Sometimes an NTFS shrink still fails, even though you use the built in Windows defragmentation tools, of SysInternals contig tool.
The best you can do is to follow the steps in:
- run
diskmgmt.msc to try shrinking the disk, then often it is already in the error message: “You can’t shrink a volume beyond the point where any unremoveable files are located see the defrag event in application log for detailed information about the operation when it has completed.”
- use
eventvwr.exe and look at the Windows Logs for the most recent Application entries that has Source set to defrag
Those defrag entries usually tell about the last file that could not be moved.
You can use wevtutill to query events on the commandline.
Note that contrary to [WayBack] WEVTUTIL – Windows CMD – SS64.com documentation, the option /rd cannot be expanded to /reversedirection , as you will get an error “invalid option reversedirection” – Google Search.
For querying the above defrag event, use this command line (replace /format:XML with /format:text for more readable but also more verbose output):
wevtutil query-events Application /count:2 /format:XML /rd:true /query:"*[System[(EventID=259)]]"
On Windows 10, this is often caused by “System Protection” which locks files under C:\Recovery, but I have also seen $BITMAP, $MFT and $DATA entries.
System protected drives
To view which drives are currently used for system protection (this opens the “System Properties” dialog focussed on the “System Protection” tab):
SystemPropertiesProtection.exe
To disable it for one drive:
Disable-ComputerRestore -Drive "C:"
To enable it for one drive:
Enable-ComputerRestore -Drive "C:"
There seems to be no easy one-command PowerShell way to view the drives have ComputerRestore enabled, as this does not show drive letters:
PowerShell Get-ComputerRestorePoint ^| Format-List
The above gives more detailed output than a plain PowerShell Get-ComputerRestorePoint
Deleting restore points
PowerShell does not have a built-in option to delete restore points, but vssadmin has, but calls them “shadows”.
First list them:
vssadmin list shadows
Then delete them (but be aware this will not prompt for confirmation because of the /quiet):
vssadmin delete shadows /for=C: /quiet
You can also delete them for all drives (this will not prompt for confirmation either):
vssadmin delete shadows /all /quiet
Stopping the volume shadow copy service:
net stop vss
Managing hibernation and page file
Hibernation:
powercfg.exe /hibernate off
powercfg.exe /hibernate on
Page file:
wmic pagefile list /format:list
AllocatedBaseSize=2944
CurrentUsage=0
Description=C:\pagefile.sys
InstallDate=20181018215808.683376+120
Name=C:\pagefile.sys
PeakUsage=0
Status=
TempPageFile=FALSE
wmic computersystem where name="%computername%" get AutomaticManagedPagefile
AutomaticManagedPagefile
TRUE
wmic computersystem where name="%computername%" set AutomaticManagedPagefile=False
Updating property(s) of '\\MYCOMPUTER\ROOT\CIMV2:Win32_ComputerSystem.Name="LAPTOPUW08"'
Property(s) update successful.
wmic computersystem where name="%computername%" get AutomaticManagedPagefile
AutomaticManagedPagefile
FALSE
wmic.exe pagefileset where name="C:\\pagefile.sys" delete
Deleting instance \\MYCOMPUTER\ROOT\CIMV2:Win32_PageFileSetting.Name="C:\\pagefile.sys"
Instance deletion successful.
Sometimes the deletion does not work (see below for workaround):
wmic pagefile list /format:list
AllocatedBaseSize=2944
CurrentUsage=0
Description=C:\pagefile.sys
InstallDate=20181018215808.683376+120
Name=C:\pagefile.sys
PeakUsage=0
Status=
TempPageFile=FALSE
Do not do this:
wmic pagefile delete
Deleting instance \\MYCOMPUTER\ROOT\CIMV2:Win32_PageFileUsage.Name="C:\\pagefile.sys"
ERROR:
Description = Provider is not capable of the attempted operation
wmic pagefileset set name="c:\\pagefile.sys",InitialSize=0,MaximumSize=0
No Instance(s) Available.
Sometimes it still fails, so then you have to use the UI:
- Run
SystemPropertiesAdvanced.exe
- Under
Performance, click on Settings
- Click the
Advanced tab
- Under
Virtual memory, click the Change button
- Ensure
Automatically manage page file size for all drives is disabled
- Ensure
No paging file is selected
- Click the
Set button
- Confirm you really want no page file
- Press on the three
OK buttons to fully leave the Advanced System Properties dialog.
- Reboot
After resizing the disk, reverse the steps:
- Run
SystemPropertiesAdvanced.exe
- Under
Performance, click on Settings
- Click the
Advanced tab
- Under
Virtual memory, click the Change button
- Ensure
Automatically manage page file size for all drives is enabled
- Confirm you really want no page file
- Press on the three
OK buttons to fully leave the Advanced System Properties dialog.
- Reboot
Bitmap file
Sometimes the file blocking the resize is the NTFS "\$BitMap::$DATA", which few defragmentation tools can move as it is the MFT Bitmap.
Background reading
–jeroen
Like this:
Like Loading...
