A recent conversation with a network administrator brought up what at first I thought was a data-security concern on Windows XP and Windows 2000 client systems. The administrator was worried about the fact that users can pull data from shared computers' Recycle Bins and wanted to be sure that items he deleted were actually deleted.
We started talking about third-party products that would delete files permanently (I use the Incinerator applet from Iolo Technologies' System Mechanic software—see URL below—to do secure deletes). However, I quickly realized that he wasn't really concerned about someone scanning his disks for deleted files but about the fact that files put into the Recycle Bin aren't immediately deleted. He had discovered that, whenever corporate demanded that users clean up their hard drives, some users simply moved files temporarily to the Recycle Bin, then retrieved them later.
I explained that he could configure the Recycle Bin to delete files immediately upon receiving them (right-click the Recycle Bin, click Properties, and select the "Do not move files to the Recycle Bin. Remove files immediately when deleted" check box). I also told him that certain types of deletes bypass the Recycle Bin by default: When you delete a file from a share that's on removable media on another computer or when you use the Del command from the command line to delete a file, the file is gone for good.
Being a regular reader of my columns, the administrator asked whether I knew of a way to use the registry to force the Recycle Bin to immediately delete files. Because he has a mix of XP and Win2K clients, I looked for one entry that works on both OSs. I found that a subkey exists by default on XP systems and that you can add the subkey to Win2K systems to accomplish the direct-delete action.
To configure an XP or Win2K registry so that the system bypasses the Recycle Bin and deletes the files directly, follow these steps:
- Launch regedit.
- Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket.
- Change the NukeOnDelete value to 1 to enable immediate deletion or to 0 to disable immediate deletion (i.e., to turn the Recycle Bin back on). If the NukeOnDelete value doesn't exist, create it as a DWORD value.
Users can cache a lot of data in your Recycle Bins, especially if you have multigigabyte hard drives. Even 1 percent of a 30GB drive is 300MB of garbage files. And remember that, by default, the Recycle Bin can use as much as 10 percent of the space on a hard drive. Do you really want that much old stuff cluttering up your system?
