From TSG Library of Knowledge
Windows File attributes are 1 bit flags included in the File System which modify various factors in how the files are treated.
Files marked as Read Only allow a user to get information from them but block modifications. If a read only file is edited the changes must be saved under a different file name. The Read Only flag is distinct from NTFS Read and Write Permissions, in that a user may have full permissions over a Read Only file and be unable to edit it. A user lacking write permissions cannot edit a file regardless of its read only status. To protect a file against malicious changes appropriate File permissions should be used; the Read Only flag is limited to protecting from accidental changes, and is easily circumvented.
Files marked as Hidden do not normally appear when the directory in which they are stored is viewed through Windows Explorer. Hidden files also do not appear when the DIR command is issued from the command prompt, and are not affected by commands using wild cards. Security through Obscurity is a very bad policy, and it is incredibly easy to show hidden files. Hiding a file should not therefore be considered a security measure under any circumstances. The flag can be used when files are so marked to protect them from widespread operations (such as removing files from a folder en masse), and of course to prevent accidental tampering or deletion (which is why system file are hidden). It is most valuable however as an organizational tool: a simple but effective means of avoiding unnecessary clutter allowing a user to see the important files at a glance.
The System Attribute is applied to files which Windows or certain other programs wishes to protect. System files are both hidden and read-only by default. Microsoft also makes it more difficult to unset the System Bit (There is no GUI option to do so), and while it allows the user to show normal hidden files without complaint it advises against checking the "Show protected Operating System Files" box. People can be alarmed at how many files windows had removed from normal view by setting this flag, including legitimate files in familiar places such as the user space or the Desktop. As a general rule System Files should not be tampered with.
A file containing sensitive information can be marked as encrypted, such that content is scrambled when written to the disk and unscrambled when read. The scrambling is performed automatically using a key that can be traced back to the user's password. It has no effect whatsoever on accessing the file from the User account that encrypted it, except that it requires more processing to decrypt and encrypt. However a file marked as encrypted cannot be read by any other user account, including the local administrator account, if an account gains access to the file because such an account won't have the password needed to access the key. If an administrator exercises their password reset rights and changes the password on another account, files encrypted by that user account will become unreadable. However if a user changes their own password they can still access any such files.
Encrypting files can be a useful defence against snooping by other user accounts but the encryption is not necessarily top quality. It also suffers from weaknesses unrelated to the encryption algorithm. That the logged in user has automatic access makes it dependent on the strength of the user's password and on not leaving the computer logged in. It is also not possible to share encrypted files between specified users or to encrypt for transit to another computer. Better security can be achieved using other third party encryption software such as True Crypt
When the Archived bit is set, Windows writes the file to disk in a compressed format. This consumes less hard disk space than the file normally would. Some files are particularly compressible while others are already at very close to their minimum size. For example database files and word documents can often be easily compressed, whereas JPEG pictures and MP3 Music will tend to take up about the same amount of space as before. Better compression can often be achieved with a proper Archive manager and Compression Utility such as WinZip, WinRar, or 7zip. It is not advisable to mark the entire drive on which Windows is installed, as an archived drive and this can cause system instability.
Marking a file or folder with this attribute indicates to Windows that it should be indexed. This means that its content is analysed and stored in an Index file, a lookup that Windows uses for File searches. Maintaining an index helps to ensure that searches are much faster, and indexing a file's content allows searches to realize that the file matches even if its title doesn't contain the search terms.
Showing Hidden and System Files
- To show Hidden and System Files in Windows Explorer.
- Open any folder.
- Press ALT and go to the tools menu
- Open Folder Options
- Go to the View Tab
- Check "Show Hidden Files and Folders"
- Uncheck "Hide Protected Operating System Files"
- Click OK.
Changing File Attributes
From the GUI
Most File Attributes Can be modified from the GUI, the single exception being the system flag. To change one of the other attributes for a file or folder:
- Right click on its Icon and go to Properties.
- In the starting tab, marked General, look for the Attributes Section.
- If you wish to change the Read Only or Hidden attributes change the relevant Check Boxes.
If you wish to change the Archived or Encrypted attributes, Click Advanced and check either "Compress Contents to Save disk space" or "Encrypt Contents to Secure Data".
- Click OK or Apply to finalize the change
- It is possible to select multiple files to apply the attributes to.
- If you apply the attributes to a folder, you will be given the option of propagating these attributes to files and subdirectories.
From the Command Line
Most Windows File Attributes are edited with the Attrib command, including the System flag, but excepting the encrypted flag. It is made up of three main parts.
- The word Attrib must come at the start to define which task is to be performed.
- The possible attributes come next, prefixed by a + sign to apply that attribute or a - sign to remove it. The attributes are identified by first letter: R, A, S, H, and I.
- Third the file(s) to which the task is applied are specified. Wild cards can be used.
- Finally when folders are involved the /S and /D switches can by applied, saying whether to affect files and sub-folders contained within (/S) and whether to process folders (/D)
Examples: Attrib -S -H MyFile.txt would remove the Hidden and System flags from the file MyFile.txt in the current directory. Attrib +R * /S would make all files within the current directory and subdirectories Read only. Adding the /D switch would affect folders as well. As always be particularly careful when using wildcards and wide-acting commands, as it is easy to include files which should not be included.