Hi,
I'm trying to remove a user account and it's profile.
Removing the account is pretty easy if I use LaunchAppAndWait() and the "net user /delete" command.
However, the user's profile is another story. The only way I know of to delete a profile is by going through "Control Panel> System> User Profiles".
Does anyone know of another way?
Cheers,
/Danny
This is a ready-only archive of the InstallSite Forum. You cannot post any new content here. / Dies ist ein Archiv des InstallSite Forums. Hier können keine neuen Beiträge veröffentlicht werden.
Removing a User Profile
Started by
Esquimaux
, Feb 03 2003 16:25
11 replies to this topic
Esquimaux
-
- Members
- 17 posts
Posted 03 February 2003 - 16:25
The Eskimo
"Evil shall come upon thee, which thou shalt not know how to deprecate"
- Robert Lowth, eighteenth-century Bishop of Winchester
"Evil shall come upon thee, which thou shalt not know how to deprecate"
- Robert Lowth, eighteenth-century Bishop of Winchester
hambone
-
- Members
- 206 posts
Posted 03 February 2003 - 16:55
what about deleting the %windir%\profiles\{userprofile} directory and all related subs ?
Esquimaux
-
- Members
- 17 posts
Posted 03 February 2003 - 17:02
Hi,
> what about deleting the
> %windir%\profiles\{userprofile} directory
> and all related subs ?
I already tried that and it's not enough.
In my case, that folder does not even exist.
I also tried deleting the profile information in "C:\Documents ans Settings", but I end up with a "Unknown User" profile in "Control Panel> System> User Profiles".
Thanks for the reply though.
> what about deleting the
> %windir%\profiles\{userprofile} directory
> and all related subs ?
I already tried that and it's not enough.
In my case, that folder does not even exist.
I also tried deleting the profile information in "C:\Documents ans Settings", but I end up with a "Unknown User" profile in "Control Panel> System> User Profiles".
Thanks for the reply though.
The Eskimo
"Evil shall come upon thee, which thou shalt not know how to deprecate"
- Robert Lowth, eighteenth-century Bishop of Winchester
"Evil shall come upon thee, which thou shalt not know how to deprecate"
- Robert Lowth, eighteenth-century Bishop of Winchester
hambone
-
- Members
- 206 posts
Posted 03 February 2003 - 20:15
sorry, the profiles dir. will only exist on nt and 2k/xp if upgraded from nt. otherwise it will be in the documents and settings...
when you say that it 'wasn't enough' exactly what wasn't being removed ?
when you say that it 'wasn't enough' exactly what wasn't being removed ?
Esquimaux
-
- Members
- 17 posts
Posted 03 February 2003 - 21:21
Hi Again,
> when you say that it 'wasn't enough' exactly
> what wasn't being removed ?
That is what I am trying to find out... I imagine that some registry keys or values need to be removed also. But I can't figure out which ones.
When the user account gets deleted, the user profile name in the "User Profiles" window changes to "Unknown User". Deleting the folders in "Documents and Settings" does not remove the "Unknown User" profile from that list.
If you can find out what is not being removed, then my problem is solved.
Cheers,
/Danny
> when you say that it 'wasn't enough' exactly
> what wasn't being removed ?
That is what I am trying to find out... I imagine that some registry keys or values need to be removed also. But I can't figure out which ones.
When the user account gets deleted, the user profile name in the "User Profiles" window changes to "Unknown User". Deleting the folders in "Documents and Settings" does not remove the "Unknown User" profile from that list.
If you can find out what is not being removed, then my problem is solved.
