Trouble Deleting Files Inside System32

Ok, I need some help. My coworker threatened to write something for me in VBscript since I haven’t been able to crack this. I really don’t want that to happen. :wink:

My goal is to delete out-of-date Adobe Flash files from C:\Windows\System32\Macromed\Flash. I can do this remotely just fine, but we have implemented a script to take care of several things, one of which is to take care of Flash if it is out-of-date by removing the files. When it runs as a scheduled task, I get an error that “Access to the path is denied.” My first round of googling says that I need to take ownership which I did with Icacls, but no luck afterward, same error. Has anyone seen this behavior before? Is there a bug I am running into? This is running on Windows 7+ with PowerShell 5.1

My code segment is below:

#// Adobe Flash Player <= 32.0.0.156 (APSB19-19) (123938)
$FileVersion = $null
$AppInfo = $null
$PluginID = "123938"
$PluginDescription = "Adobe Flash Player <= 32.0.0.156 (APSB19-19)"
$Product = "Adobe Flash Player 32 NPAPI"
[System.Version]$FixedVersion = "32.0.0.171"
$files = @()
$files += Get-ChildItem -Path "C:\Windows\System32\Macromed\Flash\Flash.ocx"
$files += Get-ChildItem -Path "C:\Windows\system32\Macromed\Flash\" -filter "Flash64*.ocx"
$files += Get-ChildItem -Path "C:\Windows\system32\Macromed\Flash\" -filter "Flash64*.dll"
$files += Get-ChildItem -Path "C:\Windows\system32\Macromed\Flash\" -filter "Flash64*.exe"
$files += Get-ChildItem -Path "C:\Windows\system32\Macromed\Flash\" -filter "NPSWF64*.ocx"
$files += Get-ChildItem -Path "C:\Windows\system32\Macromed\Flash\" -filter "NPSWF64*.dll"
$files += Get-ChildItem -Path "C:\Windows\system32\Macromed\Flash\" -filter "NPSWF64*.exe"

$filesRemoved = @()
$filesErrored = @()

ForEach ($file in $files) {
$FileVersion= [System.Version]$file.versioninfo.fileversion.replace(’,’,’.’)
If ($FileVersion-lt$FixedVersion) {
$test= icacls $file.fullname/SETOWNER “NT AUTHORITY\SYSTEM”
$file.Delete()

    if(Test-Path-path $file.fullname){
        Send-MailMessage-Subject "Remediation Status - $hostname"-To $NotifyList-Body "$($remerr.exception) $test"-From "email@org.org"-SmtpServer "server.org.org"
        $filesErrored+=$file
    }else{
        $filesRemoved+=$file
    }
}

}
if($filesRemoved -or $filesErrored){
Send-MailMessage-Subject “Remediation Status - $hostname”-To $NotifyList-Body “Host Name: $hostname`n`rNessus Plugin ID: $PluginID`n`rDescription: $PluginDescription`n`rSuccess: $($filesRemoved.fullname)`n`rError: $($filesErrored.fullname)`n`rAll wrapped up here, sir. Will there be anything else?”-From “email@org.org”-SmtpServer “server.org.org
}

This was the error from trying to remove the file. I previosuly used remove-item instead of the .Delete() method.

System.ArgumentException: Access to the path is denied.

at System.IO.FileSystemInfo.set_Attributes(FileAttributes value)

at Microsoft.PowerShell.Commands.FileSystemProvider.RemoveFileSystemItem(FileSystemInfo fileSystemInfo, Boolean force)