Sometimes an NTFS shrink still fails, even though you use the built in Windows defragmentation tools, of SysInternals contig tool.
The best you can do is to follow the steps in:
- Windows – Cannot cannot shrink a volume beyond the point where any unmovable files are located – SomoIT.net
- Tip: How to shrink a volume beyond half its size using DiskPart or Disk Manager regardless of Microsoft’s NTFS restrictions and $MFTMirr | Under My Hat.
- How to shrink a partition with unmovable files in Windows 7 – Brandon Checketts
- run
diskmgmt.mscto try shrinking the disk, then often it is already in the error message: “You can’t shrink a volume beyond the point where any unremoveable files are located see the defrag event in application log for detailed information about the operation when it has completed.” - use
eventvwr.exeand look at theWindows Logsfor the most recentApplicationentries that hasSourceset todefrag
Those defrag entries usually tell about the last file that could not be moved.
You can use
wevtutillto query events on the commandline.Note that contrary to [WayBack] WEVTUTIL – Windows CMD – SS64.com documentation, the option
/rdcannot be expanded to/reversedirection, as you will get an error “invalid option reversedirection” – Google Search.For querying the above
defragevent, use this command line (replace/format:XMLwith/format:textfor more readable but also more verbose output):
wevtutil query-events Application /count:2 /format:XML /rd:true /query:"*[System[(EventID=259)]]"
On Windows 10, this is often caused by “System Protection” which locks files under C:\Recovery, but I have also seen $BITMAP, $MFT and $DATA entries.
System protected drives
To view which drives are currently used for system protection (this opens the “System Properties” dialog focussed on the “System Protection” tab):
SystemPropertiesProtection.exe
To disable it for one drive:
Disable-ComputerRestore -Drive "C:"
To enable it for one drive:
Enable-ComputerRestore -Drive "C:"
There seems to be no easy one-command PowerShell way to view the drives have ComputerRestore enabled, as this does not show drive letters:
PowerShell Get-ComputerRestorePoint ^| Format-List
The above gives more detailed output than a plain PowerShell Get-ComputerRestorePoint
Deleting restore points
PowerShell does not have a built-in option to delete restore points, but vssadmin has, but calls them “shadows”.
First list them:
vssadmin list shadows
Then delete them (but be aware this will not prompt for confirmation because of the /quiet):
vssadmin delete shadows /for=C: /quiet
You can also delete them for all drives (this will not prompt for confirmation either):
vssadmin delete shadows /all /quiet
Stopping the volume shadow copy service:
net stop vss
Managing hibernation and page file
Hibernation:
powercfg.exe /hibernate off
powercfg.exe /hibernate on
Page file:
wmic pagefile list /format:list
AllocatedBaseSize=2944
CurrentUsage=0
Description=C:\pagefile.sys
InstallDate=20181018215808.683376+120
Name=C:\pagefile.sys
PeakUsage=0
Status=
TempPageFile=FALSE
wmic computersystem where name="%computername%" get AutomaticManagedPagefile
AutomaticManagedPagefile
TRUE
wmic computersystem where name="%computername%" set AutomaticManagedPagefile=False
Updating property(s) of '\\MYCOMPUTER\ROOT\CIMV2:Win32_ComputerSystem.Name="LAPTOPUW08"'
Property(s) update successful.
wmic computersystem where name="%computername%" get AutomaticManagedPagefile
AutomaticManagedPagefile
FALSE
wmic.exe pagefileset where name="C:\\pagefile.sys" delete
Deleting instance \\MYCOMPUTER\ROOT\CIMV2:Win32_PageFileSetting.Name="C:\\pagefile.sys"
Instance deletion successful.Sometimes the deletion does not work (see below for workaround):
wmic pagefile list /format:list
AllocatedBaseSize=2944
CurrentUsage=0
Description=C:\pagefile.sys
InstallDate=20181018215808.683376+120
Name=C:\pagefile.sys
PeakUsage=0
Status=
TempPageFile=FALSE
Do not do this:
wmic pagefile delete
Deleting instance \\MYCOMPUTER\ROOT\CIMV2:Win32_PageFileUsage.Name="C:\\pagefile.sys"
ERROR:
Description = Provider is not capable of the attempted operation
wmic pagefileset set name="c:\\pagefile.sys",InitialSize=0,MaximumSize=0
No Instance(s) Available.
Sometimes it still fails, so then you have to use the UI:
- Run
SystemPropertiesAdvanced.exe - Under
Performance, click onSettings - Click the
Advancedtab - Under
Virtual memory, click theChangebutton - Ensure
Automatically manage page file size for all drivesis disabled - Ensure
No paging fileis selected - Click the
Setbutton - Confirm you really want no page file
- Press on the three
OKbuttons to fully leave theAdvanced System Propertiesdialog. - Reboot
After resizing the disk, reverse the steps:
- Run
SystemPropertiesAdvanced.exe - Under
Performance, click onSettings - Click the
Advancedtab - Under
Virtual memory, click theChangebutton - Ensure
Automatically manage page file size for all drivesis enabled - Confirm you really want no page file
- Press on the three
OKbuttons to fully leave theAdvanced System Propertiesdialog. - Reboot
Bitmap file
Sometimes the file blocking the resize is the NTFS "\$BitMap::$DATA", which few defragmentation tools can move as it is the MFT Bitmap.
Background reading
- Pagefile using wmic
- Pagefile using PowerShell
- [WayBack] Page files in Server Core – The things that are better left unspoken
- Hibernation
- Restore points
- [WayBack] Script to delete System Restore Points
- [WayBack] How to Delete Individual System Restore Points in Windows? (vssadmin)
- [WayBack] Managing Restore Points with PowerShell — Microsoft Certified Professional Magazine Online
- [WayBack] Get-ComputerRestorePoint
- [WayBack] Manage System Restore from the command line – gHacks Tech News
- [WayBack] windows – Disable-ComputerRestore doesn’t turn off system protection – Stack Overflow
- System protection
- [WayBack] Enable disable system restore and service from command line
- [WayBack] How To Enable System Protection On All User Machines on A Domain using Windows Powershell. – disamTECHbench
- [WayBack] Cmdlets to Control Windows System Restore
- [WayBack] Disable-ComputerRestore
- [WayBack] Enable-ComputerRestore
- [WayBack] Turn off system restore via the command line in Windows 7 – Super User
- vssadmin (which administers VSS, which is the foundation of System Protection and Restore Points)
- NTFS
- Shrinking
- [WayBack] Windows – Cannot cannot shrink a volume beyond the point where any unmovable files are located – SomoIT.net
- [WayBack] hard drive – How can I shrink a Windows 10 partition? – Super User
- [WayBack] How to shrink a partition with unmovable files in Windows 7 – Brandon Checketts
- Consolidating NTFS free space « The Wiert Corner – irregular stream of stuff
- [WayBack] How to Get Around Windows’ “Shrink Volume” Inadequacy Problems
- [WayBack] windows 7 – How can I move the MFT to end of contiguous used space? – Super User
- [WayBack] ntfs – How do I move the physical location of $MFTMirr, to allow resizing the partition? – Server Fault
- [WayBack] The NTFS $Bitmap file – JPEG Repair | Photo Recovery | File Recovery
- [WayBack] Using DiskTuna – JPEG Repair | Photo Recovery | File Recovery
- [WayBack] DiskTuna – Free Defrag and Disk Optimization for Windows
- Event log
–jeroen
