photo

Greg@GL

shared this idea
1 year ago

Employees Involved

photo

Helge Klein

Admin

Statistics

5
Comments
166
Views

Relates to

Share

Tags

1
votes

Delete RSOP User SID namespace and logging data in WMI

An idea for DELPROF2 is delete the RSOP User SID Namespace and logging data that is created in WMI with each user logon, when RSOP Logging is enabled. MS' DELPROF and the Windows UI (System Properties > Advanced > User Profile Settings > Delete) do delete the namespace and logging data. I have several 2003R2 x64 servers with up to 3GB of WMI Repository because the delprof script we found years ago does not cleanup in WMI. I then discovered that DELPROF2 and another tool, REMPROF.EXE, do not cleanup WMI.

I’m now also in search of a tool/script that deletes all RSOP User SID namespaces and logging data.

Thank you,Greg

Under Consideration
1 I like this idea 0
Add Comment

Comments (5)

photo Employee
1

Do you know where exactly that data is stored?

photo
1

It is stored in the WMI Repository. The physical path being "c:\WINDOWS\system32\wbem\Repository\FS". I was able to piece together a script that deletes all the RSOP>User>SID namespaces (tens of thousand, in my case), but that did not shrink the size of the repository files (INDEX.BTR, OBJECTS.DATA, and mapping files). Maybe you can discover the right classes and methods to delete the logging data.

strSidDomain = "<my domain's SID>"intSidDomainLen = len (strSidDomain)

strComputer = "."strNameSpace = "\root\rsop\user"

Set objWMIService = GetObject("winmgmts:\\" & strComputer & strNameSpace)

Set colNameSpaces = objWMIService.InstancesOf("__NAMESPACE")

For Each objNameSpace In colNameSpaces

if left (objNameSpace.Name, intSidDomainLen) = strSidDomain then

wscript.echo objNameSpace.Name & " TO BE DELETED."

Set objItem = objWMIService.Get("__Namespace.Name='" & objNameSpace.Name & "'")

objItem.Delete_ else

wscript.echo objNameSpace.Name

end ifNext

photo
1

One way to see the RSOP User SID namespaces: Manage Computer > WMI Control Properties > Security Tab > ROOT + RSOP + User. I have servers with 12 to 14 thousand namespaces!

photo
1

Helge, are you still considering this as an enhancement in the near future?

photo Employee
1

Not in the near future.

Leave Comment

photo

Attach files...

The file must be a jpg, gif, png, bmp, ico, pdf, doc, rtf, txt, zip or rar no more than 8M