Cheers,
/Danny
The Eskimo
"Evil shall come upon thee, which thou shalt not know how to deprecate"
- Robert Lowth, eighteenth-century Bishop of Winchester
"Evil shall come upon thee, which thou shalt not know how to deprecate"
- Robert Lowth, eighteenth-century Bishop of Winchester
hambone
-
- Members
- 206 posts
Posted 04 February 2003 - 16:09
okay, let's ignore any roaming profile issues and deal solely with locally created profiles...
when a new profile is created it is added to the file system in the areas indicated. in the registry a new user hive is created and stored on the hard drive when the user is not logged in.
this set of registry keys are in a file called NTUser.DAT and is stored in the dir locations indicated. when the user logs in this file is loaded to the HKEY_USERS hive and is co-populated into the HKEY_CURRENT_USER hive.
using the gui on xp ( if luna not changed ) you have access to this from the 'right-click' then 'properties' selection from 'My Computer'. then 'advanced', followed by 'Settings' in the 'User Profiles' area...
using the gui on nt/2k you have access to this from the 'right-click' then 'properties' selection from 'My Computer'. then 'User Profiles' area...
if you delete here you should be deleting from hard drive ( directories indicated ) and HKEY_USERS ( as per S.I.D. definition for user )...
i have tried on all three os builds just deleting the drive / file based information and it seems to work...
what os are you using ? and from what account are you removing the user info ?
when a new profile is created it is added to the file system in the areas indicated. in the registry a new user hive is created and stored on the hard drive when the user is not logged in.
this set of registry keys are in a file called NTUser.DAT and is stored in the dir locations indicated. when the user logs in this file is loaded to the HKEY_USERS hive and is co-populated into the HKEY_CURRENT_USER hive.
using the gui on xp ( if luna not changed ) you have access to this from the 'right-click' then 'properties' selection from 'My Computer'. then 'advanced', followed by 'Settings' in the 'User Profiles' area...
using the gui on nt/2k you have access to this from the 'right-click' then 'properties' selection from 'My Computer'. then 'User Profiles' area...
if you delete here you should be deleting from hard drive ( directories indicated ) and HKEY_USERS ( as per S.I.D. definition for user )...
i have tried on all three os builds just deleting the drive / file based information and it seems to work...
what os are you using ? and from what account are you removing the user info ?
Esquimaux
-
- Members
- 17 posts
Posted 04 February 2003 - 17:28
Hi,
> this set of registry keys are in a file called
> NTUser.DAT and is stored in the dir locations
> indicated.
I'll take a look at that file and I'll roam the HKEY_USERS registry subkeys to see if I can find anything. Thanks.
> using the gui on nt/2k you have access to
> this from the 'right-click' then 'properties'
> selection from 'My Computer'.
> then 'User Profiles' area...
>
> if you delete here you should be deleting
> from hard drive ( directories indicated ) and
> HKEY_USERS ( as per S.I.D. definition for
> user )...
Yes, that's the part I know about. And it works. I want to do the same thing using the InstallShield script.
> what os are you using ?
Windows 2000
> from what account are you removing the
> user info ?
It's a user created by a binary provided by the product development group (I do not have access to the code) which I run from the install script. The same binary is supposed to be used to remove the user, but it doesn't work. So they asked me if I could put in a temporary script that removes the user for them until they fix the bug.
As you can see, it's not an easy situation.
I think I'll have to look at the .DAT file and if that doesn't give me any clues, I'll tell the development group that it will take me as long to figure out how to remove the user as it will take them to fix their bug.
The more I look into the problem, the more I think I am running accross the same bug as they are.
Thanks for your help.
/Danny
> this set of registry keys are in a file called
> NTUser.DAT and is stored in the dir locations
> indicated.
I'll take a look at that file and I'll roam the HKEY_USERS registry subkeys to see if I can find anything. Thanks.
> using the gui on nt/2k you have access to
> this from the 'right-click' then 'properties'
> selection from 'My Computer'.
> then 'User Profiles' area...
>
> if you delete here you should be deleting
> from hard drive ( directories indicated ) and
> HKEY_USERS ( as per S.I.D. definition for
> user )...
Yes, that's the part I know about. And it works. I want to do the same thing using the InstallShield script.
> what os are you using ?
Windows 2000
> from what account are you removing the
> user info ?
