Skip navigation

JSI Tip 2179. You must be a local Administrator to run the Windows 2000 defragmenter.

If an ordinary user attempts to Analyze or Defragment a disk drive, they receive:

Disk Defragmenter

You must have Administrator privileges to defrag a volume.

You could log them off and do it for them, or you can leave them logged on and type:

runas /user:[email protected] "mmc dfrg.msc"

You will be prompted for the Administrator's password.

You can also schedule the job:

AT \\ComputerName 5:00pm /interactive /every:f c:\winnt\system32\dfrg.msc

This command starts the defragmenter console on \\ComputerName. Because you are a domain admin, the console is started with administrative privileges. The user can then select the drive and Defragment it, but they can't do anything else with these privileges.

You can also create a batch job that contains all the Windows 2000 computer names:

AT \\ComputerName1 5:00pm /interactive /every:f c:\winnt\system32\dfrg.msc
AT \\ComputerName2 5:00pm /interactive /every:f c:\winnt\system32\dfrg.msc
AT \\ComputerName3 5:00pm /interactive /every:f c:\winnt\system32\dfrg.msc
AT \\ComputerName4 5:00pm /interactive /every:f c:\winnt\system32\dfrg.msc

NOTE: Simon Zuckerbraun pointed out a serious security flaw with the above advice. A user can gain administrative privileges by performing the following actions:

1. Press Analyze.

2. When the analysis finishes, press View Report.

3. Press Save As.

4. Browse to %SystemRoot%\System32.

5. Select All Files (*.*) in the Save as type dropdown box.

6. Scroll the file list so that CMD.EXE is visible.

7. Right-click CMD.EXE and press Open.

8. The CMD.EXE window has privileges.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.