I have cobbled together the following code to search for and delete local user accounts that start with "ALS_SVC".
'Constants and Variables
Const HKLM = &H80000002
Const StartKey = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
Const SearchValue = "ProfileImagePath"
Const MatchData = "C:\Users\ALS_SVC"
strComputerName = "."
Set objRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputerName & "\root\default:StdRegProv")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objComputer = GetObject("WinNT://" & strComputerName & "")
Set objShell = CreateObject("Wscript.Shell")
Set objWMIService = GetObject("winmgmts:\\" & strComputerName & "\root\cimv2")
Set objShell = CreateObject("Wscript.Shell")
Set objParentFolder = objFSO.GetFolder("C:\Users")
Set colFolders = objParentFolder.SubFolders
strUserFolderPath = "C:\Users"
'Code Begins...
'First we bind an object to the local computer account and create an array of the user accounts
objComputer.Filter = Array("User")
'for each user account in the array, check the first 7 characters for "ALS_SVC" and delete the account if it matches
For Each objUser in objComputer
'Then we use a subroutine to search the Registry from StartKey and delete any keys where the SearchValue equals MatchData
FindAndDeleteKey HKLM, StartKey, SearchValue, MatchData
' Then we search "C:\Users" for any folder starting with ALS_SVC and delete it
For Each objFolder in colFolders
'Functions and Subs...
Sub FindAndDeleteKey(root, key, value, data)
When I run this script in Windows 7 it finds and deletes the accounts, the registry entries, and the folders.
When I run it in Windows 10 I receive the error "access denied" when the script runs "Call objComputer.delete ("User", objUser.Name)".
I am running the script with an account that is a member of the local administrators group. After several hours of searching online I have yet to figure out why access is being denied.
Any suggestions are greatly appreciated.
'Constants and Variables
Const HKLM = &H80000002
Const StartKey = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
Const SearchValue = "ProfileImagePath"
Const MatchData = "C:\Users\ALS_SVC"
strComputerName = "."
Set objRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputerName & "\root\default:StdRegProv")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objComputer = GetObject("WinNT://" & strComputerName & "")
Set objShell = CreateObject("Wscript.Shell")
Set objWMIService = GetObject("winmgmts:\\" & strComputerName & "\root\cimv2")
Set objShell = CreateObject("Wscript.Shell")
Set objParentFolder = objFSO.GetFolder("C:\Users")
Set colFolders = objParentFolder.SubFolders
strUserFolderPath = "C:\Users"
'Code Begins...
'First we bind an object to the local computer account and create an array of the user accounts
objComputer.Filter = Array("User")
'for each user account in the array, check the first 7 characters for "ALS_SVC" and delete the account if it matches
For Each objUser in objComputer
strUserName = objUser.Name
strUserName = Left(strUserName,7)
if strUserName = "ALS_SVC" then
Call objComputer.delete("User",objUser.Name)
end if
Next'Then we use a subroutine to search the Registry from StartKey and delete any keys where the SearchValue equals MatchData
FindAndDeleteKey HKLM, StartKey, SearchValue, MatchData
' Then we search "C:\Users" for any folder starting with ALS_SVC and delete it
For Each objFolder in colFolders
strFullName = objFolder.Name
strFullName = Left(strFullName,7)
if strFullName = "ALS_SVC" then
objShell.Run "cmd.exe /r rd /s /q """ & strUserFolderPath & "\" & objFolder.Name & """",0,True
End if
Next'Functions and Subs...
Sub FindAndDeleteKey(root, key, value, data)
objRegistry.EnumValues HKLM, key, names, types
If Not IsNull(names) Then
For Each name In names
If name = value Then
objRegistry.GetStringValue HKLM, key, name, regdata
strFullPath = regdata
regdata = Left(regdata,16)
If regdata = data Then
'Delete the parent key...
objRegistry.DeleteKey root, key
Exit Sub
End If
End If
Next
End If
'value not found in current key, continue searching in subkeys
objRegistry.EnumKey root, key, subkeys
If Not IsNull(subkeys) Then
For Each sk In subkeys
FindAndDeleteKey root, key & "\" & sk, value, data
Next
End If
End SubWhen I run this script in Windows 7 it finds and deletes the accounts, the registry entries, and the folders.
When I run it in Windows 10 I receive the error "access denied" when the script runs "Call objComputer.delete ("User", objUser.Name)".
I am running the script with an account that is a member of the local administrators group. After several hours of searching online I have yet to figure out why access is being denied.
Any suggestions are greatly appreciated.