Windows File Permissions and Attributes

windows permissions

File permissions dictate what access you have to a file - just like it sounds. Full control lets you create, delete, append, change permissions, change attributes, etc.

Files and folders can have additional attributes, much like files on most *nix filesystems. "Hidden" comes to mind as an example of this on both platforms.

On Windows, some of the additional attributes include system, read-only, archive, encrypted, and compressed. When you have full control (or modify) you have the ability to change these attributes, but as you've discovered, a read-only file is read-only, even to someone with full control. While full control gives you the ability to change a file's attributes, it does not automatically override them, much like ls doesn't show the root user a hidden file by default on *nix.


A permission is a security control. An attribute applies regardless of the security principal attempting the operation.

There are far more attributes than what you see at the command prompt. These include if the file is a link, encrypted, directory (a type of file), and integrity (low, medium, or high).

File Attribute Constants
http://msdn.microsoft.com/en-us/library/windows/desktop/gg258117%28v=vs.85%29.aspx

FILE_ATTRIBUTE_ARCHIVE 32 (0x20)

A file or directory that is an archive file or directory. Applications typically use this attribute to mark files for backup or removal .

FILE_ATTRIBUTE_COMPRESSED 2048 (0x800)

A file or directory that is compressed. For a file, all of the data in the file is compressed. For a directory, compression is the default for newly created files and subdirectories.

FILE_ATTRIBUTE_DEVICE 64 (0x40)

This value is reserved for system use.

FILE_ATTRIBUTE_DIRECTORY 16 (0x10)

The handle that identifies a directory.

FILE_ATTRIBUTE_ENCRYPTED 16384 (0x4000)

A file or directory that is encrypted. For a file, all data streams in the file are encrypted. For a directory, encryption is the default for newly created files and subdirectories.

FILE_ATTRIBUTE_HIDDEN 2 (0x2) The file or directory is hidden. It is not included in an ordinary directory listing.

FILE_ATTRIBUTE_INTEGRITY_STREAM 32768 (0x8000)

The directory or user data stream is configured with integrity (only supported on ReFS volumes). It is not included in an ordinary directory listing. The integrity setting persists with the file if it's renamed. If a file is copied the destination file will have integrity set if either the source file or destination directory have integrity set.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP: This flag is not supported until Windows Server 2012.

FILE_ATTRIBUTE_NORMAL 128 (0x80)

A file that does not have other attributes set. This attribute is valid only when used alone.

FILE_ATTRIBUTE_NOT_CONTENT_INDEXED 8192 (0x2000)

The file or directory is not to be indexed by the content indexing service.

FILE_ATTRIBUTE_NO_SCRUB_DATA 131072 (0x20000)

The user data stream not to be read by the background data integrity scanner (AKA scrubber). When set on a directory it only provides inheritance. This flag is only supported on Storage Spaces and ReFS volumes. It is not included in an ordinary directory listing.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP: This flag is not supported until Windows 8 and Windows Server 2012.

FILE_ATTRIBUTE_OFFLINE 4096 (0x1000)

The data of a file is not available immediately. This attribute indicates that the file data is physically moved to offline storage. This attribute is used by Remote Storage, which is the hierarchical storage management software. Applications should not arbitrarily change this attribute.

FILE_ATTRIBUTE_READONLY 1 (0x1)

A file that is read-only. Applications can read the file, but cannot write to it or delete it. This attribute is not honored on directories. For more information, see You cannot view or change the Read-only or the System attributes of folders in Windows Server 2003, in Windows XP, in Windows Vista or in Windows 7.

FILE_ATTRIBUTE_REPARSE_POINT 1024 (0x400)

A file or directory that has an associated reparse point, or a file that is a symbolic link.

FILE_ATTRIBUTE_SPARSE_FILE 512 (0x200)

A file that is a sparse file.

FILE_ATTRIBUTE_SYSTEM 4 (0x4)

A file or directory that the operating system uses a part of, or uses exclusively.

FILE_ATTRIBUTE_TEMPORARY 256 (0x100)

A file that is being used for temporary storage. File systems avoid writing data back to mass storage if sufficient cache memory is available, because typically, an application deletes a temporary file after the handle is closed. In that scenario, the system can entirely avoid writing the data. Otherwise, the data is written after the handle is closed.

FILE_ATTRIBUTE_VIRTUAL 65536 (0x10000)

This value is reserved for system use.

Related

How to properly remove lingering objects when -strict has been set on a large number of DCs for a long time?
High throughput meshed VPN to connect datacenter hosts
What is Kernel Times
How to change Document Root for Apache2 in Mac OS X
When should I create a new user account to run software on a server?
What are the different classes of Internet Connection and how do they differ?
ProxyPass: Redirect directory URL to non-standard port
Managing CBS.log files on Windows 2008R2?
Running containers inside a virtual machine?
Why does `df` indicate no available space when used is much less than total size, on my VPS? [duplicate]
ansible blockinfile disable marker
Task scheduler scheduled task at startup not working