Determining the Size of a Folder without Access or Permissions

Imagine you need to determine the size of a directory, but you do not have access to it and cannot change the permissions, either. Such a situation is common with Windows user profiles. This article shows how to deal with it.

Determine Folder Size

There are several ways to determine the size of a directory from the command line. But the possibly obvious choice, the command diruse.exe, cannot be used with user profiles – like many other tools it does not know how to handle the directory junctions in V2 profiles.

Of course, there is always the possibility of rolling your own, for example as a PowerShell script. But it is much easier (and also less error-prone) to resort to a proven tool like the Sysinternals interpretation of the popular Unix tool du. Usage is simple:

C:\temp>du -q c:\Users\test
Files:        281
Directories:  174
Size:         25.127.247 bytes
Size on disk: 25.127.247 bytes

There is only one problem with du: it cannot bypass security and count every file regardless of permissions. Basically you only see what you are allowed to see. Here is an interesting way around that limitation, using robocopy’s ability to list every file in backup mode:

C:\temp>robocopy c:\users\test c:\dummy /l /xj /e /nfl /ndl /njh /r:0 /b
               Total    Copied   Skipped  Mismatch    FAILED    Extras
    Dirs :       175       158        17         0         0         0
   Files :       281       281         0         0         0         0
   Bytes :   23.96 m   23.96 m         0         0         0         0
   Times :   0:00:00   0:00:00                       0:00:00   0:00:00
   Ended : Thu Apr 28 22:40:35 2011

Do you know of other ways to calculate a directory’s size without having access to it? Let us know!


2 Responses to Determining the Size of a Folder without Access or Permissions

  1. Kenny Carlsson November 28, 2014 at 12:01 #

    I usually start a tool like Spacemonger or similar as Local System, using psexec to accomplish that, although I’m not 100% sure it handles junctions

    A more professional approach would be to use the builtin File Server Resource Manager to create reports.

  2. Stanvy August 15, 2015 at 23:18 #

    To be able to list all the folders and files without having permissions, you have to adjust the security token of the process/thread and enable “SeBackupPrivilege” privilege for it.

    Just for simplicity of demo, this VBS (run as admin) script will run “cmd.exe” with this privilege enabled:
    Set Process = GetObject(“winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2:Win32_Process”)
    Process.Security_.Privileges.AddAsString “SeBackupPrivilege”, True
    Process.Create “cmd.exe”, Null, Null, ProcessID

    First step to ensure it’s here is to run “whoami /priv”. Next one – open any “browser capable” application, except “explorer.exe” itself (for example, notepad) and check the content of the folder that you normally don’t have access to.

Leave a Reply