HOWTO: Figure out whose is using space in the Recycle Bin Folder

I was troubleshooting a low disk space alarm on a server.  After running TreeSizeFree, I discovered that the bulk of the space was in use in the Recycling bin which is stored in a hidden directory called #:\RECYCLER (I say # because on exists on each drive present in the machine).

 


 

You’ll note however that windows doesn’t store the username that deleted the files but rather the SID of the user.  Now one could argue that if it’s in the recycle bin already then that’s tantamount to bringing your garbage to the curb and thus can be removed at any time.  With that said, I still like to confirm the data first with the user if possible, mostly so I can explain the importance of either using “shift-delete” to permanently delete data or by regularly emptying the recycle bin.  An ounce of prevention and all that.

 

At any rate, I now have the requirement of understanding just who S-1-5-21-77810565-118882789-1848903544-39792 actually is.

 

It turns out you can run a vbs script to tell you that.  (Source code below)

 

When you double click on from explorer, you’ll be given a Windows message box.  Copy and paste the SID here and press OK:

 


 

It will then spit back the username with that SID.  In this case, Garry is the owner of the files in question and so I now know who to talk to.

 


 

Just a neat tip I thought I’d share.

On Error Resume Next

wscript.echo getSID

Private Function getSID()
    ' Get SID from user
	Const POPUP_TITLE = "User To SID Conversion"
	SID = InputBox("Enter SID",POPUP_TITLE)	
		server = "."
		Set objWMIService = GetObject("winmgmts:\\" & server & "\root\cimv2")

		Set objAccount = objWMIService.Get("Win32_SID.SID='" & SID & "'")
		strUser = objAccount.AccountName
		strDomain = objAccount.ReferencedDomainName
		If Err.Number <> 0 Then
        getSID = Err.Description
        Err.Clear
    Else
				getSID = "User: " & vbtab & UCase(strUser) & vbcrlf & "Domain: " & vbtab & UCase(strDomain)
    End If
End Function

 

1 comments

  1. I can immediately seize your rss as I can not in acquiring your e-mail registration hyperlink or newsletter service. Do you might have any? Kindly ok, i’ll recognize in order that I can subscribe. Thanks.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.