I was troubleshooting a low disk space alarm on a server. After running TreeSizeFree, I discovered that the bulk of the space was in use in the Recycling bin which is stored in a hidden directory called #:\RECYCLER (I say # because on exists on each drive present in the machine).
You’ll note however that windows doesn’t store the username that deleted the files but rather the SID of the user. Now one could argue that if it’s in the recycle bin already then that’s tantamount to bringing your garbage to the curb and thus can be removed at any time. With that said, I still like to confirm the data first with the user if possible, mostly so I can explain the importance of either using “shift-delete” to permanently delete data or by regularly emptying the recycle bin. An ounce of prevention and all that.
At any rate, I now have the requirement of understanding just who S-1-5-21-77810565-118882789-1848903544-39792 actually is.
It turns out you can run a vbs script to tell you that. (Source code below)
When you double click on from explorer, you’ll be given a Windows message box. Copy and paste the SID here and press OK:
It will then spit back the username with that SID. In this case, Garry is the owner of the files in question and so I now know who to talk to.
Just a neat tip I thought I’d share.
On Error Resume Next wscript.echo getSID Private Function getSID() ' Get SID from user Const POPUP_TITLE = "User To SID Conversion" SID = InputBox("Enter SID",POPUP_TITLE) server = "." Set objWMIService = GetObject("winmgmts:\\" & server & "\root\cimv2") Set objAccount = objWMIService.Get("Win32_SID.SID='" & SID & "'") strUser = objAccount.AccountName strDomain = objAccount.ReferencedDomainName If Err.Number <> 0 Then getSID = Err.Description Err.Clear Else getSID = "User: " & vbtab & UCase(strUser) & vbcrlf & "Domain: " & vbtab & UCase(strDomain) End If End Function
I can immediately seize your rss as I can not in acquiring your e-mail registration hyperlink or newsletter service. Do you might have any? Kindly ok, i’ll recognize in order that I can subscribe. Thanks.