OCPN: Orbital Cached Profile Nuker v3

1. :: Purpose:         A wrapper for delprof2.exe from Helge Klein ( http://helgeklein.com/free-tools/delprof2-user-profile-deletion-tool/ )
2. ::                  on computers listed in the names file or individually. Works with Vista.
3. :: Requirements:    1. Administrator rights on whatever machine you're running against
4. ::                  2. Files:
5. ::                     - Delprof2.exe. Tested with version MD5: E425F2354159E7B8F0283E213177ED67
6. ::                     - psexec.exe
7. ::                     - names.txt file [OPTIONAL] -- A list of computers to run against, one name or IP address per line.
8. ::                     Files may be in any of the following locations:
9. ::                      a) the directory you run the script from
10. ::                      b) in the system PATH variable
11. ::                      c) c:\windows\system32\
12. :: Author:          vocatus on reddit.com/r/sysadmin
13. ::                  Helge Klein -- Delprof2.exe
14. :: History:         3.0 Branched off OCPN2 v2.7, changed to use DelProf2.exe instead of the DeleteProfiles.vbs script
15. ::                      + Added standard commenting blocks to Variables and various other sections
16. ::                      / Log file collection & compilation changed. Logs are now:
17. ::                          1. Collected locally in a temp directory
18. ::                          2. Uploaded to their respective hosts after completion (so there's a local record that the script ran)
19. ::                          3. Compiled into a single master log on the initiating system
20. ::                  2.7 Cleaned up required files check into proper IF statements
21. ::                  2.6 Added function to clear errorlevel in mass upload loop
22. ::                  2.5 Major code upgrade.
23. ::                      - Logging function massively improved and debugged
24. ::                      - Many glitches and failures fixed.
25. ::                  2.4 skipped
26. ::                  2.3 Some code cleanup and logging improvement.
27. ::                  2.2 Changes:
28. ::                      - Added verbose flag to run-once portion
29. ::                      - Improved log file rotation section significantly
30. ::                      - Added ping -n 2 >NUL to the log collector loop, to prevent tripping McAfee
31. ::                  2.1 Changes:
32. ::                      - Added log rotation code to auto-archive and age out log files
33. ::                      - Added "PAYLOAD" variable to represent the DeleteProfiles.vbs script
34. ::                      - Added check for existence of the .vbs script
35. ::                  2.0 Complete and major re-write, meant as a complete replacement for OCPN.bat
36. ::                      - Now uses DeleteProfiles.vbs from Joe Shonk for more accuracy and compatibility
37. ::                      - Fetches log files from remote computer after operation
38. ::                      - Logs which registry keys deleted and why they were deleted
39. ::                      - Can be invoked by specifying either a host or 'all' as the first argument, followed by
40. ::                        the number of days. Example: OCPN2.bat all 30
41.  
42. :: Prep
43. SETLOCAL
44. @echo off
45. cls
46. set VERSION=3.0
47. title Orbital Cached Profile Nuker v%VERSION%
48.  
49.  
50. :::::::::::::::
51. :: VARIABLES :: -- Set these
52. :::::::::::::::
53. :: Rules for variables:
54. ::  * NO quotes!                       (bad:  "c:\directory\path"       )
55. ::  * NO trailing slashes on the path! (bad:   c:\directory\            )
56. ::  * Spaces are okay                  (okay:  c:\my folder\with spaces )
57. ::  * Network paths are okay           (okay:  \\server\share name      )
58. ::                                     (       \\172.16.1.5\share name  )
59.  
60. :: Names file is a list of systems you want to act against. One system IP or hostname per line, list can contain both systems and hostnames
61. set NAMES_FILE=names_workstations.txt
62.  
63. :: Specify profile's to exclude from checking. Can use the wildcards * and ?.
64. set EXCLUDE_PROFILES=admin.nti
65.  
66. :: Timeout in seconds before giving up on a host and moving on to the next one.
67. set CONNECTION_TIMEOUT=3
68.  
