I'm using active directory to manage logins to a large number of servers. We have various admins that will be connecting via RDP to these servers. Is there a way I can force windows to remove their local profiles after they log out?
I found the 'Delete user profiles older then a specified number of days on system restart' and 'Delete cached copies of roaming profiles', however the former doesn't help a whole lot (these servers generally only get restarted for windows updates), and the latter doesn't seem to apply to local profiles.
I might be able to accomplish this with a script that runs on logout, however I'd rather not do that unless absolutely necessary.
What you can do is making a simple schedule task, using a tool like delprof2, that runs at the interval you want. You would would likely have to add a check to make sure you dont try to delete the profile of a user that is logged in.
This being said you should take into account the much longer login time after a profile is deleted ( In terms of how often its done).
This is not 100% an answer to your question but rather then having them having local profiles you could configure them to use roaming profiles. This will keep the local profiles from being generated on the servers they log into. Not sure if you have considered this or not but it seems like a solution to your problem.
More on roaming profiles set up here: http://technet.microsoft.com/en-us/library/cc738596%28v=ws.10%29.aspx
You can specify the following settings:
Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Profiles
"Use mandatory profiles on the RD Session Host server"
"Set path for Remote Desktop Services Roaming User Profile"
and combine that with System > Profiles
"Delete cached copies of roaming profiles".
The problem with local profile deletion in windows is if a user logs on, you cannot delete the profile without rebooting or forcing their GUID to unmount in the registry. Also, on a windows vista,including server versions, and up machine you would have to remove the profile from the HKLM\Software\Microsoft\windows Nt\CurrentVersion\profilelist area.