jump to navigation

How to delete files that won’t delete November 11, 2009

Posted by keithga in MDT 2010, Troubleshooting, Uncategorized.

One of the frustrations when working with beta software is dealing with constant changes and little support for cross-build (not major version) upgrading.

During the development cycle for MDT 2010, one component that had constant change was the Windows Automated Installation Kit. MDT requires several components from the WAIK to perform correctly, so we were constantly upgrading.

One of the components, the WIMGAPI.dll was particularly nasty. The WAIK installer would set the permissions on the file so regular users could not delete it, and the intra-build upgrades didn’t replace the file automatically. Luckily, if you are using the final released (RTM) version of the WAIK, and upgrading from a previously released version, you should be OK.

Why are these files so hard to delete?

Windows protects some installed files by giving only the “Trusted Installer” account access to the file, and explicitly denying everyone else access, including administrators and the SYSTEM account.

Running the icacls.exe command on wimgapi.dll reveals:

NT SERVICE\TrustedInstaller:(F)

The problem is that normal users and administrators don’t have full access to the file and are not allowed to modify the permissions.

How to Modify “Trusted Installer” files

If you ever find yourself in the situation where you need to modify/delete files that are “trusted installer” protected, here is what I do:

  1. Start up an elevated command prompt (with administrator privileges).
  2. Run “icacls.exe <file>” to see the current permissions.
  3. Run “TakeOwn.exe /f <file>” to change ownership.
  4. Run “icacls.exe <file> /reset” to change permissions.
  5. Run “icacls.exe <file>” to display the new permissions.




Keith Garner is a Deployment Specialist with Xtreme Consulting Group


No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: