How do I remove all user profiles from a shared computer except for the ones in a csv file and an array?

huangapple go评论62阅读模式
英文:

How do I remove all user profiles from a shared computer except for the ones in a csv file and an array?

问题

这是我写的原始脚本。PowerShell 不会显示预定数组中的任何系统配置文件,但它完全忽略了任何用户是否存在于 CSV 文件中。当我运行脚本时,它会输出存在于 CSV 文件中的用户,但不会输出与我在数组中列出的配置文件匹配的任何配置文件。

$ADUsers = Import-CSV -Path C:\users\username\Desktop\DiskSpaceCleanup.csv | Sort SamAccountName
$ExcludedProfiles = @('administrator','Public','default','DOMAIN\administrator','NetworkService','LocalService','systemprofile')

$OnHardDrive = Get-CimInstance -ClassName Win32_UserProfile  

$userstoremove = @()
foreach($user in $OnHardDrive){
    if(($ADUsers -notcontains $user.LocalPath.split('\')[-1]) -and ($ExcludedProfiles -notcontains $user.LocalPath.split('\')[-1])){
        $userstoremove += $user
    }
}

$userstoremove.LocalPath | Format-Table

我预期这段代码会输出不在 $ExcludedProfiles 数组中的用户和不在 $ADUsers 数组中的用户。

实际发生的情况是,CSV 文件中的用户和用户配置文件未从结果中排除,但我在 $ExcludedProfiles 数组中指定的用户被排除了。

有关如何从结果中筛选出 CSV 文件中的用户的建议吗?

英文:

This is the original script I wrote. PowerShell will not display any of the system profiles in the pre determined array, but it completely disregards the fact that any of the users exist within the csv file. When I run the script, it spits out users that exist within the csv file, but not any of the profiles that match the profiles I have listed in the array.

$ADUsers = Import-CSV -Path C:\users\username\Desktop\DiskSpaceCleanup.csv | Sort SamAccountName
$ExcludedProfiles = @('administrator','Public','default','DOMAIN\administrator','NetworkService','LocalService','systemprofile')


$OnHardDrive = Get-CimInstance -ClassName Win32_UserProfile  

$userstoremove = @()
foreach($user in $OnHardDrive){
    if(($ADUsers -notcontains $user.LocalPath.split('\')[-1]) -and ($ExcludedProfiles -notcontains $user.LocalPath.split('\')[-1])){
        $userstoremove += $user
    }
}

$userstoremove.LocalPath | Format-Table

I was expecting this code to output anyone who is not in the $ExcludedProfiles array and anyone that is not in the $ADUsers array.

What actually ends up happening is the users in the csv file and the user profiles are not excluded from the results and the users I specified in the $ExcludedProfiles array are.

Any advice on how to filter out the users in the csv file from the results?

答案1

得分: 1

这可能是一种更健壮的方法,它通过将[NTAccounts](https://learn.microsoft.com/en-us/dotnet/api/system.security.principal.ntaccount?view=netframework-4.8)翻译成它们对应的[SID](https://learn.microsoft.com/en-us/dotnet/api/system.security.principal.securityidentifier?view=net-7.0),然后与从`Get-CimInstance -ClassName Win32_UserProfile`返回的对象的SID属性进行比较来实现。我只将您当前的列表中的`SystemProfile`更改为`System`,以实际定位到`NT AUTHORITY\System`
__值得注意的是,此解决方案仅适用于英文区域设置。感谢[iRon](https://stackoverflow.com/users/1701026/iron)指出这一点。__

[Collections.Generic.HashSet[Security.Principal.SecurityIdentifier]] $excludedSIDs = @(
(Import-CSV -Path C:\users\username\Desktop\DiskSpaceCleanup.csv).SamAccountName
'Administrator'
'Public'
'Default'
'DOMAIN\Administrator'
'NetworkService'
'LocalService'
'System'
) | ForEach-Object {
try {
[Security.Principal.NTAccount]::new($_).
Translate([Security.Principal.SecurityIdentifier])
}
catch { }
}

$OnHardDrive = Get-CimInstance -ClassName Win32_UserProfile | Where-Object {
$excludedSIDs.Add($_.SID)
}
$OnHardDrive.LocalPath


