The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,839 other subscribers

Archive for May 7th, 2026

Wondering if the takeown/icacls/del trick still work to screw up %windir%\system32 (via Patrick Doyle on Twitter)

Posted by jpluimers on 2026/05/07

A few years back this trick was shown to screw up %windir%\system32 [Wayback/Archive] Patrick Doyle on Twitter: “@SwiftOnSecurity @RoseAreaZero Delete any file in three easy steps: > takeown /F "example.ext" > icacls "example.ext" /grant "%USERNAME%":F > del "example.ext".

Like [Wayback/Archive] SwiftOnSecurity (@SwiftOnSecurity) / Twitter (see the long thread further below), I was expecting that Windows would either prevent you from doing this at all, or allow for easy recovery with System File Protection (now Source: Windows File Protection).

That didn’t prevent or recover it back then.

I wonder if that has been changed by now.

From the above Tweet:

Delete any file in three easy steps:
> takeown /F "example.ext"
 > icacls "example.ext" /grant "%USERNAME%":F
 > del "example.ext"

Read the rest of this entry »

Posted in Batch-Files, Development, Power User, Scripting, Security, Software Development, Windows, Windows 10, Windows 11, Windows Development | Leave a Comment »