Windows - Maintenance Tasks - Remove Old User Profiles

What the profile removal Worklet does

This Automox Worklet™ removes Windows user profiles that have exceeded a configurable age threshold, typically 30 days of inactivity. The Worklet analyzes each profile's last usage timestamp and compares it against your specified age limit to determine which profiles qualify for removal.

The Worklet protects critical system accounts from removal, including Local Service, Network Service, SYSTEM, and any usernames you explicitly whitelist. It tracks the total disk space freed from removed profiles and logs which accounts were deleted for auditing purposes.

Why remove old user profiles from Windows endpoints

Accumulated user profiles consume significant disk space over time, especially in shared endpoint environments where temporary users frequently log in and out. Removing profiles from inactive users directly reduces storage utilization and improves overall endpoint performance.

Beyond storage benefits, inactive profiles present a security risk. Old profiles may contain cached credentials, temporary files, and historical data that unauthorized users could potentially access. Automating profile cleanup maintains consistent compliance with your data retention policies across all endpoints.

For IT operations teams, manual profile management is time-consuming and error-prone. This Worklet automates the entire process, eliminating repetitive administrative tasks while maintaining a detailed audit trail of removed accounts.

How user profile removal works

1. Evaluation phase: The Worklet queries the Windows Management Instrumentation (WMI) class Win32_UserProfile to retrieve all local user profiles. It compares each profile's LastUseTime attribute to the current date and calculates the age in days. Profiles exceeding your age threshold are flagged for remediation. The Worklet also monitors the NTUSER.DAT file's last write time as an alternative indicator of account activity.

2. Remediation phase: For each profile exceeding the age threshold, the Worklet calculates the total disk space consumed before deletion. It then removes the profile's directory tree and associated registry hive. The Worklet registers a scheduled task that logs subsequent logon events to improve future age calculation accuracy. After completing all removals, it reports the total count of removed profiles and the amount of disk space freed.

Profile removal requirements

• Windows Server 2016 or later, or Windows 10 and later

• Administrative privileges on the target endpoint

• ageLimit parameter: number of days to determine profile inactivity (default: 30)

• whitelistedUsers parameter (optional): comma-separated usernames to exclude from removal

• Profiles must not be in active use at the time of removal

Expected profile cleanup state

After successful remediation, your endpoint will contain only active user profiles. Profiles exceeding your age threshold have been completely removed, including their C:\Users directory entries and associated registry hives. The endpoint's available disk space increases by the amount previously consumed by deleted profiles. You can verify this change through the Automox Activity Log or by checking the endpoint configuration directly.

You can verify the cleanup by checking the Worklet's output log, which shows the exact count of removed profiles and total disk space freed. If you run the Worklet again, it reports zero profiles for removal, indicating compliance with your age threshold policy.

How to validate remove old user profiles changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for remove old user profiles.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Check-EventHook, Get-ScheduledTask, Check-NTUserDat.

4. Validate remediation effects from script operations such as Get-DirectorySize, Test-Path, Write-Error, then rerun evaluation for compliance.