69. :: Logging information
70. set LOGPATH=%SystemDrive%\Logs
71. set LOGFILE=%COMPUTERNAME%_OCPN3.log
72.  
73. :: Don't change anything below this line.
74. :: If you you will break something and somewhere a puppy will die.
75. set TARGET=%1
76. set RUN_ONCE=false
77. set DAYS=%2
78.  
79.  
80. ::::::::::::::::::::::::::
81. :: REQUIRED FILES CHECK ::
82. ::::::::::::::::::::::::::
83.  
84. :: Test if we're missing DelProf2.exe (the program that does the work)
85. if not exist Delprof2.exe (
86.         color 0c
87.         echo.
88.         echo  ERROR:
89.         echo.
90.         echo  Cannot find Delprof2.exe. Place Delprof2.exe in
91.         echo  the same directory as this script to continue.
92.         echo.
93.         pause
94.         goto end
95.         )
96.  
97. :: Test if we're missing PsExec
98. IF EXIST psexec.exe goto run_test
99. IF EXIST "%SystemDrive%\Program Files\SysInternalsSuite\psexec.exe" goto run_test
100. IF EXIST %WINDIR%\system32\psexec.exe goto run_test
101. color 0c
102.     echo.
103.     echo  ERROR:
104.     echo.
105.     echo  Cannot find PsExec.exe. Place PsExec.exe in
106.     echo  the same directory as this script to continue.
107.     echo.
108. pause
109. goto end
110.  
111. :: Test if we're doing a run-once
112. :run_test
113. IF '%1%'=='all' goto multiple_pc_run_once
114. IF NOT '%1%'=='' goto single_pc_run_once
115. cls
116.  
117. ::::::::::::::::::::
118. :: WELCOME SCREEN ::
119. ::::::::::::::::::::
120. :welcome
121. set DAYS=60
122. color 17
123. echo.
124. echo  *********************************************************
125. echo  *                                                       *
126. echo  *         ORBITAL CACHED PROFILE NUKER (OCPN) v%VERSION%      *
127. echo  * ----------------------------------------------------- *
128. echo  * Nuke them from orbit. It's the only way to be sure.   *
129. echo  *                                                       *
130. echo  * Windows XP/Vista/7/8 caches user profiles at login,   *
131. echo  * which use a lot of space over time. This script       *
132. echo  * deletes profiles which haven't been logged into in a  *
133. echo  * a long time.                                          *
134. echo  *                                                       *
135. echo  * Run this script with NETWORK ADMIN rights. Local      *
136. echo  * admin rights aren't enough.                           *
137. echo  *                                                       *
138. echo  *********************************************************
139. echo.
140. echo  Current settings
141. echo     Names file:         %NAMES_FILE%
142. echo     Connection timeout: %CONNECTION_TIMEOUT% seconds
143. echo     Profile exclusions: %EXCLUDE_PROFILES%
144. echo     Log location:       %LOGPATH%
145. echo.
146. echo   Edit this script with a text editor to customize these options.
147. echo.
148. :single_pc_loop
149. title OCPN3 v%VERSION%
150. echo.
151. set /p TARGET=Enter IP, hostname or 'all':
152.     if %TARGET%==exit goto end
153. set /P DAYS=  Nuke profiles older than how many days? [%DAYS%]:
154.     if %DAYS%==exit goto end
155.     if %TARGET%==all color && goto multiple_pc_go
156.  
157. color
158. set RUN_ONCE=false
159. goto single_pc_go
160.  
161.  
162.  
163. :: ===================================================== ::
164. ::            START OF SINGLE TARGET SECTION             ::
165. :: ===================================================== ::
166.  
167. :::::::::::::::::::::::::
168. :: COMMAND-LINE CHECKS ::
169. :::::::::::::::::::::::::
170. :single_pc_run_once
171. set RUN_ONCE=true
172. if '%2%'=='' goto single_pc_run_once_need_days
173. goto single_pc_go
174.  
175. :single_pc_run_once_need_days
176. set DAYS=30
177. echo.
