windows 7 - What happens to files in the Recycle Bin when I delete my account?

There were two accounts on my Windows 7 computer, UserA and UserB. I had files in the Recycle Bin of UserB, then I deleted that account while logged in as UserA.

What happened to the files in UserB's Recycle Bin? How can I recover them?

Answer

Well, I don’t know for sure what happens when an account is deleted, but that’s an easy enough experiment to perform, if you have administrator access.  How can you do that experiment?  How can you recover the files?  How can you access them as a user other than the owner?

• 
  

  In a Command Prompt, cd \$Recycle.Bin and do dir/a.  You’ll get something like this:

  
  

  Directory of C:\$Recycle.Bin
  
  02/15/2015  09:13 AM              .
  02/15/2015  09:13 AM              ..
  08/13/2014  03:49 PM              S-1-5-18
  02/15/2015  09:13 AM              S-1-5-20
  05/03/2015  01:52 PM              S-1-5-21-524270083-2407456217-743395210-1000
  09/02/2015  10:56 AM              S-1-5-21-524270083-2407456217-743395210-1001
  02/07/2015  04:17 PM              S-1-5-21-524270083-2407456217-743395210-1004
  08/13/2014  12:46 PM              S-1-5-21-524270083-2407456217-743395210-500
                 0 File(s)              0 bytes
                 8 Dir(s)  123,456,789,042 bytes free
  

  
  

  These are the Recycle Bins for all the users.  If you use an elevated Command Prompt, dir/a/q will show you the owner of each folder.  On my system,

  
  
  
  
  • S-1-5-18 is SYSTEM
  
  
  • S-1-5-20 is NETWORK SERVICE
  
  
  • S-1-5-21-…-500 is the built-in Administrator account
  
  
  • S-1-5-21-…-1000 is the administrator account that I created when I initialized the system
  
  
  • S-1-5-21-…-1001 is the ordinary account for myself that I created immediately thereafter
  
  
  • S-1-5-21-…-1004 is an account for somebody else, which I created a few weeks later.
  
  
  
  

  I’ve never deleted an account on my machine, so I’m not sure, but, according to the OP, a user’s Recycle Bin folder doesn’t get deleted when the user is deleted (and neither does the home directory).  In this case, dir/a/q will report ... as the owner for file(s) and folder(s).

  
  

  You may be able to map the S-1-5-21-…- strings to user names by running Registry Editor (as administrator) and looking in HKEY_USERS.  Try these steps:

  
  
  
  
  • browse to HKEY_USERS\S-1-5-21-…\Volatile Environment and look at the values of HOMEPATH and USERPROFILE,
  
  
  • search for values named Username,
  
  
  • search for values containing /Users/UserB or \Users\UserB.
     
  
  
  
  

  The user-defined environment variables will be in HKEY_USERS\S-1-5-21-…\Environment, but this probably won’t help much, because the variables that specify pathnames are likely to be defined in terms of %USERPROFILE%.

  
  

  ---

  
  Another way to map the S-1-5-21-…- strings to user names is to run the command wmic useraccount get name,sid — you don’t even need to be privileged (elevated) to do this.  I got this output:
  

  Name            SID
  Administrator   S-1-5-21-524270083-2407456217-743395210-500
  Guest           S-1-5-21-524270083-2407456217-743395210-501
  HomeGroupUser$  S-1-5-21-524270083-2407456217-743395210-1003
  scott-admin     S-1-5-21-524270083-2407456217-743395210-1000
  scott-friend    S-1-5-21-524270083-2407456217-743395210-1004
  scott-user      S-1-5-21-524270083-2407456217-743395210-1001
  

  
  

  As I said, I’ve never deleted an account on my machine, so I don’t know whether this will list deleted accounts.

  
  

  P.S. In the above listing, I changed the names of the scott-… accounts for anonymity.  In actuality, the accounts were listed in alphabetic order (by name).

  
  


• 
  

  If you go into Windows Explorer, uncheck the “Hide protected operating system files” option in “Tools” → “Folder options …” → “View”, and go to \$Recycle.Bin, you’ll see something like this:

  
  

       

  
  

  Note that the folder that is displayed as “Recycle Bin” is actually the S-1-5-21-…-1001 folder; i.e., my Recycle Bin.  (It gets displayed that way because of its desktop.ini file.)  This folder also shows up as the Recycle Bin, on the Desktop.

  
  

Now that you know how to find another user’s Recycle Bin, you can simply

• cd into it, in an elevated Command Prompt, and copy files out.  (You may need to use xcopy, or at least something smarter than copy.)  Note: the files will not have their original names, but will have names like $A7Q42J9.DOC.  I don’t know how to recover the original names, but you may be able to do it by caveman forensics:
  
  
  
  • Look at the modification date,
  
  
  • look at the size, and
  
  
  • open it.
  
  
  
  


• Take ownership, and then access the folder in Explorer.  (I don’t know whether that will reveal the original filenames.)

And, of course, if the deleted user’s Recycle Bin folder is gone, see How do I recover or “undelete” files that I accidentally deleted? and all its relatives.  But now you know what you’re looking for.