Enable Recycle Bin on mapped network drives

A few years ago I discovered how redirected user profile folders in Windows get Recycle Bin protection, even when the folders are redirected to a network location. This was a huge find for me, and I used this feature to add Recycle Bin coverage to some of my mapped network drives. I shared this information on another forum here:

http://forums.mydigitallife.info/threads/16974-Tip-Network-Recycle-bin

Today I figured out a better way to achieve the same goal that doesn't rely on user profile folder redirection, and am sharing that information for other users to try out. You might want to take a look at these forum topics for additional information:

The standard disclaimer applies - this might break stuff. I've only tested in Windows 8, and my testing is limited. Try this at your own risk.

This is what I've learned (or think I've learned - I might be wrong):

  • Windows Vista and later store the configuration settings for the Recycle Bin for redirected user profile folders in this registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\KnownFolder
  • Under this key are separate keys for each redirected folder that is protected by the Recycle Bin. The keys contain the configuration information for each protected folder, and are named to match the GUIDs for "Known Folders." A list of the Known Folder to GUID mappings is available in one of the links above.
  • The registry also contains a list of "known folders" at this location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions

So, I reasoned that if I could create my own custom "known folder," I could add that to the list of folders that were protected by the Recycle Bin and protect any mapped network drive I wanted. So I looked at the list of existing "known folders" and created a key that was similar to the Documents key. I then fiddled with the values in the key until I narrowed it down to the minimum number needed to make the recycle bin work.

This .reg file will protect a mapped X: drive with a ~50GB recycle bin. You should modify the file to fit your needs:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9147E464-33A6-48E2-A3C9-361EFD417DEF}]
"RelativePath"="X:\\"
"Category"=dword:00000004
"Name"="XDrive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\KnownFolder\{9147E464-33A6-48E2-A3C9-361EFD417DEF}]
"MaxCapacity"=dword:0000c7eb
"NukeOnDelete"=dword:00000000

A few things of note:

  • The GUID in the above .reg file {9147E464-33A6-48E2-A3C9-361EFD417DEF} came from this PowerShell command: "{"+[guid]::NewGUID().ToString().ToUpper()+"}"
  • Each "known folder"/Recycle Bin combination requires a unique GUID. If you don't want to use PowerShell to generate a GUID, you can use an online GUID generator.
  • I don't know what the "Category" value does, but the key I copied had it set to 4, and that works, so I didn't test any other values.
  • The "Name" value is required, but is not the name that will be shown if you right-click on the Recycle Bin and select properties. (At least not in my environment.) In my environment, the name that is shown is the name of the network drive.
  • Making this change adds a "Location" tab to the properties page of your mapped network drives. I suspect this could be removed by changing the "Category" value, but didn't bother to find out.
  • I only tested with mapped network drives. I suspect this would work with UNC paths as well, but I didn't bother testing.

I hope you're as excited to find this as I was to figure it out. Let me know if this works for you. I now plan to deploy the registry keys with Group Policy Preferences and will update this forum post with any information I discover.

Best regards

--Russel

Update: I am now using Group Policy Preferences to deploy the needed registry keys, and all my mapped network drives are now protected by the recycle bin.

Update 2: I have tested now with UNC paths, and this works fine. I still use mapped network drives, but if your environment requires UNC paths instead, you can use them. Note however that if you have a mapped network drive that points to a UNC path, and you protect the UNC path with a registry change, if a user deletes a file from the mapped network drive that points to that UNC path, the file will be permanently deleted. See below for more details.


October 3rd, 2013 9:27am

Hello,

Thanks for sharing this.

But under Win7 it does not work.

Although your previous trick (http://forums.mydigitallife.info/threads/16974-Tip-Network-Recycle-bin) works better, but with the only limitation that once you move the folder to another location (ex savedGame moves from M:\ to N:\) the original mounted drive (M:\) is not longer protected with the recycled bin.

I played with the Shell Folder entry in the registry but this had no influence.

