The file attributes are a set of codes that lets users see, read, or modify a file by their group rights...
Every once in a while I get a question on why some folders/files are visible and some are transparent with Windows Explorer.
The ones that are visible you can list, read,
execute, and maybe modify. Those that are transparent you can only see them, you can't use
or open them because your ID doesn't have the 'rights' to do anything with them.
The way the security works with Windows is like this:
Access is controlled by the Group your user ID is in.
- Users normally can list, read, execute most files.
- Guest should be disabled for all access.
- Power Users possess most administrative powers with some restrictions.
- Administrators has Full Control of all files.
The file attributes on files are:
- Read Only - Set this to keep a file from being changed.
- Archive - The archive is set when a backup program backs up the file, if the file is changed then the Archive bit is removed.
- Compressed - Compressing a file removes and replaces characters that are reoccurring or open space.
- Hidden - Hidden files are files that the OS or Administrator doesn't want anyone changing, deleting, or moving.
- System - Normally the installer program will set this bit, designates a file that the OS needs, some files in the Windows directory will have this bit set.
- Users - For the Local Computer, has limited rights that allows for the Logged On User to read most files, may have rights to change some files.
- Domain Users - For Users in a Domain, same rights as Local Computer, also with rights in the Domain, used for selected shared folders/files/applications/devices.
- Power Users - Possess most administrative rights with some restrictions (be careful with this one, someone could unknowingly delete files!)
- Backup Operators - Has the specific right to set the Archive bit, has rights only to the folders/drives assigned and can only read files for backup purposes.
- Local Administrators - Has Full Control to all Local Computer files/folders/drives unless the owner of a file/folder/drive has specifically removed the Administrators Group from the security tab.
- Domain Administrators -Has Full Control to all files/folders/drives in a Domain and other special rights, over rides Local Administrator rights when a computer joins a Domain.
Note: There are other Groups for the Local Computer and in a Domain but for this article they do not apply.
The question that comes up in the (now gone) Q and A about forum
on this web site is about a virus that uses the Administrator to set the hidden file attributes on files and folders.
Note: One of the reasons the virus can do this is the owner of the computer has not changed either the name or the password (maybe hasn't even set it) for the Administrator ID. When the OS was installed the pre Vista installation process would ask for a password for the Administrator ID, where as Vista and forward the Administrator ID is disabled nor does it have a PASSWORD to keep a virus from enabling the ID and using it to destroy/hide files/folders.
To keep a virus or someone else from doing harm to your data you should (activate the Administrator ID for
Vista/Windows 7 / 8 / 10 ) change the name of the Administrator ID and set the password. You may want to deactivated the ID once you have done your changes, if you do then set up an ID that is in the Administrators Group or you will effectively locked yourself out some parts of your computer.
All ID's with the exception of the Administrator can be locked out if the password is typed in wrong, normally the lock out is set for 3 tries and 90 minutes, you can change this with by editing the Group Policies on a local computer.
Troubleshoot, repair, maintain, upgrade & secure...
If you get the virus that sets the hidden file attributes your files you can change the Hidden attribute only if your user ID is in the Administrators Group and that Group has full rights on the Drive, not the folder. Remember all Right flow down from the top or root of the drive. If the Administrator Group doesn't have rights at the root you can not change the rights on a folder/directory under the root such as:
D Drive -> Apps -> Ramdisk
I would like to rename the folder Ramdisk to RAM Disk, to do so I would have to have the rights to Modify the folder, as an User I would only have the Read, List, and Execute rights on the folder. As an Administrator I would have Full Control rights at the root of the drive. With Administrator I could rename the folder but as an User I could not.
Now the question is: Have you renamed the default Administrator to something else and set the password?
Remember: "It is your data but if you don't protect it someone else will have it also..."