<

Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Using Tools To Find What is Using Your Disk Space

Published on
9,190 Points
1,290 Views
4 Endorsements
Last Modified:
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
A little background first...
In January of 2002, Microsoft launched their "Trustworthy Computing" initiative which signaled a change in how Windows was designed and run.  Key components started to be locked down and made inaccessible to unprivileged users (some had already been, but this accelerated the practice).  Over time, more and more areas of Windows became inaccessible without proper authorization (administrative access).  Eventually, we reached the point where we are now - certain folders even administrators don't have access to unless they forcibly gain control.  One such folder is the System Volume Information folder which can contain restore points, shadow copies, and other data that Windows uses to provide services, but which end users - even Administrators - don't need direct access to under most circumstances.

There are two ways to work around this when access is needed (such as when surveying the disk usage of a computer): alter the permissions, or run a tool as the computer which has full access to just about everything by default. 

To alter the Access Control Lists (ACLs), the administrator can "take ownership" of a folder and then reset the permissions,  This is problematic since you have to find all folders which the administrators don't have access to and modify the ACLs.  Even if scripted, the time required to create the script and adjust the ACLs can be lengthy.  But the bigger problem is the weakened security state you're leaving the computer in.  All to simply find out what's taking up the space. 

The second option, running the program as the computer—more specifically, under the "SYSTEM" account—doesn't alter any permissions and can be done with relatively minimal security risk by competent admins using trusted programs. But how do you run a program under the "SYSTEM" account?  You can't (well, shouldn't - and I've never tried to) reset the SYSTEM account's password... so "run as" seems to be out, and there is no "Right click > Run as Computer" option.

We can do this using a tool from Microsoft called PSEXEC.  PSEXEC is one of the tools Mark Russinovich of Sysinternals.com developed many years ago.  Several years ago, Microsoft acquired Mark's tools and hired him, so now PSEXEC (and his entire tool suite) are Microsoft's and PSEXEC is available at https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Once you have PSEXEC downloaded, you should run it once to read and accept the End User License Agreement.  Then, I recommend placing it in a folder in your path - C:\Windows\System32 for example (you'll need to put it there as an administrator!)

Now, install your tool of choice - WinDirStat or TreeSize (or another tool you trust that can provide you a report of what is using your disk space).  Once installed, open a command prompt as an administrator and navigate to its executable's location.  Then run PSEXEC -I -S -D "x:\path\to the\executable.exe".  In the following screenshot, I've opened a command prompt, navigated to the folder with WinDirStat and am about to run WinDirStat under the SYSTEM account.

PSExecWinDirStat.PNGRunning as SYSTEM, the applications should now include the contents of the system-accessible files and folders, giving you a far more accurate report of what is taking up space.


WARNING!


Tools like WinDirStat offer the ability to delete things directly from their interface.  When running them as SYSTEM, you have a much greater chance of causing a (potentially unrecoverable) problem with your system.  I STRONGLY advise NOT DELETING ANYTHING without first knowing exactly what it is and how/if it should be deleted properly. If you're not absolutely sure, ask a question and find out!
4
Comment
Author:Lee W, MVP
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 25

Expert Comment

by:Brian B
Good and useful article, but a warning to users who may read this: It is not recommended to just try and delete system files. Without going into a long explanation, if you use Lee's method above and find a lot of space being taken up by a specific directory, search on how to clean up that directory. Here is an example for one common place that files build up:
https://www.experts-exchange.com/searchResults.jsp?searchTerms=WINSXS+folder+clean+up&asSubmit=true&asSelected=true
0
 
LVL 96

Author Comment

by:Lee W, MVP
Brian B - EXCELLENT point - added a warning in case people read the article and not the comments.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Join & Write a Comment

This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month