you need to clear out profiles.
        .PARAMETER Verbose
            Returns Full user porfile data, rather than the default SID,LocalPath,LastUseTime
        .PARAMETER OlderThan
            Filter Results based on datetime. This requires a datetime object
        .Example
            Get-UserProfile -UserID MyUser
            Basic usage to see if the user "MyUser" exists on the local machine.
        .Example
            Get-UserProfile -Computer RDSServ1.mydomain.com
            Lists all user Profiles from remote computer "RDSServ1.mydomain.com" 
        .Example
            Get-UserProfile -Computer RDSServ1.mydomain.com -ExcludeSystemAccounts -OnlyLoaded
            Lists non-system user profiles from remote computer currently marked as loaded. This gives a pretty good idea of who is currently logged into a remote machine.
        .Example
            Get-UserProfile -OlderThan $((get-date).adddays(-14))
            Lists user profiles that have not been used on the localhost in 14 days.
        .Notes
            Author: Keith Ballou
            Date: Oct 15, 2014

            This Script Relies on Convert-UTCtoDateTime -- A function for converting UTC strings to DateTime Objects


    #>
    [CmdletBinding()] 
      param( 
     [Parameter(Mandatory=$False)][string]$UserID="%",
     [Parameter(Mandatory=$False)][string]$Computer="LocalHost",
     [Parameter(Mandatory=$False)][switch]$ExcludeSystemAccounts,
     [Parameter(Mandatory=$False)][switch]$OnlyLoaded,
     [Parameter(Mandatory=$False)][switch]$ExcludeLoaded,
     [Parameter(Mandatory=$False)][datetime]$OlderThan   
     
    )
if(!(Get-Command Convert-UTCtoDateTime -ErrorAction SilentlyContinue)){
    write-host -BackgroundColor "Black" -ForegroundColor "Red" "################################################################################"
    write-host -BackgroundColor "Black" -ForegroundColor "Red" "#                                                                               "
    write-host -BackgroundColor "Black" -ForegroundColor "Red" "This Program Requires cmdlet ""Convert-UTCtoDateTime""                          "
    write-host -BackgroundColor "Black" -ForegroundColor "Red" "Find it here:                                                                   "
    write-host -BackgroundColor "Black" -ForegroundColor "Red" "http://pastebin.com/SSKJ4bwt                                                    "
    write-host -BackgroundColor "Black" -ForegroundColor "Red" "#                                                                               "
    write-host -BackgroundColor "Black" -ForegroundColor "Red" "################################################################################"
    break;
}
if($Computer.ToLower() -eq "localhost"){
    
    
    $Return = Get-WmiObject -Query "Select * from win32_userprofile where LocalPath like '%\\$UserID'" 
    

}
else{
    $Return = get-wmiobject -ComputerName $Computer -Query "Select * from win32_userprofile where LocalPath like '%\\$UserID'" 
}

#Filter System Accounts
if($ExcludeSystemAccounts){
    $Return = $Return | Where-Object -Property Special -eq $False
}
#Filter out Loaded Accounts
if($ExcludeLoaded){
    $Return = $Return | Where-Object -Property Loaded -eq $False
}
#Filter otherthan loaded accounts
if($OnlyLoaded){
    $Return = $Return | Where-Object -Property Loaded -eq $True
}

#Filter on lastusetime
if([bool]$OlderThan){
$Return | Where-Object -property LastUseTime -eq $Null | % {Write-Host -BackgroundColor "Black" -ForegroundColor "Yellow" $_.LocalPath " Has no 'LastUseTime', omitting" }
$Return = $Return | Where-Object -property LastUseTime -ne $Null
$Return = $Return | Where-Object {$(Convert-UTCtoDateTime $_.LastUseTime -ToLocal) -lt $OlderThan }
}

if($PSBoundParameters['Verbose'])
{
Write-Output $Return
}
else{
 Write-Output $Return | Select SID,LocalPath,@{Label="Last Use Time";Expression={Convert-UTCtoDateTime $_.LastUseTime -ToLocal}}    
}

