Windows 10 VBScript returns access denied

[DCLUser]

I have cobbled together the following code to search for and delete local user accounts that start with "ALS_SVC".

'Constants and Variables

Const HKLM = &H80000002
Const StartKey = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
Const SearchValue = "ProfileImagePath"
Const MatchData = "C:\Users\ALS_SVC"
strComputerName = "."
Set objRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputerName & "\root\default:StdRegProv")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objComputer = GetObject("WinNT://" & strComputerName & "")
Set objShell = CreateObject("Wscript.Shell")
Set objWMIService = GetObject("winmgmts:\\" & strComputerName & "\root\cimv2")
Set objShell = CreateObject("Wscript.Shell")
Set objParentFolder = objFSO.GetFolder("C:\Users")
Set colFolders = objParentFolder.SubFolders
strUserFolderPath = "C:\Users"

'Code Begins...

'First we bind an object to the local computer account and create an array of the user accounts
objComputer.Filter = Array("User")
'for each user account in the array, check the first 7 characters for "ALS_SVC" and delete the account if it matches
For Each objUser in objComputer

strUserName = objUser.Name​

strUserName = Left(strUserName,7)​

if strUserName = "ALS_SVC" then​

Call objComputer.delete("User",objUser.Name)​

end if​

Next

'Then we use a subroutine to search the Registry from StartKey and delete any keys where the SearchValue equals MatchData
FindAndDeleteKey HKLM, StartKey, SearchValue, MatchData

' Then we search "C:\Users" for any folder starting with ALS_SVC and delete it
For Each objFolder in colFolders

strFullName = objFolder.Name​

strFullName = Left(strFullName,7)​

if strFullName = "ALS_SVC" then​

objShell.Run "cmd.exe /r rd /s /q """ & strUserFolderPath & "\" & objFolder.Name & """",0,True​

End if​

Next

'Functions and Subs...

Sub FindAndDeleteKey(root, key, value, data)

objRegistry.EnumValues HKLM, key, names, types​

If Not IsNull(names) Then​

For Each name In names​

If name = value Then​

objRegistry.GetStringValue HKLM, key, name, regdata​

strFullPath = regdata​

regdata = Left(regdata,16)​

If regdata = data Then​

'Delete the parent key...​

objRegistry.DeleteKey root, key​

Exit Sub​

End If​

End If​

Next​

End If​

'value not found in current key, continue searching in subkeys​

objRegistry.EnumKey root, key, subkeys​

If Not IsNull(subkeys) Then​

For Each sk In subkeys​

FindAndDeleteKey root, key & "\" & sk, value, data​

Next​

End If​

End Sub

When I run this script in Windows 7 it finds and deletes the accounts, the registry entries, and the folders.
When I run it in Windows 10 I receive the error "access denied" when the script runs "Call objComputer.delete ("User", objUser.Name)".

I am running the script with an account that is a member of the local administrators group. After several hours of searching online I have yet to figure out why access is being denied.

Any suggestions are greatly appreciated.

 

[xwb]

Is it one of those things that only works if you are running as the user called Administrator with elevated privileges?

 

[DCLUser]

xwb: I just signed into my Windows 10 test system as the local administrator, opened an elevated command prompt, and ran the script using cscript and it ran fine. So here's the difficult question: Do you know how to get around this requirement so that I can push out this script through a group policy?

 

[xwb]

I don't know how it is done using group policy. Last time I played with group policy was 12 years ago on W2K.

I rarely work on admin stuff. The only thing I remember nowadays is if all else fails, try the user called Administrator with elevated privileges. This works on most things except processes started by the service user called "Local User". You can't do anything with those even when you are an elevated administrator.

Could you create a shortcut with elevated privileges? I remember being able to do that on XP but I can't remember how it is done. Might be easier than group policy or would group policy block the script?

 

[DCLUser]

xwb: Sorry about the late reply. Unfortunately Windows 10 is a lot more stubborn than Windows XP was, so creating a shortcut wasn't a viable option.

We eventually figured out what was creating all the user profiles - a patch management tool which was responsible for updating user systems, and I was the lucky guy that was tasked with the wonderful job of figuring out how to clean up the mess once we shut it down. About 50% of our user systems still run Windows 7, and the script I listed above smoothly and efficiently deleted the local user accounts (there were typically only a few per system even though there were sometimes hundreds of profile folders and registry entries to deal with), deleted the profile folders, and deleted the unwanted registry keys, and it did it all quietly in the background without the end user ever noticing what was going on. What I eventually did to get the script running in Windows 10 was remove the first section of code that dealt with deleting the local user accounts. Without Windows 10 throwing an access denied error the script ran as expected, deleting all other traces of the unwanted random local accounts. So now I have a number of Windows 10 systems with up to 3 local user accounts that have no access to any files or folders outside of the profile folder that has already been removed.

Thank you for your suggestions, I'd still love to find out if there is a way to remove the accounts programmatically, but for now I suppose we can consider this thread solved.