-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathRemove-CorruptUserProfile.psm1
147 lines (100 loc) · 4.96 KB
/
Remove-CorruptUserProfile.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
Function Remove-CorruptUserProfile {
[CmdletBinding()]
param(
[Parameter(Mandatory =$True,
Position=0,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True,
HelpMessage="Enter the users SamAccountName. Example: rob.osborne")] # End Parameter
[string[]]$SamAccountName
) # End param
# The below variable is used at line 89
$Domain = ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).Name
# PART ONE
Function Copy-BackupProfile {
[CmdletBinding()]
param(
[Parameter(
Mandatory = $True,
Position = 0,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True,
HelpMessage = "Enter a SamAccountName for the user profile. Example: rob.osborne"
)] # End Parameter
[String[]]$SamAccountName) # End param
BEGIN {
If (Test-Path "C:\Users\$SamAccountName") {
Write-Verbose "$SamAccountName folder has been found. Renaming profile folder to $SamAccountName.old..."
Rename-Item -Path "C:\Users\$SamAccountName" -NewName "$SamAccountName.old" -Force -ErrorAction "SilentlyContinue" | Out-Null
Write-Verbose "Renaming AppData folder to prevent any corruptions from being moved to the new profile."
Rename-Item -Path "C:\Users\$SamAccountName.old\AppData" -Destination "C:\Users\$SamAccountName.old\OLDAppData" -Force -ErrorAction "SilentlyContinue" | Out-Null
Write-Output "[*] If the user uses sticky notes they are located here: `n`tC:\Users\$SamAccountName\AppData\Roaming\Microsoft\Sticky Notes "
} # End If
Else {
Throw "[!] No user directory found at C:\Users\$SamAccountName Ending script."
} # End Else
} # End Function Copy-BackupProfile
Copy-BackupProfile -SamAccountName $SamAccountName -Verbose
} # End BEGIN
PROCESS {
# PART TWO
Function Get-UserSid {
[CmdletBinding()]
param(
[Parameter(Mandatory = $True,
Position = 0,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True,
HelpMessage = "Enter a SamAccountName for the user profile. Example: OsbornePro\rob.osborne"
)] # End Parameter
[string[]]$SamAccountName) # End param
$ObjUser = New-Object System.Security.Principal.NTAccount($SamAccountName)
$ObjSID = $ObjUser.Translate([System.Security.Principal.SecurityIdentifier])
If (!($null -eq $ObjSID)) {
$ObjSID.Value
} # End If
Else {
Write-Warning "SID Lookup failed."
} # End Else
} # End Function Get-UserSid
$SID = Get-UserSid -SamAccountName "$Domain\$SamAccountName" -Verbose
# PART THREE
Function Remove-CorruptUserProfileRegistryItem {
[CmdletBinding()]
param(
[Parameter(Mandatory = $True,
Position = 0,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True,
HelpMessage="Enter the users SamAccountName. Example: rob.osborne")] # End Parameter
[string[]]$SID) # End param
$ProfileListPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$SID"
$ProfileGuidPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileGUID"
If (Test-Path -Path $ProfileListPath) {
$CorruptedUser = (Get-ItemProperty -Path $ProfileListPath -Name "ProfileImagePath" | Select-Object -ExpandProperty "ProfileImagePath").Replace('C:\Users\','')
Read-Host "Is $CorruptedUser the user with a corrupted profile? Press Ctrl+C to cancel and Enter to continue deleting the profile."
Remove-Item -Path $ProfileListPath -Recurse -Force
} # End If
Else {
Write-Output "[!] $ProfileListPath location not found."
} # End Else
If (Test-Path $ProfileGuidPath) {
$GUIDs = Get-ChildItem $ProfileGuidPath | Select-Object -ExpandProperty "PsChildName"
ForEach ($GUID in $GUIDs) {
$SidGuid = Get-ItemProperty -Path "$ProfileGUIDPath\$GUID" | Select-Object -ExpandProperty "SidString"
If ($SidGuid -eq $SID) {
Remove-Item -Path "$ProfileGuidPath\$GUID" -Recurse -Force
} # End If
} # End ForEach
} # End If
Else {
Write-Output "[!] $ProfileGuidPath location not found."
} # End Else
} # End Function Remove-CorruptUserProfile
} # End PROCESS
END {
Remove-CorruptUserProfileRegistryItem -SID $SID -Verbose
Read-Host -Prompt "[*] Press Enter to Restart Computer now or press Ctrl+C to complete the rest of this task later."
Restart-Computer -Force
} # End END
} # End Function Remove-CorruptedUserProfile