Deleting User Profiles with WMI

Started by mathia, January 17, 2019, 08:33:18 PM

Previous topic - Next topic

mathia

I can enumerate them as well as locate using the SID, but I am unable to delete them using the delete method.  Anyone with experience in doing this?  I know it can be done with Powershell, but I would rather use Winbatch if possible. Might have to shell out to PS or invoke, but I'd rather avoid that if possible.  Here's my code:

objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
profiles = objWMIService.ExecQuery("Select * from Win32_UserProfile where Loaded='false'")
sPrinterInfo = ""
; Iterater through each printer and collect
profilelist=''
ForEach profile In profiles
   name=profile.localpath
   sid=profile.sid
   profilelist=iteminsert('%name%,%sid%',-1,profilelist,'|')
Next
profile = ""
profiless = ""
objWMIService = ""

Todelete=askitemlist("User Profiles", profilelist,'|',@sorted,@multiple)
; Clean up
items=itemcount(todelete,'|')
for j=1 to items
   current=itemextract(j,todelete,'|')
   sid=itemextract(2,current,',')
   objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
;   query=
   profiles = objWMIService.ExecQuery("Select * from Win32_UserProfile where sid='%sid%'")
;   colInstalledPrinters.delete
   ForEach profile In profiles
      name=profile.localpath
      sid=profile.sid
      profile.delete()
   Next
profile = ""
profiless = ""
objWMIService = ""

td

The "Win32_UserProfile" class does not have a delete method so that certainly isn't going to work.  See:

https://msdn.microsoft.com/en-us/library/windows/desktop/hh830632(v=vs.85).aspx

All Powershell is using WMI for is the same thing WinBatch would use it for, to find user information.    There are many ways to delete a local user profile without using Powershell.  For example, you can use "net user username /DELETE" from a command prompt or WinBatch Run command to delete a local user profile. The easiest method might be to use the Win32 Network Extender's wntProfileDel function.  You can find more information about the function in the Consolidated WIL Help file.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

mathia

I will look into one of the other methods.
There is a hidden delete method in Win32_UserProfile, but I don't know how to access/use it.  The only way I have found to expose it is to use PSBASE, which is part of Poweshell and gives a raw view of an object.  Powershell can natively access the delete method, but Winbatch cannot.  I'm guessing the only way to use it is to instantiate the powershell object so that the reference to Pbase is valid.  You can see it using this command:  (gwmi win32_userprofile)[0].psbase | gm
One of the first references I saw to the hidden delete method was here:  https://powershell.org/forums/topic/get-wmiobject-delete-method/

So...it does seem to exist, but is not one of the default methods that powershell exposes.  Not sure how anyone found it as it is not part of the Microsoft documentation for Win32_UserProfile.

td

I believe you are confusing technologies.  WMI is at its root COM-based.  PowerShell uses a .Net cover to access Windows WMI COM-based interfaces.   The COM-based interfaces are what WinBatch COM Automation uses directly to access WMI as well.   PowerShell is implementing an extension to the COM-based WMI interface that is .Net-based but not part of the COM-based interface.  So PowerShell has a "Delete" method that appears to be part of the Windows system WMI interface but likely is just a cover for a call to the same Win32 API function that WinBatch's wntProfileDel function uses.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

mathia

You are probably correct, now that I think about it.  It did seem odd that it's only accessible via powershell.

Thanks for your answers.

td

Doesn't seem all that odd.  In object-oriented design, classes are abstractions that purposefully hide the underlying implementation.  The implementations can use any number of different technologies that are masked by the abstraction of the class.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade