WinProfileOps.psd1

#
# Module manifest for module 'WinProfileOps'
#
# Generated by: LarryWisherMan
#
# Generated on: 9/6/2024
#

@{

    # Script module or binary module file associated with this manifest.
    RootModule           = 'WinProfileOps.psm1'

    # Version number of this module.
    ModuleVersion        = '0.3.0'

    # Supported PSEditions
    # CompatiblePSEditions = @()

    # ID used to uniquely identify this module
    GUID                 = '1abff4b3-dadd-480c-a825-2671dfb7b3bd'

    # Author of this module
    Author               = 'LarryWisherMan'

    # Company or vendor of this module
    CompanyName          = 'LarryWisherMan'

    # Copyright statement for this module
    Copyright            = '(c) 2024 LarryWisherMan. All rights reserved.'

    # Description of the functionality provided by this module
    Description          = 'The WinProfileOps module provides a comprehensive toolkit for managing Windows user profiles across local and remote computers. This module automates profile management tasks such as detecting orphaned profiles, retrieving profile information, and auditing discrepancies between profile data in the file system and the registry. It handles both filesystem and registry operations, leveraging its dependency on WinRegOps for registry-related tasks.

WinProfileOps integrates seamlessly with WinRegOps to query, validate, and manage user profile-related data from the Windows registry. This module is ideal for system administrators seeking to streamline profile management, especially in environments with many users and computers.

Dependencies:
- WinRegOps: WinProfileOps depends on WinRegOps for registry operations, such as querying, opening, and modifying registry keys related to user profiles.

Key features:
- Retrieve user profile information from both the registry and file system (local and remote).
- Detect orphaned profiles (e.g., missing profile folders or registry entries).
- Filter and exclude special accounts like system or service accounts.
- Remote profile management support for retrieving profiles from different systems.
- Robust error handling for permission issues or unreachable systems.
- Class-based profile objects for easy integration with automation tasks or scripts.

Typical use cases include:
- Cleaning up orphaned profiles after system migrations or user deactivations.
- Automating stale profile detection on local and remote systems to maintain system performance.
- Managing user profiles in large-scale, multi-user environments such as terminal servers and Citrix.
- Excluding critical system accounts from profile management tasks, ensuring important profiles remain unaffected.
- Providing profile management as part of system maintenance routines to enhance system health.

Upcoming Features:
- The `Remove-UserProfile` function is coming soon, offering safe removal of user profiles from both the file system and registry, with strong safeguards like `ShouldProcess`, `-WhatIf`, and `-Confirm` to prevent accidental deletions.
'


    # Minimum version of the Windows PowerShell engine required by this module
    PowerShellVersion    = '5.1'

    # Name of the Windows PowerShell host required by this module
    # PowerShellHostName = ''

    # Minimum version of the Windows PowerShell host required by this module
    # PowerShellHostVersion = ''

    # Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
    # DotNetFrameworkVersion = ''

    # Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
    # CLRVersion = ''

    # Processor architecture (None, X86, Amd64) required by this module
    # ProcessorArchitecture = ''

    # Modules that must be imported into the global environment prior to importing this module
    RequiredModules      = @('WisherTools.Helpers')

    # Assemblies that must be loaded prior to importing this module
    # RequiredAssemblies = @()

    # Script files (.ps1) that are run in the caller's environment prior to importing this module.
    # ScriptsToProcess = @()

    # Type files (.ps1xml) to be loaded when importing this module
    TypesToProcess       = @("Types\UserProfileTypes.ps1xml")

    # Format files (.ps1xml) to be loaded when importing this module
    FormatsToProcess     = @("Formats\UserProfileView.ps1xml")

    # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
    NestedModules        = @('.//Modules/WinRegOps/0.4.0/WinRegOps.psd1')

    # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
    FunctionsToExport    = @('Get-OrphanedProfiles','Get-UserProfilesFromFolders','Get-UserProfilesFromRegistry','Invoke-UserProfileAudit','Remove-UserProfilesFromRegistry')

    # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
    CmdletsToExport      = @()

    # Variables to export from this module
    VariablesToExport    = @()

    # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
    AliasesToExport      = 'Get-AllUserProfiles'

    # DSC resources to export from this module
    DscResourcesToExport = @()

    # List of all modules packaged with this module
    # ModuleList = @()

    # List of all files packaged with this module
    # FileList = @()

    # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
    PrivateData          = @{

