[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Using Tools To Find What is Using Your Disk Space

Published on
10,385 Points
4 Endorsements
Last Modified:
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
A little background first...
In January of 2002, Microsoft launched their "Trustworthy Computing" initiative which signaled a change in how Windows was designed and run.  Key components started to be locked down and made inaccessible to unprivileged users (some had already been, but this accelerated the practice).  Over time, more and more areas of Windows became inaccessible without proper authorization (administrative access).  Eventually, we reached the point where we are now - certain folders even administrators don't have access to unless they forcibly gain control.  One such folder is the System Volume Information folder which can contain restore points, shadow copies, and other data that Windows uses to provide services, but which end users - even Administrators - don't need direct access to under most circumstances.

There are two ways to work around this when access is needed (such as when surveying the disk usage of a computer): alter the permissions, or run a tool as the computer which has full access to just about everything by default. 

To alter the Access Control Lists (ACLs), the administrator can "take ownership" of a folder and then reset the permissions,  This is problematic since you have to find all folders which the administrators don't have access to and modify the ACLs.  Even if scripted, the time required to create the script and adjust the ACLs can be lengthy.  But the bigger problem is the weakened security state you're leaving the computer in.  All to simply find out what's taking up the space. 

The second option, running the program as the computer—more specifically, under the "SYSTEM" account—doesn't alter any permissions and can be done with relatively minimal security risk by competent admins using trusted programs. But how do you run a program under the "SYSTEM" account?  You can't (well, shouldn't - and I've never tried to) reset the SYSTEM account's password... so "run as" seems to be out, and there is no "Right click > Run as Computer" option.

We can do this using a tool from Microsoft called PSEXEC.  PSEXEC is one of the tools Mark Russinovich of Sysinternals.com developed many years ago.  Several years ago, Microsoft acquired Mark's tools and hired him, so now PSEXEC (and his entire tool suite) are Microsoft's and PSEXEC is available at https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Once you have PSEXEC downloaded, you should run it once to read and accept the End User License Agreement.  Then, I recommend placing it in a folder in your path - C:\Windows\System32 for example (you'll need to put it there as an administrator!)

Now, install your tool of choice - WinDirStat or TreeSize (or another tool you trust that can provide you a report of what is using your disk space).  Once installed, open a command prompt as an administrator and navigate to its executable's location.  Then run PSEXEC -I -S -D "x:\path\to the\executable.exe".  In the following screenshot, I've opened a command prompt, navigated to the folder with WinDirStat and am about to run WinDirStat under the SYSTEM account.

PSExecWinDirStat.PNGRunning as SYSTEM, the applications should now include the contents of the system-accessible files and folders, giving you a far more accurate report of what is taking up space.


Tools like WinDirStat offer the ability to delete things directly from their interface.  When running them as SYSTEM, you have a much greater chance of causing a (potentially unrecoverable) problem with your system.  I STRONGLY advise NOT DELETING ANYTHING without first knowing exactly what it is and how/if it should be deleted properly. If you're not absolutely sure, ask a question and find out!
Author:Lee W, MVP
LVL 25

Expert Comment

by:Brian B
Good and useful article, but a warning to users who may read this: It is not recommended to just try and delete system files. Without going into a long explanation, if you use Lee's method above and find a lot of space being taken up by a specific directory, search on how to clean up that directory. Here is an example for one common place that files build up:
LVL 97

Author Comment

by:Lee W, MVP
Brian B - EXCELLENT point - added a warning in case people read the article and not the comments.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Join & Write a Comment

Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month