178. echo  Target: %TARGET%
179. echo.
180. set /P DAYS=  Nuke profiles older than how many days? [%DAYS%]:
181. if %DAYS%==exit goto end
182. goto single_pc_go
183.  
184. :::::::::::::::
185. :: EXECUTION ::
186. :::::::::::::::
187. :single_pc_go
188. title OCPN v%VERSION%: Nuking profiles, please wait...
189.  
190. echo.
191. echo  ===========================================
192. echo  =========== Beginning OCPN3 run ===========
193. echo  ===========================================
194. echo.
195. echo  == Prepping target...                    ==
196. :: We need to make sure the RemoteRegistry service is running, otherwise delprof2 will fail.
197. ping -n 1 %TARGET% >NUL
198. psexec -n %CONNECTION_TIMEOUT% \\%TARGET% cmd /c (sc config RemoteRegistry start= auto ^& net start RemoteRegistry) >> %LOGPATH%\%LOGFILE%
199. echo  == Done.                                 ==
200. echo.
201. echo  == Enumerating candidate accounts...     ==
202. echo.
203. :: Flags: /u unattended, /i ignore errors, /c:\\ run on the specified remote system, /d: profiles older than x days
204. delprof2 /U /I /C:\\%TARGET% /D:%DAYS% /ED:%EXCLUDE_PROFILES% /L
205. echo.
206. echo  == Done.                                 ==
207. echo.
208.  
209. :: Give us one last chance to back out
210. echo  ! Read the above list of accounts carefully, and note which WILL and WILL NOT be deleted.
211. echo    Okay to continue?
212. echo.
213. echo    YOU CANNOT UNDO THIS ACTION!
214. echo.
215. set CHOICE=n
216. set /P CHOICE=  Proceed? [y/N]:
217.     if %CHOICE%==exit goto end
218.     if %CHOICE%==n goto :welcome
219. echo.
220. echo  == Nuking accounts...                    ==
221. echo.
222. delprof2 /U /I /C:\\%TARGET% /D:%DAYS% /ED:%EXCLUDE_PROFILES% >> %LOGPATH%\%TARGET%_OCPN3.log
223. echo  == Done.                                 ==
224. echo.
225. echo  == Uploading log to target...            ==
226. :: Copy the log file to the target and to our master log, then delete the temp one
227. copy %LOGPATH%\%TARGET%_OCPN3.log \\%TARGET%\C$\Logs\%TARGET%_OCPN3.log /Y >NUL
228. type %LOGPATH%\%TARGET%_OCPN3.log >> %LOGPATH%\OCPN3_master.log
229. del /q %LOGPATH%\%TARGET%_OCPN3.log >NUL
230. if %ERRORLEVEL%==0 echo. && echo  == Done.                                 ==
231. if %ERRORLEVEL%==1 echo. && echo  == Failed.                               ==
232.  
233. ::::::::::::
234. :: REPORT ::
235. ::::::::::::
236. echo.
237. echo  ===========================================
238. echo  ============ OCPN3 run complete ===========
239. echo  ===========================================
240. echo.
241. echo   Profiles %DAYS% days or older were deleted from %TARGET%
242. echo.
243. echo   Logfile is at:     %LOGPATH%\%LOGFILE%
244. echo   Accounts with the text "%EXCLUDE_PROFILES%" in their names were excluded.
245. echo.
246. set TARGET=
247. if %RUN_ONCE%==true goto end
248. goto single_pc_loop
249. :: ===================================================== ::
250. ::             END OF SINGLE TARGET SECTION              ::
251. :: ===================================================== ::
252.  
253.  
254.  
255.  
256. :: ===================================================== ::
257. ::           START OF MULTIPLE TARGET SECTION            ::
258. :: ===================================================== ::
259.  
260. :::::::::::::::::::::::::
261. :: COMMAND-LINE CHECKS ::
262. :::::::::::::::::::::::::
263. :multiple_pc_run_once
264. set RUN_ONCE=true
265. if '%2%'=='' goto multiple_pc_run_once_need_days
266. goto multiple_pc_go
267.  
