Trying to Delete Directories -- Access Denied

[Kyle]

Hi,

My Windows 2000 server got tagged because of FTP anonymous was wide open. I
have since disabled the service. I am trying to clean up the tagged
directories. I was able to delete some directories using dir /x at a
command prompt, as well as the RM command. I still have some directories
but when I try to delete them, I get an access denied. I am logged in as
Admininstrator. When I look at the properties in Windows Explorer for each
directory,their is no security tab. How do I delete the directory?

Any help would be appreciated.


Thanks,
Kyle

 

[Pegasus \(MVP\)]

Hi,

My Windows 2000 server got tagged because of FTP anonymous was wide open. I
have since disabled the service. I am trying to clean up the tagged
directories. I was able to delete some directories using dir /x at a
command prompt, as well as the RM command. I still have some directories
but when I try to delete them, I get an access denied. I am logged in as
Admininstrator. When I look at the properties in Windows Explorer for each
directory,their is no security tab. How do I delete the directory?

Any help would be appreciated.


Thanks,
Kyle

You write "I was able to delete some directories using dir /x at a
command prompt, as well as the RM command." I struggle to
see how you could do this, seeing that "dir" will only list files
and folders, not delete them, and that there is no "RM" command
under Windows 2000. You also don't say if this partition is a
FAT/FAT32 or an NTFS partition (which is important for access
restrictions).

Try this command:

rd /s "c:\Folde~1" where "Folde~1" is the short file name for
your problem folder. If this does not work, post the full name
of the folder here.

 

[Kyle]

You write "I was able to delete some directories using dir /x at a
command prompt, as well as the RM command." I struggle to
see how you could do this, seeing that "dir" will only list files
and folders, not delete them, and that there is no "RM" command
under Windows 2000. You also don't say if this partition is a
FAT/FAT32 or an NTFS partition (which is important for access
restrictions).

Try this command:

rd /s "c:\Folde~1" where "Folde~1" is the short file name for
your problem folder. If this does not work, post the full name
of the folder here.

Hi,

I used the rm.exe app (available on the Windows2000 Resource Kit. Dir /x
listed the short foldernames that appeared to be nameless folders.

See: http://techrepublic.com.com/5100-6270-1053850.html

The partition is NTFS. The root folder is 333 (I was able to rename it to
that from a longer folder name), but all the subfolders are either named
aux1 aux2 etc... or lpt1, lpt2 etc... or con1, con2 etc...

They have no "Security" tab on them (the topmost 333 folder does, and I
have full admin permissions on it, but clearly not on its subfolders, and
the topmost folder's permissions are not flowing down to them). when I try
to delete them from the Windows GUI, or from console with del, rm, rd
etc...I get an Access Denied message.

I deleted a bunch of other bogus directory structures using the RM.EXE
program, but these are different in that there's an access issue.

Thanks,
Kyle

 

[Pegasus \(MVP\)]

Hi,

I used the rm.exe app (available on the Windows2000 Resource Kit. Dir /x
listed the short foldernames that appeared to be nameless folders.

See: http://techrepublic.com.com/5100-6270-1053850.html

The partition is NTFS. The root folder is 333 (I was able to rename it to
that from a longer folder name), but all the subfolders are either named
aux1 aux2 etc... or lpt1, lpt2 etc... or con1, con2 etc...

They have no "Security" tab on them (the topmost 333 folder does, and I
have full admin permissions on it, but clearly not on its subfolders, and
the topmost folder's permissions are not flowing down to them). when I try
to delete them from the Windows GUI, or from console with del, rm, rd
etc...I get an Access Denied message.

I deleted a bunch of other bogus directory structures using the RM.EXE
program, but these are different in that there's an access issue.

Thanks,
Kyle

Your folders appear to use reserved names. You can get rid of
them by using this syntax:

rd /s /q \\.\c:\LPT1

Of course you have to specify the correct location.

 

[Kyle]

Your folders appear to use reserved names. You can get rid of
them by using this syntax:

rd /s /q \\.\c:\LPT1

Of course you have to specify the correct location.

Hi,

Thanks for the info, but no luck.

Pasted below is the directory structure I'm referring to, plus the
results of the delete attempts using the rd syntax you suggested.

