1

I have a SBS 08. A user received some files send from a mac. He unzipped it with his windows 7 locally and copied it on a network shared drive on the SBS. The files (some fonts) were already in green color and encrypted just after the unzip.

So now I have those files on my server, and my little backup tool (SyncBackSE) stuck on them.

I tried to delete them, as domain admin, being owner with full access, nothing, I have to kill explorer.exe process.

We tried with the user that copied it on the server, still freezing explorer.exe !

I read about the LocalSystem user, and tried a couple of things to execute a cmd.exe with 'super power' but unsuccesfully.

  • at ... /interactive cmd.exe is deprecated
  • create svc binpath="cmd /K start" type=own type=interactive doesn't work
  • psexec -i -s cmd.exe I got this : Could not start PsExec service on BVMEDIASERVER: The service cannot be started, either because it is disabled or because it has n o enabled devices associated with it.

What else can I try ? Thank you !

Bastien974
  • 1,896
  • 12
  • 44
  • 62

3 Answers3

2

Sounds like file system corruption; run chksdk and see what it reports. EFS should not prevent you from deleting files, just reading them.

Chris S
  • 77,945
  • 11
  • 124
  • 216
2

Chkdsk showing anything?

Executing a delete command from cmd.com shell doesn't do anything either?

What about mounting the share from a Linux system and then sudo rm filename from that? still fail?

I'd be really tempted if the filesystem check isn't fixing it to try booting with a Linux liveCD and mounting the NTFS drive and trying to delete the file from there. Sounds like something is really fishy with the filesystem.

Also, try removing permissions on the file and resetting it to give you full ownership and full access to the file. Encrypted or not, if should allow an administrator to delete it. It's possible something with the ACL is corrupted, and resetting permissions may fix the permission list or the order of the permissions.

Bart Silverstrim
  • 31,172
  • 9
  • 67
  • 87
  • I can't run a CHKDSK right now, the server is in prod, i'll have a revolt if I reboot it during the day. In CMD, it doesn't work. The radical solution would be to boot in DOS or with a liveCD and then delete it, but if I can find a solution without rebooting ... I tried to block inheritance permission, and only add me as owner and full access, it freeze when trying to set security info on the files. – Bastien974 Jul 14 '10 at 13:37
  • If it really is freezing when trying to change permission/ownership, you really need to get it checked ASAP and double check you have good backups. If the filesystem is dying, you could be risking it losing or corrupting data while your users are using the production server, and rebooting it in the day will be the least of your worries compared to a full rebuild. – Bart Silverstrim Jul 14 '10 at 13:52
  • @Bastien974. you can at least run chkdsk on a production box and it'll tell you if there are problems. You might not be able to fix them without a reboot, but at least you'll know if it's a problem. – Chris S Jul 14 '10 at 15:50
  • You're right, I'm gonna schedule it and post here the result later. – Bastien974 Jul 14 '10 at 16:56
0

Try unlocker. There must be a process (probably stalled) holding it open somewhere.

jmanning2k
  • 302
  • 2
  • 9
  • 1
    I tried, told me my Kaspersky was blocking it, another problem also, couldn't kill the service or process... – Bastien974 Jul 14 '10 at 17:29
  • Well, you won't be able to delete it until that antivirus process releases it... use the management console or run: "net stop kavfs, net stop klif, net start klif, net start kavfs". Then try to delete the file again. – jmanning2k Jul 19 '10 at 20:28