'************************************************************************
'DESCRIPTION:   Local Profile Scrubber removes profile folders and reg	|
'               SIDs Run in Safe Mode for best results.					|
'WRITTEN BY:    Daniel M. Jones											|
'DATE:			August 24, 2009											|
'UPDATE:		This script does not work on windows 2000				|
'************************************************************************

on error resume next

'************************************************************************************************************************************************
' VARIABLE DEFINITION
'************************************************************************************************************************************************

CONST HKEY_LOCAL_MACHINE = &H80000002
CONST HKEY_USERS = &H80000003
CONST LOG_FILE = "C:\Windows\System32\Services\ProfileScrubber\log.txt"
CONST OBSOLETE_AGE = 30'days
CONST UNKNOWN = "Chickenless Soup"

dim arrInvalidProfiles(9)
dim arrProfiles()
dim arrSelectedProfiles()
dim strComputer
dim strCurrentUser

arrInvalidProfiles(0) = "Administrator"
arrInvalidProfiles(1) = "All Users"
arrInvalidProfiles(2) = "LocalService"
arrInvalidProfiles(3) = "NetworkService"
arrInvalidProfiles(4) = "NMH"
arrInvalidProfiles(5) = "NMH Default"
arrInvalidProfiles(6) = "Default User"
arrInvalidProfiles(7) = "systemprofile"
arrInvalidProfiles(8) = "guest"
arrInvalidProfiles(9) = "doctor"

set objArgs  = Wscript.Arguments
set objFSO   = WScript.CreateObject("Scripting.FileSystemObject")
set objReg   = nothing
set objShell = WScript.CreateObject("WScript.Shell")

'************************************************************************************************************************************************
' FUNCTIONS
'************************************************************************************************************************************************
	
function getUserSID (strUser)
	getUserSID = UNKNOWN
	for i = 0 to ubound(arrSIDs)
		objReg.GetExpandedStringValue HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & arrSIDs(i), "ProfileImagePath", strProfilePath
		if (inStr(strProfilePath, strUser)) then
			getUserSID = arrSIDs(i)
			exit function
		end if
	next
end function

function isValidProfile(strProfilePath)
	isValidProfile = true
	if NOT (objFSO.FolderExists(strProfilePath)) then
		isValidProfile = false
		exit function
	end if

	intProfileAge = cint(now - objFSO.GetFolder(strProfilePath).DateLastModified)
	if (intProfileAge <= OBSOLETE_AGE) then isValidProfile = false
		
	strUser = lcase(right(strProfilePath, len(strProfilePath) - inStrRev(strProfilePath, "\")))
	for each strInvalidProfile in arrInvalidProfiles
		if (lcase(strUser) = lcase(strInvalidProfile)) then isValidProfile = false
	next
	if (strCurrentUser = strUser) then isValidProfile = false
end function

function removeProfile (strProfilePath)
	if (objFSO.FolderExists(strProfilePath)) then
		objFSO.DeleteFolder strProfilePath, true
	end if
end function

function cleanRegistry(strSID)
	if (strSID <> UNKNOWN) then objReg.DeleteKey HKEY_USERS, strSID
	objReg.GetStringValue HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & strSID, "Guid", strGuid
	objReg.DeleteKey HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & strSID
	objReg.DeleteKey HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileGuid\" & strGuid
	objReg.DeleteKey HKEY_USERS, "PE_" & ucase(left(strProfile, 1)) & "_" & ucase(right(strProfile, len(strProfile) - 1))
	objReg.DeleteKey HKEY_USERS, strSID
end function

'************************************************************************************************************************************************
' BEGIN
'************************************************************************************************************************************************

do
	set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")	
	set colProfiles = objFSO.GetFolder("c:\documents and settings\").SubFolders
	set objFile = objFSO.OpenTextFile(LOG_FILE, 8, true, -2)
	
	objReg.EnumKey HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", arrSIDs
	strComputer = objShell.RegRead ("HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName")
	strCurrentUser = objShell.RegRead ("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName")
	
	objFile.WriteLine vbNewLine & "Starting Profile Scrubber: " & now & vbNewLine

	for each objProfile in colProfiles
		strProfile = objProfile.Path
		if (isValidProfile(strProfile)) then
			strStatus = "Deleted "
			removeProfile(strProfile)
			if (objFSO.FolderExists(strProfile)) then strStatus = "Could not delete "
			objFile.WriteLine strStatus & right(strProfile, len(strProfile) - inStrRev(strProfile, "\")) & " @ " & now
		end if
	next

	for i = 0 to ubound(arrSIDs)
		strSID = arrSIDs(i)
		objReg.GetExpandedStringValue HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & strSID, "ProfileImagePath", strProfile
		if (isValidProfile(strProfile)) then
			cleanRegistry(strSID)
		end if
	next

	objFile.Close
	wscript.sleep 3600000
loop