Volume in drive E has no label.
Volume Serial Number is

Directory of E:\temp\867

02/13/2004 08:30a <DIR> .
02/13/2004 08:30a <DIR> ..
02/19/2003 07:53a <DIR> aux0
02/19/2003 07:53a <DIR> aux1
02/19/2003 07:53a <DIR> aux2
02/19/2003 07:53a <DIR> aux3
02/19/2003 07:53a <DIR> aux4
02/19/2003 07:53a <DIR> aux5
02/19/2003 07:53a <DIR> aux6
02/19/2003 07:53a <DIR> aux7
02/19/2003 07:53a <DIR> aux8
02/19/2003 07:53a <DIR> aux9
02/19/2003 07:53a <DIR> com0
02/19/2003 07:53a <DIR> com1
02/19/2003 07:53a <DIR> com2
02/19/2003 07:53a <DIR> com3
02/19/2003 07:53a <DIR> com4
02/19/2003 07:53a <DIR> com5
02/19/2003 07:53a <DIR> com6
02/19/2003 07:53a <DIR> com7
02/19/2003 07:53a <DIR> com8
02/19/2003 07:53a <DIR> com9
02/19/2003 07:53a <DIR> con0
02/19/2003 07:53a <DIR> con1
02/19/2003 07:53a <DIR> con2
02/19/2003 07:53a <DIR> con3
02/19/2003 07:53a <DIR> con4
02/19/2003 07:53a <DIR> con5
02/19/2003 07:53a <DIR> con6
02/19/2003 07:53a <DIR> con7
02/19/2003 07:53a <DIR> con8
02/19/2003 07:53a <DIR> con9
02/19/2003 07:53a <DIR> lpt0
02/19/2003 07:53a <DIR> lpt1
02/19/2003 07:53a <DIR> lpt2
02/19/2003 07:53a <DIR> lpt3
02/19/2003 07:53a <DIR> lpt4
02/19/2003 07:53a <DIR> lpt5
02/19/2003 07:53a <DIR> lpt6
02/19/2003 07:53a <DIR> lpt7
02/19/2003 07:53a <DIR> lpt8
02/19/2003 07:53a <DIR> lpt9
0 File(s) 0 bytes
42 Dir(s) 29,115,990,016 bytes free



E:\temp\867>rd /s /q lpt9
The system cannot find the file specified.

E:\temp\867>rd /s /q LPT9~1
Access is denied.

E:\temp\867>

 

[Pegasus \(MVP\)]

Hi,

Thanks for the info, but no luck.

Pasted below is the directory structure I'm referring to, plus the
results of the delete attempts using the rd syntax you suggested.

Volume in drive E has no label.
Volume Serial Number is

Directory of E:\temp\867

02/13/2004 08:30a <DIR> .
02/13/2004 08:30a <DIR> ..
02/19/2003 07:53a <DIR> aux0
02/19/2003 07:53a <DIR> aux1
02/19/2003 07:53a <DIR> aux2
02/19/2003 07:53a <DIR> aux3
02/19/2003 07:53a <DIR> aux4
02/19/2003 07:53a <DIR> aux5
02/19/2003 07:53a <DIR> aux6
02/19/2003 07:53a <DIR> aux7
02/19/2003 07:53a <DIR> aux8
02/19/2003 07:53a <DIR> aux9
02/19/2003 07:53a <DIR> com0
02/19/2003 07:53a <DIR> com1
02/19/2003 07:53a <DIR> com2
02/19/2003 07:53a <DIR> com3
02/19/2003 07:53a <DIR> com4
02/19/2003 07:53a <DIR> com5
02/19/2003 07:53a <DIR> com6
02/19/2003 07:53a <DIR> com7
02/19/2003 07:53a <DIR> com8
02/19/2003 07:53a <DIR> com9
02/19/2003 07:53a <DIR> con0
02/19/2003 07:53a <DIR> con1
02/19/2003 07:53a <DIR> con2
02/19/2003 07:53a <DIR> con3
02/19/2003 07:53a <DIR> con4
02/19/2003 07:53a <DIR> con5
02/19/2003 07:53a <DIR> con6
02/19/2003 07:53a <DIR> con7
02/19/2003 07:53a <DIR> con8
02/19/2003 07:53a <DIR> con9
02/19/2003 07:53a <DIR> lpt0
02/19/2003 07:53a <DIR> lpt1
02/19/2003 07:53a <DIR> lpt2
02/19/2003 07:53a <DIR> lpt3
02/19/2003 07:53a <DIR> lpt4
02/19/2003 07:53a <DIR> lpt5
02/19/2003 07:53a <DIR> lpt6
02/19/2003 07:53a <DIR> lpt7
02/19/2003 07:53a <DIR> lpt8
02/19/2003 07:53a <DIR> lpt9
0 File(s) 0 bytes
42 Dir(s) 29,115,990,016 bytes free



E:\temp\867>rd /s /q lpt9
The system cannot find the file specified.

E:\temp\867>rd /s /q LPT9~1
Access is denied.

E:\temp\867>

You tried

rd /s /q lpt9

but I wrote

rd /s /q \\.\e:\temp\867\LPT1

There is a big difference!

 

[Kyle]

You tried

rd /s /q lpt9

but I wrote

rd /s /q \\.\e:\temp\867\LPT1

There is a big difference!

