Problem

We have endpoint laptops with 200GB SSDs. OneDrive handles document backup, but local downloads still fill the disk over time. Windows starts complaining. Devices slow down.

I first tried Disk Cleanup (cleanmgr.exe), but it requires GUI interaction. Running it via Intune as SYSTEM shows nothing on screen - it just hangs waiting for user input that never comes.

Constraints

I built a Proactive Remediation with two scripts:

  • Detection: Check if disk space is below threshold
  • Remediation: Clean up temp files, caches, and junk - completely silent

Decision

The detection script uses dual thresholds. A device is non-compliant if:

  • Free space is below 15 GB, OR
  • Free space is below 10%

This works well across different disk sizes. A 128GB SSD with 10GB free (7.8%) triggers remediation. A 500GB disk with 40GB free (8%) also triggers. The percentage catches large disks, the absolute value catches small ones.

$MinFreeSpaceGB = 15
$MinFreeSpacePercent = 10

$disk = Get-CimInstance -ClassName Win32_LogicalDisk -Filter "DeviceID='C:'"
$freeSpaceGB = [math]::Round($disk.FreeSpace / 1GB, 2)
$freeSpacePercent = [math]::Round(($disk.FreeSpace / $disk.Size) * 100, 1)

$isCompliant = ($freeSpaceGB -ge $MinFreeSpaceGB) -and ($freeSpacePercent -ge $MinFreeSpacePercent)

# Full script: https://github.com/Thugney/eriteach-scripts/blob/main/intune/remediations/diskspace-detection.ps1

Implementation

My remediation script cleans these locations silently:

LocationWhatAge Filter
C:\Windows\TempSystem temp filesAll
C:\Windows\PrefetchPrefetch cacheOlder than 7 days
C:\Windows\SoftwareDistribution\DownloadWindows Update cacheAll
C:\Windows\LogsWindows logsOlder than 14 days
C:\Users\*\AppData\Local\TempUser temp filesAll
Recycle BinDeleted filesAll
C:\ProgramData\Microsoft\Windows\WERError reportsAll
Delivery Optimization cacheUpdate sharing cacheAll
Thumbnail cacheExplorer thumbnailsAll

I keep recent prefetch files (last 7 days) because Windows uses them to speed up app launches. Logs older than 14 days are safe to remove.

For Windows Update cache, I stop the wuauserv service first, clean the folder, then restart the service.

Stop-Service -Name wuauserv -Force -ErrorAction SilentlyContinue
Start-Sleep -Seconds 2
# Clean SoftwareDistribution\Download
Start-Service -Name wuauserv -ErrorAction SilentlyContinue

# Full script: https://github.com/Thugney/eriteach-scripts/blob/main/intune/remediations/diskspace-remediation.ps1

Outcome

  1. Go to Intune > Devices > Remediations
  2. Click Create script package
  3. Name it “Disk Space Cleanup”
  4. Upload the detection script
  5. Upload the remediation script
  6. Set Run this script using the logged-on credentials: No
  7. Set Run script in 64-bit PowerShell: Yes
  8. Assign to a device group (target endpoints)
  9. Set schedule - daily or every 8 hours depending on how aggressive you want to be

Trade-offs

The remediation script logs to C:\ProgramData\Intune\Logs\DiskSpace-Remediation.log. You’ll see entries like:

2026-02-01 10:30:15 - === Starting disk cleanup ===
2026-02-01 10:30:15 - Free space before: 8.45 GB
2026-02-01 10:30:18 - Windows Temp : Freed 245.32 MB
2026-02-01 10:30:22 - User Temp (user01) : Freed 1024.50 MB
2026-02-01 10:30:25 - Recycle Bin: Freed 3500.00 MB
2026-02-01 10:30:26 - === Cleanup completed ===
2026-02-01 10:30:26 - Actual freed: 4850.23 MB
2026-02-01 10:30:26 - Free space after: 13.19 GB

Outcome

In a mid-size endpoint fleet, typical cleanup frees 2-8 GB per device. The biggest wins come from:

  • Recycle Bin (users delete but do not empty)
  • User temp files (browser caches, installers)
  • Windows Update cache after feature updates

Scripts