Laurent

Free Windows Admin Tool Kit Click here and download it now
April 14th, 2014 2:00am

I just built a Windows 7 VM and tested it. Everything worked fine. I'm using Group Policy Preferences from my domain to push the registry settings to my clients, so I know the settings are exactly the same a what my Windows 8.1 clients have.

--Russel

April 14th, 2014 4:02pm

Bravo to you for uncovering functionality that actually works.  I love this kind of stuff.

I don't have time to experiment with it yet, but I will.  For now, some questions...

Did you get it to work with UNC paths?  How do the registry entries (e.g., RelativePath) have to differ in order to accomplish that?

Also, when you do Properties on the Recycle Bin namespace (in the Navigation - left - pane of Explorer), do your "new" recycle bins show up there?  And once established can that dialog be used to change the max size?

 

Might the Category entry set the "Optimize this folder for" setting to "General items", which will affect how Explorer displays it?  That's just a guess.

Good job figuring this stuff out!

 

Free Windows Admin Tool Kit Click here and download it now
April 14th, 2014 4:28pm

I restart of the PC was needed ! Now it works fine.
April 15th, 2014 3:56pm

Hi Noel,

Thanks for the compliment. It works fine with UNC paths. Just change the RelativePath from X:\ to \\fileserver\share. (If you use a .reg file as in the example above, you'll have to escape the back slashes, so probably \\\\fileserver\\share would be correct.)

One caveat when using UNC paths vs drive letters: Suppose your users have z:\ mapped to \\fileserver\share, and you have the UNC path protected with the recycle bin. If a user deletes a file from the mapped drive, it will be permanently deleted. I haven't experimented with using 2 registry settings for the same location - one with a mapped drive letter and one with a UNC path, but I suspect it would work just fine.

When I display the Recycle Bin properties, I get a regular window listing my network locations (X: and Y:) along with all the redirected profile folders. It works just like normal. But in my case, since my settings are defined by Group Policy Preferences, any changes I make here get overwritten by Group Policy.

As for the "Catergory" entry, I never bothered to find out. Once I got it working, I just called it good.

Best regards,

-Russel

Free Windows Admin Tool Kit Click here and download it now
April 16th, 2014 8:18am

This is what I do as a domain policy.

On the DC I already have various logon batch files set up in the User Configuration\policies\Windows settings\Scripts which typically have things like

net use r: \\hv1\company_docs

Rather than scattering new policies around, I've simply added to this batch file, for this drive:

rem add company_docs to local recycle bin
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{BB6CC368-07C4-4EF1-B600-6BBF588505A6}  /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{BB6CC368-07C4-4EF1-B600-6BBF588505A6} /v RelativePath /t REG_SZ /d R:\  /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{BB6CC368-07C4-4EF1-B600-6BBF588505A6} /v Category /t REG_DWORD /d 00000004  /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{BB6CC368-07C4-4EF1-B600-6BBF588505A6} /v Name /t REG_SZ /d RDrive  /f

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\KnownFolder\{BB6CC368-07C4-4EF1-B600-6BBF588505A6} /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\KnownFolder\{BB6CC368-07C4-4EF1-B600-6BBF588505A6} /v MaxCapacity /t REG_DWORD /d 0000c7eb /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\KnownFolder\{BB6CC368-07C4-4EF1-B600-6BBF588505A6} /v NukeOnDelete /t REG_DWORD /d 00000000 /f

This seems to work perfectly (on Win 7 clients), so thankyou for a brilliant solution.

One minor thing: Since I haven't created an equivalent logoff script to remove these registry entries, what I don't know is what happens on logins after the first one.  There doesn't seem to be any unexpected effects, I suppose reg add just fails silently if the keys already exist.

Richard




  • Edited by richardmh Thursday, May 29, 2014 10:27 AM
May 29th, 2014 12:27pm

Hi there,

i justed tried to do the trick but i get an Access denied error when i delete something on the Network drive.
What can i do? Someone else had this issue?