Hi,

Okay, I tried:

rd /s /q \\.\e:\temp\867\LPT1

and still received:

The system cannot find the file specified.

Thanks,
Kyle

 

[Pegasus \(MVP\)]

Hi,

Okay, I tried:

rd /s /q \\.\e:\temp\867\LPT1

and still received:

The system cannot find the file specified.

Thanks,
Kyle

Since this works very nicely for me, I suspect
that you do not have a folder called
\\.\e:\temp\867\LPT1

If you wish to continue with this thread, post the
contents of c:\test.txt in your reply:

dir e:\temp\lpt*.* /s >: c:\test.txt

 

[Kyle]

Since this works very nicely for me, I suspect
that you do not have a folder called
\\.\e:\temp\867\LPT1

If you wish to continue with this thread, post the
contents of c:\test.txt in your reply:

dir e:\temp\lpt*.* /s >: c:\test.txt

Hi,

Here's the contents of test.txt constructed with your directions above.

Thanks. Kyle
____________________________________________________
Volume in drive E has no label.
Volume Serial Number is

Directory of e:\temp\867

02/19/2003 07:53a <DIR> lpt0
02/19/2003 07:53a <DIR> lpt1
02/19/2003 07:53a <DIR> lpt2
02/19/2003 07:53a <DIR> lpt3
02/19/2003 07:53a <DIR> lpt4
02/19/2003 07:53a <DIR> lpt5
02/19/2003 07:53a <DIR> lpt6
02/19/2003 07:53a <DIR> lpt7
02/19/2003 07:53a <DIR> lpt8
02/19/2003 07:53a <DIR> lpt9
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
10 Dir(s) 29,067,063,296 bytes free

 

[Pegasus \(MVP\)]

Hi,

Here's the contents of test.txt constructed with your directions above.

Thanks. Kyle
____________________________________________________
Volume in drive E has no label.
Volume Serial Number is

Directory of e:\temp\867

02/19/2003 07:53a <DIR> lpt0
02/19/2003 07:53a <DIR> lpt1
02/19/2003 07:53a <DIR> lpt2
02/19/2003 07:53a <DIR> lpt3
02/19/2003 07:53a <DIR> lpt4
02/19/2003 07:53a <DIR> lpt5
02/19/2003 07:53a <DIR> lpt6
02/19/2003 07:53a <DIR> lpt7
02/19/2003 07:53a <DIR> lpt8
02/19/2003 07:53a <DIR> lpt9
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
10 Dir(s) 29,067,063,296 bytes free

I would do this:

1. Move all useful files and folders out of e:\temp\867.
2. Issue this command from the Command Prompt:

rd /s /q e:\temp\867

By the way, when I say "Command Prompt" then I refer to
the screen you get when clicking "Run", then typing "cmd.exe".
If you type "command.com" then you're unlikely to suceed.

 

[Kyle]

I would do this:

1. Move all useful files and folders out of e:\temp\867.
2. Issue this command from the Command Prompt:

rd /s /q e:\temp\867

By the way, when I say "Command Prompt" then I refer to
the screen you get when clicking "Run", then typing "cmd.exe".
If you type "command.com" then you're unlikely to suceed.

Hi,

Below is a copy-and-pasted from the cmd window of the results of issuing
the command you suggest above, and thanks.

But the problem continues to be one of access (permissions, or
whatever..). Remember, these are tricked-out directories created by a
hacker. They are specifically designed to not be deletable by ordinary
methods.

e:\temp\867\COM7~1 - Access is denied.
e:\temp\867\COM8~1 - Access is denied.
e:\temp\867\COM9~1 - Access is denied.
e:\temp\867\CON0~1 - Access is denied.
e:\temp\867\CON1~1 - Access is denied.
e:\temp\867\CON2~1 - Access is denied.
e:\temp\867\CON3~1 - Access is denied.
e:\temp\867\CON4~1 - Access is denied.
e:\temp\867\CON5~1 - Access is denied.
e:\temp\867\CON6~1 - Access is denied.
e:\temp\867\CON7~1 - Access is denied.
e:\temp\867\CON8~1 - Access is denied.
e:\temp\867\CON9~1 - Access is denied.
e:\temp\867\LPT0~1 - Access is denied.
e:\temp\867\LPT1~1 - Access is denied.
e:\temp\867\LPT2~1 - Access is denied.
e:\temp\867\LPT3~1 - Access is denied.
e:\temp\867\LPT4~1 - Access is denied.
e:\temp\867\LPT5~1 - Access is denied.
e:\temp\867\LPT6~1 - Access is denied.
e:\temp\867\LPT7~1 - Access is denied.
e:\temp\867\LPT8~1 - Access is denied.
e:\temp\867\LPT9~1 - Access is denied.

E:\>

 

[Pegasus \(MVP\)]

Hi,

Below is a copy-and-pasted from the cmd window of the results of issuing
the command you suggest above, and thanks.

