Friday, December 02, 2011

icacls takeown ??-?? scripting for removing localized locale directories in system32 with access denied


Windows Server 2008 has permissions locked down tight on the system32 directory.
I ran into an issue when I wanted to remove all the localized directories (AR-SA, BG-BG, CS-CZ) - I will never use them and I wanted them gone (except for EN-US). This is what I finally ended up with as a solution. It was a learning process. I realize it can be scripted in a neater way but this was the most logical for me.

dir C:\Windows\System32\??-?? /aD /b > c:\output.txt

  - Now open the output.txt file and remove EN-US so it doesnt get deleted!!!

for /f %i in (c:\output.txt) do takeown /F C:\Windows\System32\%i\* /A /R
for /f %i in (c:\output.txt) do icacls C:\Windows\System32\%i\* /grant Administrators:F /inheritance:E /T
for /f %i in (c:\output.txt) do del /S /Q /F C:\Windows\System32\%i
for /f %i in (c:\output.txt) do rmdir C:\Windows\System32\%i

        - Now do the same thing on Syswow64 (32-bit location on a 64-bit system = WoW)

for /f %i in (c:\output.txt) do takeown /F C:\Windows\Syswow64\%i\* /A /R
for /f %i in (c:\output.txt) do icacls C:\Windows\Syswow64\%i\* /grant Administrators:F /inheritance:E /T
for /f %i in (c:\output.txt) do del /S /Q /F C:\Windows\Syswow64\%i
for /f %i in (c:\output.txt) do rmdir C:\Windows\Syswow64\%i

Explanation with {my own description of whats being done inside the curly braces}

  • dir C:\Windows\System32\??-?? {list all files or directories with the locale pattern ??-?? like AR-SA} /aD {make sure only all directories are listed} /b {bare output suitable for scripting} > c:\output.txt {pipe the result into a text file}
  • Remove "EN-US" (or your particular locale that you use from output.txt because everything listed in output.txt is going to be deleted very shortly)
  • for /f {for every line in a file} %i {read the first value} in (C:\output.txt) {this is the file to read values from dont include spaces otherwise you will have to use " " inside the ( ) and throw on a "usebackq" in quotes after for /f} do {the command that follows is executed on every %i value from the file one by one}
  • takeown /F {specify a file or directory to take ownership of} C:\Windows\System32\%i\* {each localized directory that we want taken over} /A {give ownership to the administrators GROUP not "Administrator" itself} /R {Recurse subdirectories and files}
  • icacls C:\Windows\System32\%i\* {specify what directory or file you want access to} /grant Administrators:F {grant Administrators group FULL permission} /inheritance:E {enable inheritance on the directory specified} /T {recurse subdirectories and files}
  • del /S {delete all subdirectories and files} /Q {without confirmation} /F {force delete of any read-only files} C:\Windows\System32\%i {every locale dir with the value %i from the for command}
  • rmdir C:\Windows\System32\%i {remove the empty directories once done} (god i miss deltree)

1 comment:

Blogger said...

BlueHost is definitely the best web-hosting provider with plans for all of your hosting requirements.