}


Function Remove-UserProfile{
            <#
        .SYNOPSIS
            Removes User Profiles from a machine via WMI
        .Description
            This Cmdlet is used to remove user profiles from a machine when it is inconveinient to do so from the System menu. The script relies on Cmdlet Get-UserProfile. It is especially userful on Terminal Server/RDS machines where opening the system menu to delete user profiles can take hours (because reasons, I suppose). 
        .PARAMETER UserID
            UserID to search for. Unlike Get-UserProfile, this cannot be left blank. If you intentionally want to remove all user profiles, or need to select multiple, you can use WMIs limited regex. Check this Link for more information: http://blogs.technet.com/b/heyscriptingguy/archive/2012/07/13/use-the-like-operator-to-simplify-your-wql-queries.aspx
        .PARAMETER Computer
            Computer to delete user accounts from. Leaving Blank will default to 'localhost'. 
        .PARAMETER Batch
            This Flag will suppress confirmation dialogs, as well change console output to the more redirect friendly Write-Output, rather than the Write-Host it otherwise uses.
        .PARAMETER OlderThan
            Filter user accounts based on last use time. Remember that this Cmdlet does not assume 'all users', so you must specify -UserID %. 
        .Example
            Remove-UserProfile myuser remotemachine.mydomain.com
            Remove Users using positional parameters
        .Example
            Remove-UserProfile -UserID myuser -Computer remotemachine.mydomain.com
            remove users specifying with flags
        .Example
            Get-Content machinelist.txt | % {Remove-UserProfile -User myuser -Computer $_ -Batch} >> C:\Temp\UserRemoval.log
            Remove a user from a list of machines using the batch mode, seding output to a log file
        .Example
            Remove-UserProfile -OlderThan $((get-date).adddays(-14)) -UserID %
            Remove all user accounts that haven't been used in 14 days
            The '%' here is the WMI regex for anything (analogous to '*' (or '.*') in most regex) -- it is necessary because this Cmdlet never assumes all users

        .Notes
            Author: Keith Ballou
            Date: Oct 16, 2014
         #>

    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$True)][string]$UserID,
        [Parameter(Mandatory=$False)][string]$Computer="LocalHost",
        [Parameter(Mandatory=$False)][datetime]$OlderThan=(get-date).adddays(1),
        [Parameter(Mandatory=$False)][switch]$Batch

    )

    #Make Sure Necessary Cmdlets Exist
    if(!(Get-Command Get-UserProfile -ErrorAction SilentlyContinue)){
    write-host -BackgroundColor "Black" -ForegroundColor "Red" "################################################################################"
    write-host -BackgroundColor "Black" -ForegroundColor "Red" "#                                                                               "
    write-host -BackgroundColor "Black" -ForegroundColor "Red" "This Program Requires cmdlet ""Get-UserProfile""                                "
    write-host -BackgroundColor "Black" -ForegroundColor "Red" "Find it here:                                                                   "
    write-host -BackgroundColor "Black" -ForegroundColor "Red" "http://pastebin.com/wvUDki7p                                                    "
    write-host -BackgroundColor "Black" -ForegroundColor "Red" "#                                                                               "
    write-host -BackgroundColor "Black" -ForegroundColor "Red" "################################################################################"
    break;
    }

    #to simplify query, if OlderThan was not specified, assume anything earlier than right now (plus a day to account for timezones, rounding, etc)
    #if(![bool]$OlderThan){
     #   $OlderThan = (get-date).adddays(1)
    #}

    #This Part relies on another of my Cmdlets "get-UserPorfile" to simplify the code a bit
    #This Could be substituted with: $ProfileList = Get-WmiObject -Computer $Computer -Query "Select * From Win32_UserProfile where LocalPath like \\$UserID"
    #..............................: $ProfileList = $ProfileList | Where-Object -Property Special -eq $False
    #Additional logic may have to be added if WMI doesn't like 'localhost' as a ComputerName. Seems to work ok for me, but I wouldn't count on it.
    #Get_UserProfile includes this logic
    $ProfileList = Get-UserProfile -Verbose -UserID $UserID -Computer $Computer -ExcludeSystemAccounts -OlderThan $OlderThan


    #If no Users were found, exit
    if(!$ProfileList){
        Write-Warning "NO USER PROFILES WERE FOUND"
        RETURN;
    }

    #Confirmation Dialog if -Batch is not set
    if(!$Batch){
        Write-Warning "ABOUT TO REMOVE THE FOLLOWING USER ACCOUNTS"
        Foreach($User in $ProfileList){
            $User | Select SID,LocalPath,@{Label="Last Use Time";Expression={Convert-UTCtoDateTime $_.LastUseTime -ToLocal}}
        }
        $Title = "PROCEED?"
        $Message = "ARE YOU SURE YOU WANT TO REMOVE THE LISTED USER ACCOUNTS?"
        $Yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes","Removes User Accounts"
        $No = New-Object System.Management.Automation.Host.ChoiceDescription "&No","Exits Script, No Changes Will be Made"
        $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
        $result = $host.ui.PromptForChoice($title, $message, $options, 1) 
        switch ($result)
        {
            0 {}
            1 {return;}
        }

