WinProfileOps.psd1
# # Module manifest for module 'WinProfileOps' # # Generated by: LarryWisherMan # # Generated on: 9/6/2024 # @{ # Script module or binary module file associated with this manifest. RootModule = 'WinProfileOps.psm1' # Version number of this module. ModuleVersion = '0.3.0' # Supported PSEditions # CompatiblePSEditions = @() # ID used to uniquely identify this module GUID = '1abff4b3-dadd-480c-a825-2671dfb7b3bd' # Author of this module Author = 'LarryWisherMan' # Company or vendor of this module CompanyName = 'LarryWisherMan' # Copyright statement for this module Copyright = '(c) 2024 LarryWisherMan. All rights reserved.' # Description of the functionality provided by this module Description = 'The WinProfileOps module provides a comprehensive toolkit for managing Windows user profiles across local and remote computers. This module automates profile management tasks such as detecting orphaned profiles, retrieving profile information, and auditing discrepancies between profile data in the file system and the registry. It handles both filesystem and registry operations, leveraging its dependency on WinRegOps for registry-related tasks. WinProfileOps integrates seamlessly with WinRegOps to query, validate, and manage user profile-related data from the Windows registry. This module is ideal for system administrators seeking to streamline profile management, especially in environments with many users and computers. Dependencies: - WinRegOps: WinProfileOps depends on WinRegOps for registry operations, such as querying, opening, and modifying registry keys related to user profiles. Key features: - Retrieve user profile information from both the registry and file system (local and remote). - Detect orphaned profiles (e.g., missing profile folders or registry entries). - Filter and exclude special accounts like system or service accounts. - Remote profile management support for retrieving profiles from different systems. - Robust error handling for permission issues or unreachable systems. - Class-based profile objects for easy integration with automation tasks or scripts. Typical use cases include: - Cleaning up orphaned profiles after system migrations or user deactivations. - Automating stale profile detection on local and remote systems to maintain system performance. - Managing user profiles in large-scale, multi-user environments such as terminal servers and Citrix. - Excluding critical system accounts from profile management tasks, ensuring important profiles remain unaffected. - Providing profile management as part of system maintenance routines to enhance system health. Upcoming Features: - The `Remove-UserProfile` function is coming soon, offering safe removal of user profiles from both the file system and registry, with strong safeguards like `ShouldProcess`, `-WhatIf`, and `-Confirm` to prevent accidental deletions. ' # Minimum version of the Windows PowerShell engine required by this module PowerShellVersion = '5.1' # Name of the Windows PowerShell host required by this module # PowerShellHostName = '' # Minimum version of the Windows PowerShell host required by this module # PowerShellHostVersion = '' # Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only. # DotNetFrameworkVersion = '' # Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only. # CLRVersion = '' # Processor architecture (None, X86, Amd64) required by this module # ProcessorArchitecture = '' # Modules that must be imported into the global environment prior to importing this module RequiredModules = @('WisherTools.Helpers') # Assemblies that must be loaded prior to importing this module # RequiredAssemblies = @() # Script files (.ps1) that are run in the caller's environment prior to importing this module. # ScriptsToProcess = @() # Type files (.ps1xml) to be loaded when importing this module TypesToProcess = @("Types\UserProfileTypes.ps1xml") # Format files (.ps1xml) to be loaded when importing this module FormatsToProcess = @("Formats\UserProfileView.ps1xml") # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess NestedModules = @('.