Martin

Free Windows Admin Tool Kit Click here and download it now
September 25th, 2014 7:34am

I haven't had the issue you're describing. How are your share permissions and NTFS permissions? On my shares, I enable Change and Read for Everyone. At the NTFS level, I grant Modify permissions to the security group that controls access to the share. Also, what is hosting your shares? I've only tried this with a Windows machine hosting my shares - never on a NAS or other storage device.

--Russel

September 26th, 2014 4:09pm

Great find.

What about non-Windows clients hitting a Windows Server share via Samba, i.e. Macs? We're getting more and more Mac users and after another Mac user just deleted an entire directory that we had to restore I need to see about getting this to work with all clients.

thanks!

Free Windows Admin Tool Kit Click here and download it now
October 14th, 2014 6:59pm

The actual recycle bin is a function of the clients. I don't know of any way to make a Linux or Mac client support a network recycle bin.
October 15th, 2014 9:59am

The script works great with clients on windows 7, iuse it on a production environment with Samba4.

The problem its, XP dont do nothing with the script, this not works on xp clients i think.

Any suggestions?.

Another problem its the users pemissions, users need permission for write the registry of local machine.

For Linux search for samba vfs-objects recycle, it can help you.

Sorry for my language, im speak spanish.



Free Windows Admin Tool Kit Click here and download it now
November 18th, 2014 6:07pm

Hi Patocius,

I don't know of any answer for Windows XP clients. I don't think it will work because I don't think XP supports it. I think only Vista and later do.

--Russel

November 19th, 2014 4:43pm

Hi there,

i justed tried to do the trick but i get an Access denied error when i delete something on the Network drive.
What can i do? Someone else had this issue?

Martin

Reinitializing the offline file cache might solve this issue:
http://support.microsoft.com/kb/230738

Even though the article was written for XP, the registry entry works in Windows 7:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache
Key Name: FormatDatabase
Key Type: DWORD
Key Value: 1


Free Windows Admin Tool Kit Click here and download it now
December 18th, 2014 7:49pm

Russel

Great article, weve loved the Recycle Bin feature with our redirected folders but always wondered if we could protect any network file and this article shows some interesting ideas.

What isnt clear to us is how the MaxCapacity setting works.  Does this pre-allocate/set aside that much storage on the network drive for the Recycle Bin? Or does it just say that the Recycle Bin can hold up to that amount (without carving out and holding that space basically reducing the amount of storage available on the network drive)?

Also, what we found in our environment is that if we have 100 users that have the same network mapped drive (same UNC and drive letter) and pushing out the registry settings in HKLM & HKCU to enable Recycle Bin functionality for this network drive, that it creates a shared network Recycle Bin across all users. The net effect being each individuals Recycle Bin contains their own deleted files from their redirected folders along with _everyones_ deleted files from the common network drive.  It didnt seem to matter if all users had the same made up GUID or if they each had their own GUID pair, in both cases, If a user deletes a file from the network drive (from anywhere but a redirected folder) that file will show up in that users conglomerated view in their Recycle Bin, and that files will show up in the Recycle Bin for all of the other users. It makes for a very full and busy Recycle Bin for everyone (not to mention many users asking why files they didnt delete are in their Recycle Bin). Did you run across this in your environment?

December 18th, 2014 8:06pm

Russel

Great article, weve loved the Recycle Bin feature with our redirected folders but always wondered if we could protect any network file and this article shows some interesting ideas.

What isnt clear to us is how the MaxCapacity setting works.  Does this pre-allocate/set aside that much storage on the network drive for the Recycle Bin? Or does it just say that the Recycle Bin can hold up to that amount (without carving out and holding that space basically reducing the amount of storage available on the network drive)?

