Have you ever had the need to copy or delete files which were owned by a certain user?

The Delete-by-Owner (delbyown.exe) Command Line Utility will scan a NTFS or secure Windows Network file system for files which has an owner matching the one specified. Matched files may be copied to a designated location or deleted.

For example, you have just had a staff member leave your organisation. You would like to back up all their files, however many of them are scattered between project folders and programs across the file system. You have no idea which files were created by this user. However as this staff member has their own login, and any files created would be also be owned by them, you can search the file system for files belonging to the staff member and have them copied to a folder for safe keeping.

delbyown -c h:\backup -r -o harryc -e c:\winnt\profiles c:\*.*

On the other hand you have a public access machine and it's common for users to store files or create folders just about anywhere on the machine. You can restrict the ability to do so with normal security permissions, but you don't want to go overboard and decrease productivity. As the machine was prepared as an Administrator and all the software has been installed as Administrator you can delete all files not owned by the Administrators group. You could choose to schedule this action on a regular basis.

delbyown -d -r -o !Administrators -e c:\winnt\profiles c:\*.*

Usage

The Delete-by-Owner utility has the following settings:

Delete/XCopy by Owner V1.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Usage: delbyown -c [path] -r -o [owner] -e [exclude path] file
       delbyown -d -r -o [owner] -e [exclude path] file
       delbyown -t -r -o [owner] -e [exclude path] file
        -c    Copy Files to [destination path.]
        -d    Delete Files.
        -t    Test/Display files matching owner.
        -e    Exclude [Directory].
        -o    Owner [Account/Group Name].
                Accepts not operator e.g. !Administrators
        -r    Recursive.

The -c copy, -d delete and -t test switches control what operation will be performed. The test switch simply displays the files that match the owner and is a good way of viewing what files will be targeted or simply as to find which files are owned by a certain user.

Quite often you may wish to exclude a directory. e.g if you are deleting stray files which public users have created, you may wish to skip the users' profile. For example c:\winnt\profiles may be excluded on Windows NT machines, and c:\Document and Settings from Windows 2000 and Windows XP Workstations.

The -o switch specifies the owner of the file to match against. All operating system files are normally owned by the Administrators group. As the utility accepts the not operator, you may choose to use -o !Administrators to delete all files not owned (i.e not installed) by the Administrator. This should be a good start to tiding up the machine up.

If no -o switch is specified, the utility will retrieve the security descriptor for all the files, but will not match it with an owner and subsequently perform any operations. This is a good way to test for any corrupt security descriptors. They should be reported with a message such as

Error 0x539 : The security ID structure is invalid.

The utility accepts all the normal wildcards. You may choose to only delete *.doc files owned by cpeacock e.g.

delbyown -d -r -o cpeacock c:\*.doc

delbyown -d -r -o cpeacock "c:\Program Files\"

The -r recursive switch should be self explanatory. It allows the utility to search in any subdirectories it finds.

Revision History
• 5th June 2003 - Version 1.02
• Improved parsing of path/file/wildcards.
• Changed "Deleting files matching" to accurately display action whether it be deleting, testing or copying.
• 2nd May 2003 - Version 1.01
• Improved error reporting for corrupt security descriptions, unnamed accounts/groups etc
• 22nd April 2002 - Version 1.00
• First release to public.

• Trust-No-Exe - An executable filter for Windows NT/2000/XP
  Allow users to run trusted applications from defined directories, while preventing the execution of non-trusted programs from floppy disk and CDROM drives or from the users e-mail attachment directory. Stop PE viruses in their tracks where on Windows platforms year, nine out of ten of the top viruses were spread via e-mail.
  
  
• Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP
  Want a command line utility to view, kill, suspend or set the priority or affinity of processes, perhaps from a batch file? Kills rouge processes where Window's Task Manager fails.
  
  
• BeyondExec - Spawn Processes and/or Shutdown Remote Windows NT/2000/XP WorkStations.
  Have you ever wanted to run a process such as an application installer, service pack, virus signature update etc or shutdown a single or group of remote computers without having the burden of installing any remote client on your target computers?
  
  
• Bmail - Command Line SMTP Mailer for Batch Jobs
  Bmail is a free but lean command line SMTP mail sender. Bmail allows the user to automate the sending of email messages containing log files, data downloads or error messages on Win32 based computers.
  
  
• PortTalk - A Windows NT/2000/XP I/O Port Device Driver
  A problem that plagues Windows NT/2000/XP, is it's strict control over I/O ports. Unlike Windows 95, 98 or ME, Windows NT/2000/XP will cause an exception (Privileged Instruction) if an attempt is made to access an I/O port that your program is not privileged to access. The PortTalk driver allows existing programs to access selected I/O ports.