9

How to delete specific files in System32/drivers?

I need to remove a software manually.Guide says that I need to remove some .sys files that are related to that software from System32/drivers but I can't. I get the "You need permission to perform this action". The permission is required from SYSTEM. I'm logged in as local administrator. Tried using Unlocker, giving myself full access to the files and even to Everyone. Tried deleting through safe mode. One of the files I took ownership with takeown and cacls and now it's asking me I need permission from myself(administrator account)!

How to delete system files if I'm logged in as local admin and still need permission from SYSTEM?

Some of the files I need to delete: srtspx64.sys and srtspl64.sys

http://www.symantec.com/business/support/index?page=content&id=TECH91038&locale=en_US

user317441
  • 101

5 Answers5

7

You can do it easily via:
Executing :

takeown /f srtspx64.sys
cacls srtspx64.sys /E /P /g abc:f
del srtspl64.sys /f /p
del srtspx64.sys /f /p

Replace abc with your username

DavidPostill
  • 162,382
Anonymous
  • 169
3

Files in System32 are typically owned by "TrustedInstaller" and are locked down really tightly. If you really, absolutely feel you must do this, the easiest way is to boot from a Linux LiveCD or a Windows install disk.

Using Linux, mount the drive R/W with the ntfs-3g utility (or just use mount; all modern Linux distros default to using ntfs-3g) and delete the files like you would any others (from a shell, the command is rm). I know this approach works.

Using Windows install media, you need to enter repair / recovery mode. That will give you the option to open a command prompt. This prompt can be used to browse to the folder (note that it may not be on the C: drive, if the install media is putting itself as C:) and try deleting the file, potentially using the same kinds of things you did above (taking ownership, changing ACLs, etc.). This should work, but I haven't tested it.

CBHacking
  • 6,404
2

Use IOBit Unlocker, it's a great tool, super easy to use, free, and I can vouch that it deleted my rogue drivers from System32\drivers. See other options here (but I only tried Unlocker).

overcast75
  • 91
2

Note That deleting any thing under the windows folder can cause the entire system to stop working! Just because you are logged in as a local admin does not mean that all processes you start run with full access you have to start them in admin mode!

You could try to start CMD in administrator mode and then delete the files with the DEL command.

If you still can't delete the file you could use handle.exe found in Sysinternals to see if some other process is locking the file.

Peter
  • 377
  • 6
  • 15
1

Grant full access to file by icacls before deleting (since cacls is deprecated):

takeown /f <file>
icacls <file> /P <username>:F
del /F <file>

Example:

takeown /F c:\windows\system32\calc.exe
icacls c:\windows\system32\calc.exe /P John:F
del /F c:\windows\system32\calc.exe

edit: system32 was misspelled

Community
  • 1
Zoltán Nagy
  • 11