Absolute Offers New Ways to Manage Windows User Profiles

By: Jason Short | 9/12/2018

“A chain is only as strong as its weakest link.”

We’ve all heard this saying and unfortunately, most of us have also heard it applied to IT security as the chain with users as the weak link.

Protecting data from the actions of users – whether intentional or not – has long been one of the greatest challenges IT pros face. Whether it’s via phishing emails, remote work habits or Shadow IT downloads, users are too-often the weak link. The good news is organizations are making progress. New research from Wombat Security says 95% of companies surveyed remarked that they now train end users on identifying and avoiding phishing attacks, up from 86% in 2014.

User education is of course key. But there are additional strategies you can employ to prevent a user-involved attack. We all know the difficulties in maintaining compliance with a management architecture as challenging as Windows. Local Users are created on devices, they fall off the domain, creating endpoint blindspots. All of these things negatively impact your security posture. One small action from a user could cause a Windows file to become corrupt.

New Reach Workflows to Manage Windows User Profiles

To give you more granular control with the ability to easily delete Local Users (on a single device or multiple) and delete aged profiles after a specific amount of time, Absolute today released new scripts for Reach, a powerful custom query and remediation feature that is a part of the Absolute platform. Now you can rest easy that your Directory remains pristine and users are not by bypassing your security controls, or worse, leaving data unprotected in local user profiles.

Because Absolute Reach lets you ‘reach’ any device, even if these devices are off your network and outside the bounds of traditional tools, you can still take action on these devices. The full list of new Reach scripts is listed below, and more are soon to come.

New Script Name Description
Add a Local Group Add a local group on a system
Add a Local User Add a local user on a system
Remove Local Group or User Remove a local user or group from a device
Delete Aged User Profiles Delete user profiles that are older than a specified number of days.*
Force GPUpdate Machine Force a background update to refresh the Computer configuration settings in Group Policy
Force GPUpdate User Force a background update to refresh the User configuration settings in Group Policy
Remotely Remove Microsoft Intune Requires administrator rights
Remove or Comment Out a Hosts File Entry Comments out or removes a value from a device's hosts file

*Note: This script will not remove built-in profiles such as "Local Service" or "Network Service."

To explore Reach for yourself, check out this short video.


Financial Services