    }

    #Remove Users provided they are not currently Loaded
    Foreach($User in $ProfileList){
        if($User.Loaded){
            if(!$Batch){
            Write-Host -BackgroundColor "Black" -ForegroundColor "Red" "User Account " $User.LocalPath "is Currently in user on" $Computer ":`tSkipping"
            }
            else{
            Write-Output "User $($User.LocalPath) on $($Computer) was in use and could not be removed"
            }
            continue;
        }
        if(!$Batch){
        Write-Host -BackgroundColor "Blue" -ForegroundColor "Green" "Removing User $($UserID.LocalPath) from $($Computer)"
        }
        else{
        Echo "Deleting $($User.LocalPath) from $($Computer)"
        }
        $User.delete()


    }

}

function Get-SNMPWalk{

    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$True)][string]$IP,
        [Parameter(Mandatory=$False)][int]$SNMPVersion=2,
        [Parameter(Mandatory=$False)][int]$Port=161,
        [Parameter(Mandatory=$False)][int]$TimeOut=3000,
        [Parameter(Mandatory=$False)][string]$Community="public",
        [Parameter(Mandatory=$False)][string]$OIDStart=".1.3.6.1.2.1.1.1"
    )

[reflection.assembly]::LoadFrom( (Resolve-Path ".\SharpSnmpLib.dll")) | Out-Null

if($SNMPVersion -gt 2 -or $SNMPVersion -lt 1)
{
    Write-Error "Invalid SNMP Version Number, This script supports Versions 1 and 2"
    return;
}

$OIDObject = New-Object Lextm.SharpSnmpLib.ObjectIdentifier ($OIDStart)
#if($SNMPVersion < 3)
#{
#    $results = New-GenericObject System.Collections.Generic.List Lextm.SharpSnmpLib.Variable
#else
#{
    $results = New-Object 'System.Collections.Generic.List[Lextm.SharpSnmpLib.Variable]'
#}

$IPObject=[System.Net.IPAddress]::Parse($IP)
$Server=New-Object System.Net.IpEndPoint($IPObject,$Port)

switch($SNMPVersion)
{
    1
    {
        $SNMPVersionObject = [Lextm.SharpSnmpLib.VersionCode]::V1
    }
    2
    {
        $SNMPVersionObject = [Lextm.SharpSnmpLib.VersionCode]::V2
    }
    #3
    #{
    #    $SNMPVersionObject = [Lextm.SharpSnmpLib.VersionCode]::V3
    #}
}

$WalkMode = [Lextm.SharpSnmpLib.Messaging.WalkMode]::WithinSubtree

#try
#{
    [Lextm.SharpSnmpLib.Messaging.Messenger]::Walk($SNMPVersionObject,$Server,$Community,$OIDObject,$results,$TimeOut,$WalkMode) | Out-Null
#}
#catch
#{
    #Write-Host "SNMP Walk error: $_"
#     return;    
#}
    $res = @()
    foreach ($var in $results) {
        $line = "" | Select IP,OID, Data
        $line.IP = $IP
        $line.OID = $var.Id.ToString()
        $line.Data = $var.Data.ToString()
        $res += $line
    }
 
    $res
}


function Convert-UTCtoDateTime{


    #Parameter Binding
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$True,Position=1)][string]$UTC,
        [Parameter(Mandatory=$false)][switch]$ToLocal
        )

    #Breakout the various portions of the time with substring
    #This is very inelegant, and UTC 
    $yyyy = $UTC.substring(0,4)
    $M = $UTC.substring(4,2)
    $dd = $UTC.substring(6,2)
    $hh = $UTC.substring(8,2)
    $mm = $UTC.substring(10,2)
    $ss = $UTC.substring(12,2)
    $fff = $UTC.substring(15,3)
    $zzz = $UTC.substring(22,3)

    #If local, add the UTC offset returned by get-date
    if($ToLocal){
    (get-date -Year $yyyy -Month $M -Day $dd -Hour $hh -Minute $mm -Second $ss -Millisecond $fff) + (get-date -format "zzz")
    }
    #else just return the UTC time
    else{
    get-date -Year $yyyy -Month $M -Day $dd -Hour $hh -Minute $mm -Second $ss -Millisecond $fff
    }
}
    

No comments:

Post a Comment