First off, I want to apologize for the lack of clarity in the title of this post; I honestly couldn’t fit the whole real subject in there. And even if I could have, it would have been a bit silly anyway. Here’s what it might have been called:
“Removing system files from a domain-based computer on a hard drive that was previously installed in another computer and your domain is currently un-available…” Or something like that. I know it sounds kinda’ crazy, but stick with me here…
Now, let me explain. I’m a consultant that rarely goes into our corporate office, and therefore am usually authenticating with a cached domain credential to my laptop. And as you may know, there are limits to permissions management when a domain is not available. So when I added a second hard drive from another computer to my Windows 8 laptop, the NTFS permissions put up a pretty good fight in not letting me delete the old SYSTEM files on the now-secondary disk. in the end, I had to do a handful of steps to seize the permissions on those files and folders before I could delete them, made extra tricky by me being remote to the domain.
How I Got Here:
Here are the steps that got me into the jam in the first place:
– Installed Windows 8 on original LAPTOP1 with a big hard drive as a local user, LAPTOP1Jeremy.Local
– Drove to office, joined to domain as user DOMAINJeremy.Pavlov, went on with life for a while
– Got a new LAPTOP2, and wanted to use big hard drive from LAPTOP1 as secondary disk in LAPTOP2
– Removed big hard disk from LAPTOP1 and installed into LAPTOP2, to what would become E: drive.
– Installed fresh Windows 8 on LAPTOP2 smaller C: drive as a local user, LAPTOP2Jeremy.Local
– Drove to office, joined to domain as user DOMAINJeremy.Pavlov, added DOMAINJeremy.Pavlov as member of local administrators group on LAPTOP2, went on with life
– Wanted to delete system folders (Windows, Program Files, etc.) from big E: drive (forgot to remove them originally), while preserving other folders (Virtual Machines, etc.)
…But, the folder(s) won’t let me delete them so easily. My user (and Administrator credential) don’t have rights to the tiles, and since I’m not near the office to re-assign domain permission, I need different strategy. Mind you, I would have just formatted the disk, but I have hundreds of Gigabytes of Virtual Machines on it. And while I thought about removing the drive, or mounting in Linux, etc., I wanted to find an easier, repeatable way.
Stepping Through It
So, since NTFS won’t let deletion happen as-is, the permissions clearly need to be re-set. So let’s walk through what we need to do to make this work…
– First, open a command prompt “As Administrator”, and run this command to “Take Ownership” of the unwanted folder on the E: drive:
takeown /f E:Unwanted Folder /R /A
…in this case, the
/R means recursive, and the
/A means set it to the Administrators group.
– Now that the local Administrators group has control, use the GUI Security tab in Windows Explorer (or PowerShell, or icacls) to grant it FULL CONTROL to This folder, subfolders, and files
– Fix inheritance by checking the box to “Replace all child object permission entries…” on “E:Unwanted Folder”
– Now, remove the unwanted folder with the good ol’ RD command (in the same command window you opened above, or the GUI):
RD /S /Q E:Unwanted Folder
…By the way, I just couldn’t bring myself to put “Windows” above, so I put “Unwanted Folder”. You get the idea…
Of Course, A Script
Now if you just want to to do the whole thing in a script, here’s how you might do it:
#Set this to the folder to be removed: SET DELETEME="E:Unwanted Folder" #Next line sets ownership of hierarchy to Administrators Group TAKEOWN /f %DELETEME% /R /A #Next line resets permissions for hierarchy to default ICACLS %DELETEME% /reset /T #Next line grants Administrators group "Full Control" to hierarchy ICACLS %DELETEME% /grant Administrators:(OI)(CI)F #Next line removes hierarchy RD /S /Q %DELETEME%
…Of course, this is just one way (or two ways) to do it, in one weird situation. But I thought it could help someone some day… Maybe even myself…