以下应适用于任何Windows区域设置,但包括并使用[WellKnownSidsType Enum](https://learn.microsoft.com/en-us/dotnet/api/system.security.principal.wellknownsidtype?view=netframework-4.6.2)来生成要排除的SID列表。唯一的问题是,这包括比OP可能感兴趣排除的SID更多。

$domainSid = [System.Security.Principal.NTAccount]::new($env:USERNAME).
Translate([System.Security.Principal.SecurityIdentifier]).
AccountDomainSid

[Collections.Generic.HashSet[Security.Principal.SecurityIdentifier]] $excludedSIDs = @(
(Import-CSV -Path C:\users\username\Desktop\DiskSpaceCleanup.csv).SamAccountName |
ForEach-Object {
try {
[Security.Principal.NTAccount]::new($_).
Translate([Security.Principal.SecurityIdentifier])
}
catch { }
}

[Enum]::GetValues([System.Security.Principal.WellKnownSidType]) |
    ForEach-Object {
        try {
            [System.Security.Principal.SecurityIdentifier]::new($_, $domainSid)
        }
        catch { }
    }

)

$OnHardDrive = Get-CimInstance -ClassName Win32_UserProfile | Where-Object {
$excludedSIDs.Add($_.SID)
}
$OnHardDrive.LocalPath


<details>
<summary>英文:</summary>

&lt;!-- language-all: sh --&gt;

This might be a more robust way of doing it by translating the [NTAccounts](https://learn.microsoft.com/en-us/dotnet/api/system.security.principal.ntaccount?view=netframework-4.8) to their corresponding [SID](https://learn.microsoft.com/en-us/dotnet/api/system.security.principal.securityidentifier?view=net-7.0) and then comparing against the SID property of the objects returned from `Get-CimInstance -ClassName Win32_UserProfile`. I only changed `SystemProfile` to `System` from your current list to actually target `NT AUTHORITY\System`.

__Worth noting, this solution only works on English locale. Thanks to [iRon](https://stackoverflow.com/users/1701026/iron) for pointing that out.__

[Collections.Generic.HashSet[Security.Principal.SecurityIdentifier]] $excludedSIDs = @(
(Import-CSV -Path C:\users\username\Desktop\DiskSpaceCleanup.csv).SamAccountName
'Administrator'
'Public'
'Default'
'DOMAIN\Administrator'
'NetworkService'
'LocalService'
'System'
) | ForEach-Object {
try {
[Security.Principal.NTAccount]::new($_).
Translate([Security.Principal.SecurityIdentifier])
}
catch { }
}

$OnHardDrive = Get-CimInstance -ClassName Win32_UserProfile | Where-Object {
$excludedSIDs.Add($_.SID)
}
$OnHardDrive.LocalPath


The following should work on any Windows Locale but includes and uses the [WellKnownSidsType Enum](https://learn.microsoft.com/en-us/dotnet/api/system.security.principal.wellknownsidtype?view=netframework-4.6.2) to generate the list of SIDs to exclude. The only problem is, this includes more SIDs than what OP might be interested in excluding.

$domainSid = [System.Security.Principal.NTAccount]::new($env:USERNAME).
Translate([System.Security.Principal.SecurityIdentifier]).
AccountDomainSid

[Collections.Generic.HashSet[Security.Principal.SecurityIdentifier]] $excludedSIDs = @(
(Import-CSV -Path C:\users\username\Desktop\DiskSpaceCleanup.csv).SamAccountName |
ForEach-Object {
try {
[Security.Principal.NTAccount]::new($_).
Translate([Security.Principal.SecurityIdentifier])
}
catch { }
}

[Enum]::GetValues([System.Security.Principal.WellKnownSidType]) |
    ForEach-Object {
        try {
            [System.Security.Principal.SecurityIdentifier]::new($_, $domainSid)
        }
        catch { }
    }

)

$OnHardDrive = Get-CimInstance -ClassName Win32_UserProfile | Where-Object {
$excludedSIDs.Add($_.SID)
}
$OnHardDrive.LocalPath


</details>



huangapple
  • 本文由 发表于 2023年2月18日 00:50:37
  • 转载请务必保留本文链接:https://go.coder-hub.com/75487094.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定