DEL /a: /e /z whatever.ext

May 20, 2008
12,035
127
Syracuse, NY, USA
That is me (my email address)
I figured that. It just doesn't look like a Windows "principal". In those places, I see myself vefatica (JJ\vefatica).

If that's really you, the currently logged-on user, you seem to have shown that that user owns the file and has full access to it but can't delete it. I'm lost.
 
Apr 2, 2011
1,584
14
55
North Carolina, USA
I figured that. It just doesn't look like a Windows "principal". In those places, I see myself vefatica (JJ\vefatica).

If that's really you, the currently logged-on user, you seem to have shown that that user owns the file and has full access to it but can't delete it. I'm lost.

From the first image in DEL /a: /e /z whatever.ext

What if I removed the permissions from "Charles Galloway (csgalloway@gmail.com)", then tried to del_file again? calling the 2 MS utilities...
 
May 20, 2008
12,035
127
Syracuse, NY, USA
I dunno. What username did you give to those two utilities the first time? What username would you give if you used them again? As I said, I'm lost.
 

Charles Dye

Super Moderator
Staff member
May 20, 2008
4,640
101
Albuquerque, NM
prospero.unm.edu
I'm guessing that Windows has been upgraded, and that whole Backup tree was created by the Windows Installer service. It may be possible to delete the whole thing with the Disk Cleanup tool, in its more advanced "Clean up system files" mode.

Other, more technical, approaches: Boot a copy of Windows PE from e.g. a flash drive, and delete from that OS. Or temporarily move the hard drive to a different computer as a secondary drive. Neither of these will work if the hard drive is encrypted, though.
 
Apr 2, 2011
1,584
14
55
North Carolina, USA
I dunno. What username did you give to those two utilities the first time? What username would you give if you used them again? As I said, I'm lost.
Code:
:Delfile [cFile]
  :: try to delete the file
  iff exist %cFile then
    del /a: /e /z %cFile
    iff exist %cFile then
      :: file not able to be deleted, see about ownership?
      :: take full ownership of the file
      C:\WINDOWS\system32\takeown.exe /f %cFile
      C:\WINDOWS\system32\icacls.exe %cFile /grant %USERNAME%:F
      :: try to delete the file one more time
      del /a: /e /z %cFile
      iff exist %cFile then
        echo %cFile still exists, quitting.....
        quit
      endiff
    endiff
  endiff
::

What does c:\Windows\System32\whoami.exe report?

Code:
[C:\Users\csgal\OneDrive\Desktop\OEClassic]c:\Windows\System32\whoami.exe
desktop-c293qau\csgal
 
May 20, 2008
12,035
127
Syracuse, NY, USA
Code:
:Delfile [cFile]
  :: try to delete the file
  iff exist %cFile then
    del /a: /e /z %cFile
    iff exist %cFile then
      :: file not able to be deleted, see about ownership?
      :: take full ownership of the file
      C:\WINDOWS\system32\takeown.exe /f %cFile
      C:\WINDOWS\system32\icacls.exe %cFile /grant %USERNAME%:F
      :: try to delete the file one more time
      del /a: /e /z %cFile
      iff exist %cFile then
        echo %cFile still exists, quitting.....
        quit
      endiff
    endiff
  endiff
::



Code:
[C:\Users\csgal\OneDrive\Desktop\OEClassic]c:\Windows\System32\whoami.exe
desktop-c293qau\csgal
That doesn't look much like
1648088989534.png

See why I'm confused.

If you remove /E from the DEL command, it might tell you why it failed.

What's the value of %USERNAME%?

What if you used C:\WINDOWS\system32\icacls.exe %cFile /grant csgal:F (instead of using %USERNAME)?
 
Apr 2, 2011
1,584
14
55
North Carolina, USA
That doesn't look much like
View attachment 3627
See why I'm confused.

yes I do. I know I have a onedrive by that name and email address..... not sure how it got there

If you remove /E from the DEL command, it might tell you why it failed.

It will take a long time to generate the del_me.btm; Will do it overnight.... and post here...

What's the value of %USERNAME%?

Code:
[C:\Users\csgal\OneDrive\Desktop\Z_Del_me]set user*
USERDOMAIN=DESKTOP-C293QAU
USERDOMAIN_ROAMINGPROFILE=DESKTOP-C293QAU
USERNAME=csgal
USERPROFILE=C:\Users\csgal

What if you used C:\WINDOWS\system32\icacls.exe %cFile /grant csgal:F (instead of using %USERNAME)?

It should pick up tbhe value of %USERNAME - and I don't see why it would be anything besides what I posted earlier...
 
Apr 2, 2011
1,584
14
55
North Carolina, USA
@vefatica and @Charles Dye :

Code:
[C:\Users\csgal\OneDrive\Desktop]del_me.btm
Deleting C:\Backup\Windows\System32\IntelIHVRouter08.dll
TCC: (Sys) C:\Users\csgal\OneDrive\Desktop\del_me.btm [28]  Access is denied.
 "C:\Backup\Windows\System32\IntelIHVRouter08.dll"
     0 files deleted       1 failed
Press any key when ready...