268. :multiple_pc_run_once_need_days
269. echo.
270. echo  Target: All computers listed in %NAMES_FILE%
271. echo.
272. set /P DAYS=  Nuke profiles older than how many days? (30 recommended):
273. if %DAYS%==exit goto end
274. goto multiple_pc_go
275.  
276.  
277. :::::::::::::::
278. :: EXECUTION ::
279. :::::::::::::::
280. :multiple_pc_go
281. title Nuking profiles, please wait...
282.  
283. :: Make a temp directory for log compilation later
284. rmdir /s /q %TEMP%\OCPN3 >NUL
285. mkdir %TEMP%\OCPN3 >NUL
286.  
287. cls
288. echo.
289. echo  LETS ROCK!!
290. echo.
291. echo  Will delete cached profiles %DAYS% days and older on all computers
292. echo  listed in the "%NAMES_FILE%" file.
293. echo.
294. echo  ===========================================
295. echo  ======== Beginning OCPN3 mass run =========
296. echo  ===========================================
297. echo.
298. echo  == Prepping targets...                   ==
299. echo.
300.  
301. :::::::::::::::::
302. :: TARGET PREP ::
303. :::::::::::::::::
304. :: Target prep:
305. ::   1. Ping host
306. ::   2. Make a logs directory if it doesn't already exist
307. ::   3. Unlock and start the RemoteRegistry service
308. ::   4. Report back for each host success or failure
309. for /F %%i in (%NAMES_FILE%) do (
310.     ping %%i -n 1 >NUL
311.     psexec -n %CONNECTION_TIMEOUT% \\%%i cmd /c (sc config RemoteRegistry start= auto ^& net start RemoteRegistry ^& mkdir %SystemDrive%\Logs)
312.     :: Broken. Something to do with nested loops. eh.
313.     ::if %ERRORLEVEL%==0 echo     %%i ... OK
314.     ::if %ERRORLEVEL%==1 echo     %%i ... FAILED
315.     )
316. echo.
317. echo  == Done.                                 ==
318. echo.
319. echo  == Deleting profiles on targets...       ==
320.  
321. ::::::::::::::
322. :: DELETION ::
323. ::::::::::::::
324. :: Do the actual profile deletion
325. :: Log each machine's results to an individual log file.
326. :: Later we'll upload these logs individually, then compile them into a master log locally.
327. for /F %%i in (%NAMES_FILE%) do (
328.     ping %%i -n 1 >NUL
329.     delprof2 /U /I /C:\\%%i /D:%DAYS% /ED:%EXCLUDE_PROFILES% >> %TEMP%\OCPN3\%%i
330.     )
331.  
332. echo.
333. echo  == Done.                                 ==
334. echo.
335. echo  == 1 min cooldown till log upload...     ==
336. ping localhost -n 30 >NUL
337. echo.
338. echo  == 30 sec cooldown remaining...          ==
339. ping localhost -n 30 >NUL
340. echo.
341. echo  == Cooldown done.                        ==
342. echo.
343. echo  == Beginning log upload...               ==
344. echo.
345.  
346. ::::::::::::::::
347. :: LOG UPLOAD ::
348. ::::::::::::::::
349. ::  1. Ping the remote target
350. ::  2. Copy the log from the profile deletion to the remote target's log directory
351. ::  3. Report OK/FAILED on each copy operation
352. for /F %%i in (%NAMES_FILE%) do (
353.     ping %%i -n 1 >NUL
354.     copy %TEMP%\OCPN3\%%i \\%%i\C$\Logs\%%i_OCPN3.log /Y >NUL
355.     if %ERRORLEVEL%==0 echo     %%i ... OK
356.     if %ERRORLEVEL%==1 echo     %%i ... FAILED
357.     )
358. echo.
359. echo  == Done.                                 ==
360.  
361. ::::::::::::::::::
362. :: LOG ROTATION ::
363. ::::::::::::::::::
364. echo.
