Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Windows 10 VBScript returns access denied

Windows 10 VBScript returns access denied

Windows 10 VBScript returns access denied

I have cobbled together the following code to search for and delete local user accounts that start with "ALS_SVC".

'Constants and Variables

Const HKLM = &H80000002
Const StartKey = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
Const SearchValue = "ProfileImagePath"
Const MatchData = "C:\Users\ALS_SVC"
strComputerName = "."
Set objRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputerName & "\root\default:StdRegProv")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objComputer = GetObject("WinNT://" & strComputerName & "")
Set objShell = CreateObject("Wscript.Shell")
Set objWMIService = GetObject("winmgmts:\\" & strComputerName & "\root\cimv2")
Set objShell = CreateObject("Wscript.Shell")
Set objParentFolder = objFSO.GetFolder("C:\Users")
Set colFolders = objParentFolder.SubFolders
strUserFolderPath = "C:\Users"

'Code Begins...

'First we bind an object to the local computer account and create an array of the user accounts
objComputer.Filter = Array("User")
'for each user account in the array, check the first 7 characters for "ALS_SVC" and delete the account if it matches
For Each objUser in objComputer
strUserName = objUser.Name
strUserName = Left(strUserName,7)
if strUserName = "ALS_SVC" then
Call objComputer.delete("User",objUser.Name)
end if

'Then we use a subroutine to search the Registry from StartKey and delete any keys where the SearchValue equals MatchData
FindAndDeleteKey HKLM, StartKey, SearchValue, MatchData

' Then we search "C:\Users" for any folder starting with ALS_SVC and delete it
For Each objFolder in colFolders
strFullName = objFolder.Name
strFullName = Left(strFullName,7)
if strFullName = "ALS_SVC" then
objShell.Run "cmd.exe /r rd /s /q """ & strUserFolderPath & "\" & objFolder.Name & """",0,True
End if

'Functions and Subs...

Sub FindAndDeleteKey(root, key, value, data)
objRegistry.EnumValues HKLM, key, names, types
If Not IsNull(names) Then
For Each name In names
If name = value Then
objRegistry.GetStringValue HKLM, key, name, regdata
strFullPath = regdata
regdata = Left(regdata,16)
If regdata = data Then
'Delete the parent key...
objRegistry.DeleteKey root, key
Exit Sub
End If
End If
End If
'value not found in current key, continue searching in subkeys
objRegistry.EnumKey root, key, subkeys
If Not IsNull(subkeys) Then
For Each sk In subkeys
FindAndDeleteKey root, key & "\" & sk, value, data
End If
End Sub

When I run this script in Windows 7 it finds and deletes the accounts, the registry entries, and the folders.
When I run it in Windows 10 I receive the error "access denied" when the script runs "Call objComputer.delete ("User", objUser.Name)".

I am running the script with an account that is a member of the local administrators group. After several hours of searching online I have yet to figure out why access is being denied.

Any suggestions are greatly appreciated.

RE: Windows 10 VBScript returns access denied

Is it one of those things that only works if you are running as the user called Administrator with elevated privileges?

RE: Windows 10 VBScript returns access denied

xwb: I just signed into my Windows 10 test system as the local administrator, opened an elevated command prompt, and ran the script using cscript and it ran fine. So here's the difficult question: Do you know how to get around this requirement so that I can push out this script through a group policy?

RE: Windows 10 VBScript returns access denied

I don't know how it is done using group policy. Last time I played with group policy was 12 years ago on W2K.

I rarely work on admin stuff. The only thing I remember nowadays is if all else fails, try the user called Administrator with elevated privileges. This works on most things except processes started by the service user called "Local User". You can't do anything with those even when you are an elevated administrator.

Could you create a shortcut with elevated privileges? I remember being able to do that on XP but I can't remember how it is done. Might be easier than group policy or would group policy block the script?

RE: Windows 10 VBScript returns access denied

xwb: Sorry about the late reply. Unfortunately Windows 10 is a lot more stubborn than Windows XP was, so creating a shortcut wasn't a viable option.

We eventually figured out what was creating all the user profiles - a patch management tool which was responsible for updating user systems, and I was the lucky guy that was tasked with the wonderful job of figuring out how to clean up the mess once we shut it down. About 50% of our user systems still run Windows 7, and the script I listed above smoothly and efficiently deleted the local user accounts (there were typically only a few per system even though there were sometimes hundreds of profile folders and registry entries to deal with), deleted the profile folders, and deleted the unwanted registry keys, and it did it all quietly in the background without the end user ever noticing what was going on. What I eventually did to get the script running in Windows 10 was remove the first section of code that dealt with deleting the local user accounts. Without Windows 10 throwing an access denied error the script ran as expected, deleting all other traces of the unwanted random local accounts. So now I have a number of Windows 10 systems with up to 3 local user accounts that have no access to any files or folders outside of the profile folder that has already been removed.

Thank you for your suggestions, I'd still love to find out if there is a way to remove the accounts programmatically, but for now I suppose we can consider this thread solved.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close