//Modules/WinRegOps/0.4.0/WinRegOps.psd1') # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. FunctionsToExport = @('Get-OrphanedProfiles','Get-UserProfilesFromFolders','Get-UserProfilesFromRegistry','Invoke-UserProfileAudit','Remove-UserProfilesFromRegistry') # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. CmdletsToExport = @() # Variables to export from this module VariablesToExport = @() # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export. AliasesToExport = 'Get-AllUserProfiles' # DSC resources to export from this module DscResourcesToExport = @() # List of all modules packaged with this module # ModuleList = @() # List of all files packaged with this module # FileList = @() # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell. PrivateData = @{ PSData = @{ Prerelease = 'preview0007' # Tags applied to this module. These help with module discovery in online galleries. Tags = @( 'WindowsProfiles', 'ProfileManagement', 'OrphanedProfiles', 'RegistryOperations', 'FilesystemOperations', 'RemoteManagement', 'UserProfiles', 'ProfileCleanup', 'WindowsRegistry', 'SystemAdministration', 'Automation', 'ProfileValidation', 'WindowsManagement', 'ITAdministration', 'UserProfileTools' ) # A URL to the license for this module. LicenseUri = 'https://github.com/LarryWisherMan/WinProfileOps/blob/main/LICENSE' # A URL to the main website for this project. ProjectUri = 'https://github.com/LarryWisherMan/WinProfileOps' # A URL to an icon representing this module. IconUri = 'https://raw.githubusercontent.com/LarryWisherMan/ModuleIcons/main/WinProfileOps.png' # ReleaseNotes of this module ReleaseNotes = '## [0.3.0-preview0007] - 2024-10-01 ### Fixed - Removed bug from `Process-RegistryProfiles` regarding populating the `FolderName` variable. - Refactored model to create a UserProfile object to better handel different removal scenarios. - Fixed bug in `Join-UserProfiles` regarding User Folders with no resolvable SIDS ### Added #### Functions - New helper function `Validate-SIDFormat` to verify SID value upon retrieval in `Get-ProfilePathFromSID`. - **Admin Detection and Environment Variable**: Added logic to detect whether the current user is an administrator and set an environment variable `WinProfileOps_IsAdmin` accordingly. - If the user is an administrator, `$env:WinProfileOps_IsAdmin` is set to `$true`. If not, it''s set to `$false`. - The environment variable is automatically removed when the module is unloaded or when PowerShell exits. - Registered an `OnRemove` script block and a `PowerShell.Exiting` event to ensure cleanup of the environment variable on module removal or session exit. - **Remove-UserProfilesFromRegistry**: Added a new function to remove user profiles from the Windows registry based on SIDs, Usernames, or UserProfile objects. - Supports three parameter sets: `UserProfileSet`, `SIDSet`, and `UserNameSet`. - Can be run in `AuditOnly` mode, where no actual deletion is performed, or in deletion mode where profiles are removed. - Includes a `Force` switch to bypass confirmation prompts and a `ComputerName` parameter for targeting remote computers. - Graceful error handling and logging for cases where the registry key cannot be opened or profiles cannot be processed for specific computers. #### Environment Variables - **`$env:WinProfileOps_IsAdmin`**: A boolean value that determines if the current user has administrative privileges. This is set by checking the user''s security role against the built-in Administrator group using Windows security principals. - **`$env:WinProfileOps_RegistryPath`**: Specifies the registry path used to manage user profiles. Default value: `"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"`. - **`$env:WinProfileOps_RegistryHive`**: Defines the registry hive to use, which is set to `LocalMachine` by default. - **`$env:WinProfileOps_RegBackUpDirectory`**: Specifies the directory where registry backups are stored. Default value: `"C:\LHStuff\RegBackUp"`. - **`$env:WinProfileOps_ProfileFolderPath`**: The profile folder path, defaulting to the system drive''s `Users` folder. Example: `"C:\Users"`. ### Changed - **Get-UserProfilesFromRegistry**: Updated the function to handle scenarios where the current user does not have administrative privileges. - The function now checks if the user is an administrator by evaluating the `WinProfileOps_IsAdmin` environment variable. - If the user has administrator privileges, the function retrieves user profiles from the registry using `Get-SIDProfileInfo`. - A warning is logged when the fallback method is used, indicating that special system accounts are excluded. - Updated `UserProfile` object creation in `Test-OrphanedProfile` for `$AccessError` scenarios. - The module is now using `WinRegOps` version `0.4.0` for more refined registry value retrieval. - Refactored `Get-SIDFromUsername` to use `.NET` classes (`System.Security.Principal.NTAccount` and `System.Security.Principal.SecurityIdentifier`) instead of relying on `Get-CimInstance` for SID resolution. - `Get-UserAccountFromSID` and `Get-SIDFromUsername` now invoke locally / Remotely to resolve without null values ' } # End of PSData hashtable } # End of PrivateData hashtable # HelpInfo URI of this module # HelpInfoURI = '' # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix. # DefaultCommandPrefix = '' } |