Monday
Dec242012
Delete TrustedInstaller-only Files and Folders
Monday, December 24, 2012 at 1:55AM Not very security related, but something I don't want to forget how to do. It was a PITA. So I had a old WINDOWS directory that I needed to get rid of. And the following commands gave me the ooomph needed to get the job done.
1) Get a SYSTEM shell so all modding of permissions will be good.
D:\> psexec /accepteula -s cmd
2) Grant Administrators FULL rights to the directory and all sub directories and files
D:\> icacls D:\Windows\* /grant Administrators:F /C /T
3) Finish the job, delete the folder and everything below it
D:\> rmdir /s /q D:\Windows\
All done. Weeeeeeeee!
If you have a better way to do this via commands or programs please let me know, always looking to learn more.
Reader Comments (4)
Thank you! This helped me remove a lot of msiexec's leftovers.
knowing the command line in windows, linux, solaris, etc is always a good thing. Knowing how permissions are set, how to manipulate config files, etc is always extremely important and relevant to security...something a lot of admins don't really know and can't judge the impact on. I run into a lot of systems where I don't have to run exploits to escalate privileges, I just have to use the permissions I'm given to work around it. In the world of certification engineering, people only know whether the checkbox is checked or not, they don't know what the checkbox really means to the operation of the computer or the entire system.
You could use PowerShell to do all of this. Just wrap the following in a script and schedule to run as a task with "system" privs:
$Path = 'C:\Windows\'
$UserObject = New-Object System.Security.Principal.NTAccount("."."Administrators")
$FileACL = Get-Acl $Path
$FileACL.SetOwner($UserObject)
Set-Acl -AclObject $FileACL -path $Path
Remove-Item -Recurse -Force $Path
-Chris
on vista and above you can just use from an elevated prompt the takeown.exe
takeown /F "C:\SomeFolder" /R /D Y