        PSData = @{

            Prerelease   = 'preview0006'
            # Tags applied to this module. These help with module discovery in online galleries.
            Tags         = @(
                'WindowsProfiles',
                'ProfileManagement',
                'OrphanedProfiles',
                'RegistryOperations',
                'FilesystemOperations',
                'RemoteManagement',
                'UserProfiles',
                'ProfileCleanup',
                'WindowsRegistry',
                'SystemAdministration',
                'Automation',
                'ProfileValidation',
                'WindowsManagement',
                'ITAdministration',
                'UserProfileTools'
            )

            # A URL to the license for this module.
            LicenseUri   = 'https://github.com/LarryWisherMan/WinProfileOps/blob/main/LICENSE'

            # A URL to the main website for this project.
            ProjectUri   = 'https://github.com/LarryWisherMan/WinProfileOps'

            # A URL to an icon representing this module.
            IconUri      = 'https://raw.githubusercontent.com/LarryWisherMan/ModuleIcons/main/WinProfileOps.png'

            # ReleaseNotes of this module
            ReleaseNotes = '## [0.3.0-preview0006] - 2024-10-01

### Fixed

- Removed bug from `Process-RegistryProfiles` regarding populating the `FolderName`
variable.
- Refactored model to create a UserProfile object to better handel different removal
scenarios.
- Fixed bug in `Join-UserProfiles` regarding User Folders with no resolvable SIDS

### Added

#### Functions

- New helper function `Validate-SIDFormat` to verify SID value upon retrieval in
`Get-ProfilePathFromSID`.

- **Admin Detection and Environment Variable**: Added logic to detect whether
the current user is an administrator and set an environment variable
`WinProfileOps_IsAdmin` accordingly.
  
  - If the user is an administrator, `$env:WinProfileOps_IsAdmin` is set to
  `$true`. If not, it''s set to `$false`.
  
  - The environment variable is automatically removed when the module is unloaded
  or when PowerShell exits.
  
  - Registered an `OnRemove` script block and a `PowerShell.Exiting` event to
  ensure cleanup of the environment variable on module removal or session exit.

- **Remove-UserProfilesFromRegistry**: Added a new function to remove user profiles
from the Windows registry based on SIDs, Usernames, or UserProfile objects.
  
  - Supports three parameter sets: `UserProfileSet`, `SIDSet`, and `UserNameSet`.
  
  - Can be run in `AuditOnly` mode, where no actual deletion is performed, or
  in deletion mode where profiles are removed.
  
  - Includes a `Force` switch to bypass confirmation prompts and a
  `ComputerName` parameter for targeting remote computers.
  
  - Graceful error handling and logging for cases where the registry key cannot
  be opened or profiles cannot be processed for specific computers.

#### Environment Variables

- **`$env:WinProfileOps_IsAdmin`**: A boolean value that determines if the current
 user has administrative privileges. This is set by checking the user''s security
 role against the built-in Administrator group using Windows security principals.

- **`$env:WinProfileOps_RegistryPath`**: Specifies the registry path used to
 manage user profiles. Default value: `"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"`.

- **`$env:WinProfileOps_RegistryHive`**: Defines the registry hive to use, which
 is set to `LocalMachine` by default.

- **`$env:WinProfileOps_RegBackUpDirectory`**: Specifies the directory where
 registry backups are stored. Default value: `"C:\LHStuff\RegBackUp"`.

- **`$env:WinProfileOps_ProfileFolderPath`**: The profile folder path, defaulting
 to the system drive''s `Users` folder. Example: `"C:\Users"`.

### Changed

- **Get-UserProfilesFromRegistry**: Updated the function to handle scenarios
 where the current user does not have administrative privileges.
  
  - The function now checks if the user is an administrator by evaluating the
   `WinProfileOps_IsAdmin` environment variable.
  
  - If the user has administrator privileges, the function retrieves user
   profiles from the registry using `Get-SIDProfileInfo`.
  
  - If the user lacks administrative privileges, the function falls back to the
   `Get-SIDProfileInfoFallback` method, which retrieves user profiles using
    CIM/WMI without requiring registry access.
  
  - A warning is logged when the fallback method is used, indicating that special
   system accounts are excluded.

- Refactored `Process-RegistryProfiles` to better account for access denied errors
 when testing profile paths with `Test-FolderExists`.

- Updated `UserProfile` object creation in `Test-OrphanedProfile` for
 `$AccessError` scenarios.

- The module is now using `WinRegOps` version `0.4.0` for more refined registry
 value retrieval.

- Refactored `Get-SIDFromUsername` to use `.NET` classes
 (`System.Security.Principal.NTAccount` and `System.Security.Principal.SecurityIdentifier`)
  instead of relying on `Get-CimInstance` for SID resolution.

'


        } # End of PSData hashtable

    } # End of PrivateData hashtable

    # HelpInfo URI of this module
    # HelpInfoURI = ''

    # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
    # DefaultCommandPrefix = ''

}