Browse All Articles
> Using Tools To Find What is Using Your Disk Space
Sometimes drives fill up and we don't know why. If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left! Here's how you can find out...
A little background first...
In January of 2002, Microsoft launched their "Trustworthy Computing" initiative which signaled a change in how Windows was designed and run. Key components started to be locked down and made inaccessible to unprivileged users (some had already been, but this accelerated the practice). Over time, more and more areas of Windows became inaccessible without proper authorization (administrative access). Eventually, we reached the point where we are now - certain folders even administrators don't have access to unless they forcibly gain control. One such folder is the System Volume Information
folder which can contain restore points, shadow copies, and other data that Windows uses to provide services, but which end users - even Administrators - don't need direct access to under most circumstances.
There are two ways to work around this when access is needed (such as when surveying the disk usage of a computer): alter the permissions, or run a tool as the computer which has full access to just about everything by default.
To alter the Access Control Lists (ACLs), the administrator can "take ownership" of a folder and then reset the permissions, This is problematic since you have to find all folders which the administrators don't have access to and modify the ACLs. Even if scripted, the time required to create the script and adjust the ACLs can be lengthy. But the bigger problem is the weakened security state you're leaving the computer in. All to simply find out what's taking up the space.
The second option, running the program as the computer—more specifically, under the "SYSTEM" account—doesn't alter any permissions and can be done with relatively minimal security risk by competent admins using trusted programs. But how do you run a program under the "SYSTEM" account? You can't (well, shouldn't - and I've never tried to) reset the SYSTEM account's password... so "run as" seems to be out, and there is no "Right click > Run as Computer" option.
We can do this using a tool from Microsoft called PSEXEC. PSEXEC is one of the tools Mark Russinovich of Sysinternals.com developed many years ago. Several years ago, Microsoft acquired Mark's tools and hired him, so now PSEXEC (and his entire tool suite) are Microsoft's and PSEXEC is available at https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
Once you have PSEXEC downloaded, you should run it once to read and accept the End User License Agreement. Then, I recommend placing it in a folder in your path - C:\Windows\System32
for example (you'll need to put it there as an administrator!)
Now, install your tool of choice - WinDirStat
(or another tool you trust that can provide you a report of what is using your disk space). Once installed, open a command prompt as an administrator and navigate to its executable's location. Then run PSEXEC -I -S -D "x:\path\to the\executable.exe"
. In the following screenshot, I've opened a command prompt, navigated to the folder with WinDirStat and am about to run WinDirStat under the SYSTEM account.
Running as SYSTEM, the applications should now include the contents of the system-accessible files and folders, giving you a far more accurate report of what is taking up space.
Tools like WinDirStat offer the ability to delete things directly from their interface. When running them as SYSTEM, you have a much greater chance of causing a (potentially unrecoverable) problem with your system. I STRONGLY advise NOT DELETING ANYTHING without first knowing exactly what it is and how/if it should be deleted properly. If you're not absolutely sure, ask a question
and find out!