SUCCESS: The file (or folder): "C:\Backup\Windows\System32\IntelIHVRouter08.dll" now owned by user "DESKTOP-C293QAU\csgal".
processed file: C:\Backup\Windows\System32\IntelIHVRouter08.dll
Successfully processed 1 files; Failed processing 0 files
Deleting C:\Backup\Windows\System32\IntelIHVRouter08.dll
TCC: (Sys) C:\Users\csgal\OneDrive\Desktop\del_me.btm [36]  Access is denied.
 "C:\Backup\Windows\System32\IntelIHVRouter08.dll"
     0 files deleted       1 failed
Press any key when ready...
"C:\Backup\Windows\System32\IntelIHVRouter08.dll" still exists, quitting.....

[C:\Users\csgal\OneDrive\Desktop]

The UDF is:

Code:
:Delfile [cFile]
  :: try to delete the file
  iff exist %cFile then
    del /a: /z %cFile
    pause
    iff exist %cFile then
      :: file not able to be deleted, see about ownership?
      :: take full ownership of the file
      C:\WINDOWS\system32\takeown.exe /f %cFile
      C:\WINDOWS\system32\icacls.exe %cFile /grant %USERNAME%:F
      :: try to delete the file one more time
      del /a: /z %cFile
      pause
      iff exist %cFile then
        echo %cFile still exists, quitting.....
        quit
      endiff
    endiff
  endiff
::

Full permissions for the file above are:
SYSTEM
Charles Galloway (csgalloway@gmail.com)
TrustedInstaller
 

Charles Dye

Super Moderator
Staff member
May 20, 2008
4,640
101
Albuquerque, NM
prospero.unm.edu
I suggest you take over the whole tree:
Code:
takeown /r /f c:\backup
icacls c:\backup /t /grant %username%:f

It's possible that you may need write access to the parent directory as well as the file itself.
 
May 20, 2008
12,035
127
Syracuse, NY, USA
If it were a horse race I'd put my money on csgal. Charles Galloway (csgalloway@gmail.com) doesn't look like a Windows username to me. If it is one, I wonder if it's in some special (and not an admin). Does ControlPanel\UserAccounts give any insight into this?
 
Apr 2, 2011
1,584
14
55
North Carolina, USA
I suggest you take over the whole tree:
Code:
takeown /r /f c:\backup
icacls c:\backup /t /grant %username%:f

It's possible that you may need write access to the parent directory as well as the file itself.

Those 2 commands did allow me to remove some empty folders/dirs, but the problem in #40 above still remains....

@vefatica - - - also......
 
Aug 9, 2009
293
1
Charles Windows doesn’t care where the file is. It only cares about the name of the file that's already loaded in memory. You have two files with the same name Windows doesn’t care which one is loaded all it understand is one of them is loaded thus it wont allow you to delete the backup copy. TCC and Windows are doing what the API tells it to do which is deny the delete.

Boot win10 into safe mode chose a mode that doesn’t allow internet access (no router drivers etc.) rename the backup copy IntelHVRouter08.dll to IntelHVRouter08.dl_

Reboot into normal mode if internet access is working delete the backup file you renamed.

google “boot win10 into safe mode” should show you the following:

How to boot in Safe Mode in Windows 10
  1. Hold down the Shift button as you click "Restart." ...
  2. Choose "Troubleshoot" on the Choose an option screen. ...
  3. Choose "Startup Settings" and then click Restart to get to the final selection menu for Safe Mode. ...
  4. Enable Safe Mode with or without internet access.
Hopefully that should work
 
Last edited:
May 20, 2008
12,035
127
Syracuse, NY, USA
What exactly do you mean, @Kachupp? Using TCC (which loads TAKECMD.DLL) I had no problem deleting a copy of a loaded DLL.

Code:
v:\> copy d:\tc28\takecmd.dll
D:\tc28\takecmd.dll => V:\takecmd.dll
     1 file copied

v:\> del takecmd.dll
Deleting V:\takecmd.dll
     1 file deleted            6,004,736 bytes freed

The same goes for system files.

Code:
v:\> copy c:\Windows\System32\shell32.dll
C:\Windows\System32\shell32.dll => V:\shell32.dll
     1 file copied

v:\> del shell32.dll
Deleting V:\shell32.dll
     1 file deleted            7,647,232 bytes freed
 
Aug 9, 2009
293
1
I just tried this and yes as usual you are correct. It failed at first because the my dll had the hidden attribute set. So was about to delete the post then thought nah the reboot option may still help
 
Apr 2, 2011
1,584
14
55
North Carolina, USA
I don'[t understande sicne i had /Z on the DEL command....

also would /B be effective on files like I posted above in my screen capture?
 
Jan 12, 2014
502
9
Switzerland, SO
@Charles G

I think also that the Safe Mode COULD be a solution for you.

Another hint COULD be that you boot your system with a linux boot stick or so - which is able to mount your windows drive (partition). There you could try to delete those files. Even backup software has such boot media sometimes (know that from Acronis which I used years ago) ... there I could boot, start a file manager and could delete files on windows partition.

Just some ideas, I will be not responsible, if you destroy your windows partition.
 
Last edited:
Apr 2, 2011
1,584
14
55
North Carolina, USA
I am taking my timne going through the c:\backup\ tree deleting what I can or movin g files e;lsewhere - then once that is done will post if needed.... thanks everyone
 
Oct 29, 2008
91
0
The other thing I do is use SysInternals' PsExec and start a TCC instance running under the SYSTEM account
(using alias sysprompt=`psexec -sidw "%_cwd" "%_cmdspec"` in an elevated prompt).
 

Similar threads