Alex Ruben
How To Automatically Clear the Downloads Folder for Domain Users with Group Policy
This thing about clearing out users’ Downloads folder automatically… it’s kind of a pain if you don’t set it up right. The idea is to prevent users from piling up crazy amounts of files over time, which can slow down systems or fill up drive space unexpectedly. So, figure out a way to automate it. Here’s what’s worked kinda okay before – using a PowerShell script tied to a Group Policy logon script. Not perfect, but better than nothing.
Prerequisites
Before jumping into this, make sure you’ve got:
- A Windows Server environment (like 2019 or 2022, no biggie).
- Admin rights to create and tweak GPOs.
- Basic idea of PowerShell scripts and how to link scripts to GPOs.
- The PowerShell script needs to sit somewhere the users can access — usually on a network share.
Step 1: Write the PowerShell Script
This is the core. A simple script that deletes files in the Downloads folder.
$downloadsPath = "$env:USERPROFILE\Downloads"
Get-ChildItem -Path $downloadsPath -Recurse -Force | Remove-Item -Force -Recurse -ErrorAction SilentlyContinue
Save this as ClearDownloads.ps1 somewhere on the domain, typically in \\YourDomain\netlogon or another shared folder that everyone can reach, like the main network share.
Step 2: Setup a Batch File to Run the Script
Since GPO can run batch files smoothly, just make a simple batch file that calls this PowerShell script:
powershell -ExecutionPolicy Bypass -WindowStyle Hidden -File "\\YourDomain\netlogon\ClearDownloads.ps1"
Name this ClearDownloads.bat and toss it into the same folder. It’s easier than trying to get GPO to run a PowerShell script directly sometimes, especially with execution policies.
Step 3: Create and Link a GPO
The GPMC (Group Policy Management Console) is your friend here.
- Press Windows + R, then type
gpmc.mscand hit Enter. Yes, the GPMC. - Find your domain, expand it, and right-click on the OU (Organizational Unit) where your users are. Pick Create a GPO in this domain, and link it here.
- Name it something like “Clear Downloads Folder,” then click OK.
Step 4: Tie the Script to User Logon
Now, you need to tell the GPO to run this script when users log in:
- Right-click the new GPO, choose Edit.
- Navigate to User Configuration ➔ Policies ➔ Windows Settings ➔ Scripts (Logon/Logoff).
- Double-click Logon, then hit Add.
- Click Browse, find your
ClearDownloads.bat(from the network share), and select it. - Hit OK. Done.
Step 5: Make Sure PowerShell Scripts Are Allowed
PowerShell execution policies can get in the way—that’s Windows being Windows. To make sure your script will run, tweak that setting:
- Within the GPO editor, go to Administrative Templates ➔ System ➔ Scripts.
- Find Run Windows PowerShell scripts first, double-click, set to Enabled.
- Click Apply and OK.
Because of course, Windows has to make it harder than necessary.
Step 6: Test That It Works
Run gpupdate /force from an admin command prompt or PowerShell on your test machine, then log out and back in as a user. It should clear out their Downloads – might not be immediate for everyone, so give it a few seconds. If it doesn’t work, check the GPO results with gpresult /h report.html and see if the script actually ran. Sometimes permissions or network path issues trip it up.
Extra Tips & Common Pitfalls
- Double-check that everyone can access the script location. Sometimes permissions block scripts from running.
- Test your PowerShell script manually first — run it in PowerShell Console. If it throws errors, fix those first.
- Remember, GPO refreshes don’t always happen immediately—so be patient or force it with gpupdate /force.
- If scripts still don’t run, look into the execution policy settings on client machines; maybe set
Set-ExecutionPolicy RemoteSigned -Scope CurrentUseror similar if necessary.
Conclusion
This way, every user gets their Downloads folder wiped at logon, which keeps things tidier and hopefully helps desktops stay snappy. Not perfect, but better than hoping people remember to clear it themselves every now and then.
Frequently Asked Questions
Can I exclude certain file types from deletion?
Sure. You could tweak the PowerShell script to filter specific extensions, like .docx or .pdf, but that gets a little more involved.
What if a user wants to keep some files?
That’s on them to manage — this script just wipes everything each logon. Maybe set expectations, or just run it less frequently if needed.
How to undo this if it’s causing problems?
Take down the GPO, or unlink it from the OU. Done. Simple enough.
Summary
- Write a simple PowerShell script to delete downloads.
- Place it on a network share accessible by everyone.
- Create a batch file to run the script silently.
- Make a GPO, link it to the user OU.
- Set the script to run at logon within the GPO.
- Ensure PowerShell scripting is enabled via GPO.
- Force a policy update and test it out.
Hopefully this shaves off a few hours for someone. Worked for me — hope it works for you.