It's a user created by a binary provided by the product development group (I do not have access to the code) which I run from the install script. The same binary is supposed to be used to remove the user, but it doesn't work. So they asked me if I could put in a temporary script that removes the user for them until they fix the bug.
As you can see, it's not an easy situation.
I think I'll have to look at the .DAT file and if that doesn't give me any clues, I'll tell the development group that it will take me as long to figure out how to remove the user as it will take them to fix their bug.
The more I look into the problem, the more I think I am running accross the same bug as they are.
Thanks for your help.
/Danny
The Eskimo
"Evil shall come upon thee, which thou shalt not know how to deprecate"
- Robert Lowth, eighteenth-century Bishop of Winchester
"Evil shall come upon thee, which thou shalt not know how to deprecate"
- Robert Lowth, eighteenth-century Bishop of Winchester
hambone
-
- Members
- 206 posts
Posted 04 February 2003 - 17:42
do you have access to the user account ( ie do you have the password to log into it )?
how about setting up your own user account for testing ? this way when you log in as the user you can check the current user S.I.D. and then when logged back in as domain admin you can find that S.I.D....
i have tested here and as domain admin when i remove the user i create from the file system ( in the C:\Documents and Settings ) it is removed from the gui interface as well...
as long as folder redirection and roaming profiles are not used this 'should' work...
when you say the user is created by a 'binary', can they tell you what api calls they are using and if they have assigned any ACLs/DACLs to the account ?
you say the binary is supposed to remove the user but it is not ? as well the manual method is supposed to remove the user but it is not as well ?
anything 'special' about this account ?
how about setting up your own user account for testing ? this way when you log in as the user you can check the current user S.I.D. and then when logged back in as domain admin you can find that S.I.D....
i have tested here and as domain admin when i remove the user i create from the file system ( in the C:\Documents and Settings ) it is removed from the gui interface as well...
as long as folder redirection and roaming profiles are not used this 'should' work...
when you say the user is created by a 'binary', can they tell you what api calls they are using and if they have assigned any ACLs/DACLs to the account ?
you say the binary is supposed to remove the user but it is not ? as well the manual method is supposed to remove the user but it is not as well ?
anything 'special' about this account ?
Esquimaux
-
- Members
- 17 posts
Posted 04 February 2003 - 22:58
Hi,
Just got some new info on how to remove a user profile. There's a C++ function called DeleteProfile(). I'll try using that and I'll let you know if it works.
About your last message...
> do you have access to the user account
> ( ie do you have the password to log into it )?
I supposed I could obtain it by asking the developers.
> how about setting up your own user account for testing ?
> this way when you log in as the user you can check the
> current user S.I.D. and then when logged back in as domain
> admin you can find that S.I.D....
That's also a possibility. I might try it when I have some time to test it.
> i have tested here and as domain admin when i remove the
> user i create from the file system ( in the C:\Documents
> and Settings ) it is removed from the gui interface as well...
I've tested as well with other accounts and I get the same results as you do. So it's something with this particular account.
> when you say the user is created by a 'binary', can they
> tell you what api calls they are using and if they have
> assigned any ACLs/DACLs to the account ?
I can always ask them.
> anything 'special' about this account ?
I'm beginning to think there is. I know it's used by a service, but the problem persists even after removing the service in question.
Cheers,
/Danny
Just got some new info on how to remove a user profile. There's a C++ function called DeleteProfile(). I'll try using that and I'll let you know if it works.
About your last message...
> do you have access to the user account
> ( ie do you have the password to log into it )?
I supposed I could obtain it by asking the developers.
> how about setting up your own user account for testing ?
> this way when you log in as the user you can check the
> current user S.I.D. and then when logged back in as domain
> admin you can find that S.I.D....
That's also a possibility. I might try it when I have some time to test it.
> i have tested here and as domain admin when i remove the
> user i create from the file system ( in the C:\Documents
> and Settings ) it is removed from the gui interface as well...
