none
SilentCleanup /Disable - Impact On Systems RRS feed

  • Question

  • Working in an Enterprise environment and using Microsoft Windows 10 Professional 1803, we implemented a scheduled task that disables the DiskCleanup feature that's enabled by default in Windows 10.  The command we used for this is:

    schtasks /Change /TN "\Microsoft\Windows\DiskCleanup\SilentCleanup" /Disable

    This command succeeded in disabling this task as needed.  However, our security compliance scans against these systems started to detect hosts with issues in User Configuration settings for various accounts on some systems.  The primary pattern observed was that the accounts were all for users who had not signed on to the flagged system for many months, but who did have cached local profile data on the system. Further observations with PSLoggedon show accounts as being actively logged on to the system, even with accounts that had long since been deleted from the domain, for users who are no longer around, and on systems that rebooted only a day before.

    These observations, along with a few others, have lead me to believe that the SilentCleanup /Disable command may be temporarily mounting these old profiles for some reason.  In some cases though, it seems to leave the profiles mounted until the system reboots.

    Can someone validate this theory? I'm specifically looking for details on what changes are made to the system when SilentCleanup /Disable is executed.

    Thank You,

    Leon Walker

    MCITP, MCP, SCCM and Enterprise Systems Engineer



    • Edited by MaXamit Thursday, October 10, 2019 3:53 PM
    Thursday, October 10, 2019 2:50 PM

All replies

  • Hi Leon,

    Obviously, you command is correct, but what about the result of directly disable the SilentCleanup task in Task Scheduler UI, does this way will influence system.

    Besides, from my search:

    SilentCleanup checks the data of each Autorun Dword value under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\ and HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\ to determine whether it should include that cache in the cleanup operation.

    A value of 0 blocks the maintenance task from deleting the cache, a value of 1 allows it to to so.

    Here is how you configure Windows 10 to block or allow the clearing of the cache:

    Open Start, e.g. by clicking on the icon or tapping on the Windows-key on the keyboard.

    Type regedit.exe.

    Confirm the UAC prompt that Windows displays.

    Go to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Thumbnail Cache

    Double-click on the Autorun Dword value.

    Set it to 0 to prevent Windows from clearing the cache, or to 1 to allow it to do so.

    Go to HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Thumbnail Cache

    Double-click on the Autorun Dword value.

    Set it to 0 or 1 accordingly.

    Optional: repeat the steps for any other cache listed under VolumeCaches.

    Restart the PC.

    Windows won't delete the cache anymore as part of Automatic Maintenance if you set both entries to 0.

    At last, for your demand: looking for details on what changes are made to the system when SilentCleanup /Disable is executed. I advise you create a support ticket from the following website. The experts there can assist you with a specific analysis.Thanks for your understanding and cooperating.

    https://support.microsoft.com/en-gb/hub/4343728/support-for-business

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, October 11, 2019 2:42 AM
    Moderator