365. echo  == Rotating master log...                ==
366. :: Log file rotation. Archives up to 7 backups, ".log" through ".log6".
367. :: Rotate & age out master logs, then create new blank log
368. IF EXIST %LOGPATH%\OCPN3_master.log6 del %LOGPATH%\OCPN3_master.log6
369. IF EXIST %LOGPATH%\OCPN3_master.log5 rename %LOGPATH%\OCPN3_master.log5 OCPN3_master.log6
370. IF EXIST %LOGPATH%\OCPN3_master.log4 rename %LOGPATH%\OCPN3_master.log4 OCPN3_master.log5
371. IF EXIST %LOGPATH%\OCPN3_master.log3 rename %LOGPATH%\OCPN3_master.log3 OCPN3_master.log4
372. IF EXIST %LOGPATH%\OCPN3_master.log2 rename %LOGPATH%\OCPN3_master.log2 OCPN3_master.log3
373. IF EXIST %LOGPATH%\OCPN3_master.log1 rename %LOGPATH%\OCPN3_master.log OCPN3_master.log2
374. IF EXIST %LOGPATH%\OCPN3_master.log rename %LOGPATH%\OCPN3_master.log OCPN3_master.log1
375. echo. > %LOGPATH%\OCPN3_master.log
376. echo.
377. echo  == Done.                                 ==
378. echo.
379. echo  == Compiling log files...                ==
380.  
381. :::::::::::::::::::::
382. :: LOG COMPILATION ::
383. :::::::::::::::::::::
384. :: This loop compiles all the log files into a single master log.
385. :: It's ugly but it seems to work.
386. :: For each file in %TEMP%\OCPN3 of type any (*), insert it into the %%i variable and then:
387. ::  1. Echo a blank line into the master log file
388. ::  2. Echo the file name into the master log file
389. ::  3. Echo a divider line into the master log file
390. ::  4. Echo the contents of that system's logfile into the file
391. for /f %%i in (%NAMES_FILE%) do (
392.     echo. >> %LOGPATH%\OCPN3_master.log
393.     echo %%i >> %LOGPATH%\OCPN3_master.log
394.     echo ================================================================ >>%LOGPATH%\OCPN3_master.log
395.     type %TEMP%\OCPN3\%%i >> %LOGPATH%\OCPN3_master.log
396.     )
397.  
398. :: old (alternate) way of doing it
399. REM FOR /r %TEMP%\OCPN3 %%i in (*) DO (
400.     REM echo. >> %LOGPATH%\OCPN3_master.log
401.     REM echo %%i >> %LOGPATH%\OCPN3_master.log
402.     REM echo ================================================================ >>%LOGPATH%\OCPN3_master.log
403.     REM type %%i >> %LOGPATH%\OCPN3_master.log
404.     REM )
405.    
406.  
407. echo.
408. echo  == Done.                                 ==
409. echo.
410. echo  == Cleaning up...                        ==
411. rmdir %TEMP%\OCPN3 /S /Q
412. echo.
413. echo  == Done.                                 ==
414. echo.
415. echo  == THESE ACCOUNTS WERE DELETED:          ==
416. echo.
417. :: Display all deleted accounts
418. findstr "^\\[a-z]*" %LOGPATH%\OCPN3_master.log
419. echo.
420. echo  ===========================================
421. echo  ========= OCPN mass run complete ==========
422. echo  ===========================================
423. echo.
424. echo   All profiles %DAYS% days or older were deleted.
425. echo   Logfile: %LOGPATH%\OCPN3_master.log
426. echo.
427. echo   Accounts with the text "%EXCLUDE_PROFILES%" in their name were excluded.
428. echo.
429. set TARGET=
430. if %RUN_ONCE%==true goto end
431. goto single_pc_loop
432.  
433. :: ===================================================== ::
434. ::             END OF MULTIPLE TARGET SECTION            ::
435. :: ===================================================== ::
436.  
437.  
438. :end
439. color
440. ENDLOCAL