But the problem continues to be one of access (permissions, or
whatever..). Remember, these are tricked-out directories created by a
hacker. They are specifically designed to not be deletable by ordinary
methods.

e:\temp\867\COM7~1 - Access is denied.
e:\temp\867\COM8~1 - Access is denied.
e:\temp\867\COM9~1 - Access is denied.
e:\temp\867\CON0~1 - Access is denied.
e:\temp\867\CON1~1 - Access is denied.
e:\temp\867\CON2~1 - Access is denied.
e:\temp\867\CON3~1 - Access is denied.
e:\temp\867\CON4~1 - Access is denied.
e:\temp\867\CON5~1 - Access is denied.
e:\temp\867\CON6~1 - Access is denied.
e:\temp\867\CON7~1 - Access is denied.
e:\temp\867\CON8~1 - Access is denied.
e:\temp\867\CON9~1 - Access is denied.
e:\temp\867\LPT0~1 - Access is denied.
e:\temp\867\LPT1~1 - Access is denied.
e:\temp\867\LPT2~1 - Access is denied.
e:\temp\867\LPT3~1 - Access is denied.
e:\temp\867\LPT4~1 - Access is denied.
e:\temp\867\LPT5~1 - Access is denied.
e:\temp\867\LPT6~1 - Access is denied.
e:\temp\867\LPT7~1 - Access is denied.
e:\temp\867\LPT8~1 - Access is denied.
e:\temp\867\LPT9~1 - Access is denied.

E:\>

You may need to fix up your NTFS permissions before you can delete these
folders.

 

[Kyle]

You may need to fix up your NTFS permissions before you can delete these
folders.

Hi,

I am using the highest level of permissions when logged in. As well, I
have full control of \867 But the directories below have no Security
tab, and the permissions on \867 aren't trickling down to them. Whoever
did this had quite a trick or two up their sleeve!

Kyle

 

[Enkidu]

I am using the highest level of permissions when logged in. As well, I
have full control of \867 But the directories below have no Security
tab, and the permissions on \867 aren't trickling down to them. Whoever
did this had quite a trick or two up their sleeve!

It's the permissions on the files that matter. Two things you could
try. One is to add yourself to "Backup Operators". IMO this probably
wont work, but it's worth a try. Alternatively you could try taking
ownership of the files. Although without the Permissions tag, it would
be difficult. Try from the directory level first.

Cheers,

Cliff

 

[Pegasus \(MVP\)]

Hi,

I am using the highest level of permissions when logged in. As well, I
have full control of \867 But the directories below have no Security
tab, and the permissions on \867 aren't trickling down to them. Whoever
did this had quite a trick or two up their sleeve!

Kyle

"Highest level of permission" is irrelevant if administrators are
denied access. You must log on as an administrator and seize
ownership of the folders, then set the permissions. You normally
do this via the "Security" tab in the Explorer graphical user interface.
If this tab is not available then it's back to a Command Prompt.
The following command will do it:

xcacls \\.\e:\temp\867\*.* /t /g administrator:O
cacls \\.\e:\temp\867\*.* /t /g administrator:F

xcacls.exe comes with the Win2000 Resource Kit.

 

[Kyle]

"Highest level of permission" is irrelevant if administrators are
denied access. You must log on as an administrator and seize
ownership of the folders, then set the permissions. You normally
do this via the "Security" tab in the Explorer graphical user interface.
If this tab is not available then it's back to a Command Prompt.
The following command will do it:

xcacls \\.\e:\temp\867\*.* /t /g administrator:O
cacls \\.\e:\temp\867\*.* /t /g administrator:F

xcacls.exe comes with the Win2000 Resource Kit.

Hi,

Thanks for the info.

I ran the following command:

xcacls \\.\e:\temp\867\*.* /t /g administrator:O

The result was:

Do you want to continue (Y/N)? y
processed directory: \\.\e:\temp\867\aux0
ERROR: The system cannot find the file specified


Kyle

 

[Pegasus \(MVP\)]

Hi,

Thanks for the info.

I ran the following command:

xcacls \\.\e:\temp\867\*.* /t /g administrator:O

The result was:

Do you want to continue (Y/N)? y
processed directory: \\.\e:\temp\867\aux0
ERROR: The system cannot find the file specified


Kyle

The following batch file worked very nicely for me after
I had created your exact environment. I was logged on as
"administrator". subinacl.exe comes with the Win2000
Resource Kit.

@echo off
set Target=e:\temp\867

cd /d "%Target%"
subinacl /file "%Target%\*.*" /setowner=everyone
for /d %%a in (*.*) do cacls "\\.\%Target%\%%a" /g everyone:F
for /d %%a in (*.*) do rd /s /q "\\.\%Target%\%%a"