Windows - Maintenance Tasks - Get Device User Profiles

What the user profile audit Worklet does

This Automox Worklet™ queries the Windows Management Instrumentation (WMI) interface to enumerate all user profiles on an endpoint. The Worklet collects three key data points for each profile: the username, the total size of the profile directory in bytes (converted to human-readable format), and the number of days elapsed since that user's last logon.

The Worklet uses a custom PowerShell function to recursively calculate directory sizes, accounting for both files and subdirectories within each profile. It formats the output as a table and writes it to the Automox Activity Log, making the data immediately available for review and analysis.

Why collect user profile data

Endpoints can run out of storage unexpectedly, causing application failures and lost productivity. Without visibility into which user profiles consume the most disk space, you cannot pinpoint the root cause of storage issues. User profile data provides critical insights into endpoint health and resource consumption. Profiles that have grown to unusual sizes may indicate corrupted cache files, accumulated temporary data, or excessive logging. Identifying these issues helps you maintain optimal endpoint performance and prevent storage-related problems.

The last-logon timestamp helps you identify inactive user accounts. Removing old profiles for users who no longer access an endpoint reclaims storage space and simplifies maintenance. Understanding profile activity patterns also assists with compliance auditing and user access reviews.

Running this Worklet on a periodic schedule provides a baseline understanding of your endpoint environment. You can detect anomalies, plan storage capacity, and make informed decisions about profile cleanup or user re-provisioning.

How user profile auditing works

1. Evaluation phase: The Worklet validates current endpoint state and identifies non-compliant conditions.

2. Remediation phase: The Worklet applies get endpoint user profiles changes required to reach the target state.

User profile audit requirements

• Windows Server 2012 R2 or later, or Windows 10 and later

• Administrator privileges required to execute the Worklet

• WMI must be functional on the endpoint (typically enabled by default)

• FixNow support available for immediate on-demand execution via RunNow

Expected audit output

After execution, your endpoints will have profile data collected and logged to the Automox Activity Log. The Activity Log displays a table with a row for each user profile on the endpoint. Each row shows the username, the human-readable profile size, and the number of days since last logon. Users with no recorded last-logon time appear with the current date as the baseline (zero days since last logon).

You can use this data to identify storage hogs, locate inactive accounts for removal, and monitor profile growth over time. Running the Worklet repeatedly provides historical perspective on how your endpoint user ecosystems change.

How to validate get endpoint user profiles changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for get endpoint user profiles.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as the evaluation and remediation scripts.

4. Validate remediation effects from script operations such as Get-DirectorySize, ConvertTo-LowestDenomination, Get-CimInstance, then rerun evaluation for compliance.