Also, what we found in our environment is that if we have 100 users that have the same network mapped drive (same UNC and drive letter) and pushing out the registry settings in HKLM & HKCU to enable Recycle Bin functionality for this network drive, that it creates a shared network Recycle Bin across all users. The net effect being each individuals Recycle Bin contains their own deleted files from their redirected folders along with _everyones_ deleted files from the common network drive.  It didnt seem to matter if all users had the same made up GUID or if they each had their own GUID pair, in both cases, If a user deletes a file from the network drive (from anywhere but a redirected folder) that file will show up in that users conglomerated view in their Recycle Bin, and that files will show up in the Recycle Bin for all of the other users. It makes for a very full and busy Recycle Bin for everyone (not to mention many users asking why files they didnt delete are in their Recycle Bin). Did you run across this in your environment?

Hi,

I don't think the MaxCapacity setting pre-allocates any storage. It just lets the recycle bin grow to that size before automatically deleting files, but I haven't tested this.

As far as the "shared" recycle bin goes, I have the same issue, but at a much smaller scale. I haven't implemented this in a production environment - just my home, so I only see files deleted by members of my family. I think the best you could do would be to create one recycle bin per share and have one share per department. Or you might be able to create a recycle bin for folders deeper down the file tree, but I'm not sure.

Consider this scenario:

  • You setup a file server with \\server\share
  • You create the registry keys to protect \\server\share
  • You create a folder in \\server\share\department\otherFolder
  • You create a separate registry key to protect the \\server\share\department\otherFolder path

In this scenario, I don't know what would happen. When a file from \\server\share\department\otherFolder get deleted, it might get moved to the recycle bin all the way up at the share, or all the way down in the otherFolder. I also don't know what kind of permissions would be required to clean out the recycle bin, or whose machine winds up doing the cleaning.

I suspect you could find some combination of settings that would create a unique recycle bin for each share, but I just haven't tried to find the answer.

--Russel

Free Windows Admin Tool Kit Click here and download it now
December 19th, 2014 9:10am

Thank you for your reply Russel, I didnt mention this in the previous post, but we did try creating the Recycle Bins at the network user-folder path instead of the root.  See the 2 examples below for the results.

Example 1: Network Recycle Bins
\\server\share\user\documents (from folder redirection)

\\server\share (manually created)

-      IIn this case (as mentioned in the previous post), everyone ends up having a shared Recycle Bin, so everyone sees all of the files other people have deleted in their own conglomerated view when they look in their Recycle Bin.  This leads to a very busy and full Recycle Bin and end users raising questions why files they didnt delete show up in their Recycle Bin.

Example 2: Network Recycle Bins

\\server\share\user\documents (from folder redirection)

\\server\share\user (manually created)

-      IIn this case, users do end up with their own conglomerated view in their Recycle Bin (i.e., no more seeing all the files other people have deleted), BUT there are 2 negatives to this configuration:

  • Only files within the folder \\server\share\user are protected with Recycle Bin, so other common folders in the root of the share arent protected via Recycle Bin.
  • And when files are deleted from \\server\share\user\documents, because they are protected twice by the Recycle Bin (once from folder redirection and once from the manually created Recycle Bin at the user-folder level), 2 copies of the deleted files appear in the conglomerated view of the Recycle Bin.  This lead to users asking why they had duplicate files showing up for the majority of files they deleted.  They often got confused thinking there were different versions of the files instead of duplicates.

December 23rd, 2014 7:01pm

I am also getting an access error, on computers not using offline files. What is the best way to undo the registry entries (too much time has passed to restore the registry) ?

Thanks.


  • Edited by crewlaw 7 hours 54 minutes ago
Free Windows Admin Tool Kit Click here and download it now
February 17th, 2015 10:27pm

I am also getting an access error, on computers not using offline files. What is the best way to undo the registry entries (too much time has passed to restore the registry) ?

Thanks.


  • Edited by crewlaw Wednesday, February 18, 2015 3:49 AM
February 18th, 2015 3:23am

FANTASTIC work Russel !
This is extremely helpful.

I've turned your work into a Bat Script that will automatically make the reg file.
It creates a unique guid each time it is run, so no worries on overlaps.