I've tested as well with other accounts and I get the same results as you do. So it's something with this particular account.
> when you say the user is created by a 'binary', can they
> tell you what api calls they are using and if they have
> assigned any ACLs/DACLs to the account ?
I can always ask them.
> anything 'special' about this account ?
I'm beginning to think there is. I know it's used by a service, but the problem persists even after removing the service in question.
Cheers,
/Danny
The Eskimo
"Evil shall come upon thee, which thou shalt not know how to deprecate"
- Robert Lowth, eighteenth-century Bishop of Winchester
"Evil shall come upon thee, which thou shalt not know how to deprecate"
- Robert Lowth, eighteenth-century Bishop of Winchester
hambone
-
- Members
- 206 posts
Posted 05 February 2003 - 13:26
just curious if the binary file they provided will work external of the msi ?
ie if you are in an account with domain admin privs. can you run the binary from the cmd line and get it to work ?
ie if you are in an account with domain admin privs. can you run the binary from the cmd line and get it to work ?
Esquimaux
-
- Members
- 17 posts
Posted 05 February 2003 - 16:58
Hi,
The development group finally sent me the source code. Don't ask me why, but the created the user profile along with the user account, but never deleted it after removing the user account.
I let them know about what was missing in their logic, so my script doesn't have to handle it anymore.
It would'he been pretty complicated anyways. To delete a profile using the DeleteProfile() C++ function (called through userenv.dll), you have to know the SID. To figure out what the SID is, I had to use the LookupAccountName() function (called through Advapi32.dll).
That would be adding to much garbage to my script when this should be done by the binary in the first place. So the problem is now in the developers hands. I think I've helped them enough.
To answer your previous question...
> if you are in an account with domain admin privs.
> can you run the binary from the cmd line and get
> it to work ?
Yes. I had tried going through the removal process step by step using a command prompt and I was getting the same results.
Thanks again for all the help. Also, sorry for wasting your time on a problem that wasn't really InstallShield related.
Cheers,
/Danny
The development group finally sent me the source code. Don't ask me why, but the created the user profile along with the user account, but never deleted it after removing the user account.
I let them know about what was missing in their logic, so my script doesn't have to handle it anymore.
It would'he been pretty complicated anyways. To delete a profile using the DeleteProfile() C++ function (called through userenv.dll), you have to know the SID. To figure out what the SID is, I had to use the LookupAccountName() function (called through Advapi32.dll).
That would be adding to much garbage to my script when this should be done by the binary in the first place. So the problem is now in the developers hands. I think I've helped them enough.
To answer your previous question...
> if you are in an account with domain admin privs.
> can you run the binary from the cmd line and get
> it to work ?
Yes. I had tried going through the removal process step by step using a command prompt and I was getting the same results.
Thanks again for all the help. Also, sorry for wasting your time on a problem that wasn't really InstallShield related.
Cheers,
/Danny
The Eskimo
"Evil shall come upon thee, which thou shalt not know how to deprecate"
- Robert Lowth, eighteenth-century Bishop of Winchester
"Evil shall come upon thee, which thou shalt not know how to deprecate"
- Robert Lowth, eighteenth-century Bishop of Winchester
hambone
-
- Members
- 206 posts
Posted 05 February 2003 - 18:18
glad to hear things are working out.
don't worry about wasting anyone's time. i think this site is just a good place to get assistance on installation related problems, not just installshield...
if you do have a binary that runs fine external to the msi but doesn't work within the msi it might have permission problems. msi allows installs to occur with system privs. ( set by policy ) but custom actions must be 'typed' to allow to run with system privs...
cheers...
don't worry about wasting anyone's time. i think this site is just a good place to get assistance on installation related problems, not just installshield...
if you do have a binary that runs fine external to the msi but doesn't work within the msi it might have permission problems. msi allows installs to occur with system privs. ( set by policy ) but custom actions must be 'typed' to allow to run with system privs...
cheers...