Just copy and paste the following into notepad
and save it as "Network Recycling Bin - auto make registry file.bat"

echo off
REM ========== MAIN FUNCTION  ========================
 
Call :CreateREGfile
PAUSE
goto :eof
 
 
 
 
REM ========== SUB FUNCTIONS  ========================
 
:CreateREGfile
set /p RelativePath=Enter current mapped path of drive (e.g. X:\FileShare\D_Drive):
REM replace \ with \\ (for reg value its a requirement)
Set RelativePath=%RelativePath:\=\\% 
 
 
set /p MaxBinSize_Dec=Enter max size (in mb) (eg 11gb=11000):
call :toHex %MaxBinSize_Dec% MaxBinSize_Hex
 
 
Set outputREG="Network Recycling Bin - %RelativePath:~0,1% Drive (%MaxBinSize_Dec%mb).reg"
 
 
call :MakeGUID_VBS NewGUID
REM echo My new GUID : %NewGUID%
 
 
echo Windows Registry Editor Version 5.00 > %outputREG%
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\%NewGUID%] >> %outputREG%
echo "RelativePath"="%RelativePath%" >> %outputREG%
echo "Category"=dword:00000004 >> %outputREG%
echo "Name"="NetworkDrive2RecyclingBin_%NewGUID:~1,5%" >> %outputREG%
      REM The "Name" value is required, but is not the name that will be shown if you right-click on the Recycle Bin and select properties. That will be autoset to the network drive name.
echo.>> %outputREG%
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\KnownFolder\%NewGUID%>> %outputREG%
echo "MaxCapacity"=dword:%MaxBinSize_Hex% >> %outputREG%
echo "NukeOnDelete"=dword:00000000 >> %outputREG%
goto :eof
 
 
 
:MakeGUID_VBS
echo set obj = CreateObject("Scriptlet.TypeLib") > TEMP_generateGUID.vbs
echo WScript.Echo obj.GUID >> TEMP_generateGUID.vbs
FOR /F "usebackq tokens=*" %%rin (`CSCRIPT "TEMP_generateGUID.vbs"`)DO SET RESULT=%%r
set %1=%RESULT%
 
del TEMP_generateGUID.vbs
goto :eof
 
 
:toDec
:: todec hex dec -- convert a hexadecimal number to decimal
::             -- hex [in]      - hexadecimal number to convert
::             -- dec [out,opt] - variable to store the converted decimal number in
SETLOCAL
set /a dec=0x%~1
( ENDLOCAL & REM RETURN VALUES
    IF "%~2" NEQ "" (SET %~2=%dec%)ELSE ECHO.%dec%
)
EXIT /b
 
 
:toHex
:: eg  call :toHex dec hex -- convert a decimal number to hexadecimal, i.e. -20 to FFFFFFEC or 26 to 0000001A
::             -- dec [in]      - decimal number to convert
::             -- hex [out,opt] - variable to store the converted hexadecimal number in
::Thanks to 'dbenham' dostips forum users who inspired to improve this function
:$created 20091203 :$changed 20110330 :$categories Arithmetic,Encoding
:$source http://www.dostips.com
SETLOCAL ENABLEDELAYEDEXPANSION
set /a dec=%~1
set "hex="
set "map=0123456789ABCDEF"
for /L %%Nin (1,1,8)do (
    set /a "d=dec&15,dec>>=4"
    for %%Din (!d!)do set "hex=!map:~%%D,1!!hex!"
)
rem !!!! REMOVE LEADING ZEROS by activating the next line, e.g. will return 1A instead of 0000001A
rem for /f "tokens=* delims=0" %%A in ("%hex%") do set "hex=%%A"&if not defined hex set "hex=0"
( ENDLOCAL & REM RETURN VALUES
    IF "%~2" NEQ "" (SET %~2=%hex%)ELSE ECHO.%hex%
)
EXIT /b
 
 
:eof
  • Edited by WillTurner 21 hours 37 minutes ago formatting
Free Windows Admin Tool Kit Click here and download it now
April 6th, 2015 5:32am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics