Sign in to follow this  
Nice Coder

Making an undeleatable folder?

Recommended Posts

I was thinking of a way to make an undeleatable folder. Currently what i have: (using Cmd.exe) Attrib "Folder" +h +s Cacls "Folder" /P Me:F This is for winxp. (i'm going to try and store it on a win Nt file server). This should work okish, but what i'm not sure about it is how well it'll work. (i would also know how to make it invisible). From, Nice coder

Share this post


Link to post
Share on other sites
The only way to make an undeleteable folder is to log on as a different user, create the folder and make it read-only to other users.

That way, other users cannot modify it (and therefore, cannot delete it).

Share this post


Link to post
Share on other sites
I have my own user account.

It is, however not a network adminstrator.

I would prefer if the network administrator could neither see that it exists, nor access it or deleate it without great effort.

From,
Nice coder

Share this post


Link to post
Share on other sites
Quote:
Original post by Nice Coder
I have my own user account.

It is, however not a network adminstrator.

I would prefer if the network administrator could neither see that it exists, nor access it or deleate it without great effort.

From,
Nice coder



Unfortunitly for you NT wasn't designed to do what you want. Even if you did create a folder with another account the admin could just click "take ownership". Short of installing a rootkit I don't think it's possible in any effective way.

Share this post


Link to post
Share on other sites
Administrators of boxes used by many people usually restore the entire disk of machines (except the user-owned parts) to its initial state. And if you created folders in your own account, then the administrator is bound by privacy rights not to delete them unless you did something illegal (at which point you'll get into even more trouble if you went to the lengths of hiding it).

This only holds for actual administrators. If you are just talking about a folder on a machine administrated by your parents, then you first must explain why that folder would be deleted. Simple solutions, such as zipping the folder and reming the file to something benign, can hide the folder in plain sight, but the folder will as usual be deleted if someone destroys the entire tree it is in.

Share this post


Link to post
Share on other sites
This is for a rather largish network. (they basically wipe it once a year to get rid of the junk that builds up).

As for what it is, it'd probably be used for games, chat progs, ect. Just stuff for me and my friends to use (i don't like having that sorta stuff in plain view.)

From,
Nice coder

Share this post


Link to post
Share on other sites
I just tested something.

When i set attrib +r +h +s and the folder simply dissapeared. (the defult is to hide hidden and system folders).

It didn't appear in dir's either. (nifty).
I can, however acces it if i directly type in the name. (or via a shortcut, or a cd). Attrib can also see it, but some caclsing could help.

I have an administrator account with my local machine (which i tested it on), and this really would come in handy.

:-) either way, this would help keep my stuff out of prying eyes.

/me goes looking for some nice encryption software. (worst comes to worse, i make my own).

From,
Nice coder

Share this post


Link to post
Share on other sites
You could always name the folder something that looks like "System Volume Information" (change an L to a one or something like that) so the admin will think it's actually part of the system maybe. Also, you could normally keep it set to the same permissions as the real SVI folder:
cacls "Folder" /P System:F

And then only temporarily change the permissions (as file owner, you can always do so iirc) to your username, get the data, then put it back:

cacls "Folder" /P %UserName%:F /D Administrators
copy ...
cacls "Folder" /P System:F

Share this post


Link to post
Share on other sites
Quote:
Original post by Nice Coder
I would prefer if the network administrator could neither see that it exists, nor access it or deleate it without great effort.


You greatly underestimate the power of network administration tools.

Share this post


Link to post
Share on other sites
Quote:
Original post by Fruny
Quote:
Original post by Nice Coder
I would prefer if the network administrator could neither see that it exists, nor access it or deleate it without great effort.


You greatly underestimate the power of network administration tools.
You vastly overestimate the competence of average network administrators.

My university currently uses a web-based login to get outside the proxy, and every machine is set to remeber form info so that once a person logs on (to the web via the proxy - no need for actual user logons), that computer is logged on in that person's name until they shut down, which doesn't happen. Thus, the whole point of the proxy requiring logins to get outside (to track who does what due to some problems last year) is completely negated by default.

When I was in highschool, a friend of mine got an administrator to log into a fake logon screen made using borland builder with completely incorrect icons, no ability to do C-A-D blocking, etc by saying something like "I need you to log in so I can install this program". IIRC, the password was a dictionary word and the account was the default 'Administrator'. This was on Win2k systems.

Share this post


Link to post
Share on other sites
:-) The admins on the network are somewhat dimwitted. (They mainly spend there time working on comps that have died.... "mysteriously". Or replacing mice, ect.)

They have no real reson to check the network drives throughly, and i don't want to give them anything to look at.

From,
Nice coder

Share this post


Link to post
Share on other sites
Quote:
Original post by Fruny
Quote:
Original post by Nice Coder
I would prefer if the network administrator could neither see that it exists, nor access it or deleate it without great effort.


You greatly underestimate the power of network administration tools.


What exactly would they do, how would they do it, and how can i stop them/help to stop them?

From,
Nice coder

Share this post


Link to post
Share on other sites
I have also figured out on how to get into my own system volume information folder :-)

Cacls has the answer!

I love playing around on a comp :-)

Any idea on how some programs (like Magic folders?) make your folders dissapear?

From,
Nice coder

Share this post


Link to post
Share on other sites
You could also play a new new sony cd, and use rename...

I don't recomend this, and I run scans that detect this kinda stuff on my own systems. And If i was admin, you'd be in as much trouble as I could legimental give you (ban account report to higher ups about hacking and damaging system security).

[Edited by - Cocalus on November 5, 2005 9:10:42 AM]

Share this post


Link to post
Share on other sites
Quote:
Original post by RunningInt
the old "how do I hide my porn?" question


Encrypted and compressed 1Gb USB key for day-to-day use. Look into 'source code backup' 100-Go hard drives which contain more than backup for storage on the long run. Or, when legally applicable, a folder of encrypted filenames and md5 hashes allowing you to retrieve known files from your favourite filesharing network.

Share this post


Link to post
Share on other sites
Quote:
Original post by ToohrVyk
Encrypted and compressed 1Gb USB key for day-to-day use.


That has got to be the best answer. Network Admin can't delete what he doesn't physically have access to, can he?

Quote:
Original post by Nice Coder
they basically wipe it once a year to get rid of the junk that builds up

Generally when one wipes a network, no amount of hiding will stop them. When I want to clear out the junk I wipe the entire hard disk and restore from backups. This will wipe out hidden "system folders" and folders that non-admins don't have access to.

Share this post


Link to post
Share on other sites
When its time (which'll be in maybe 7ish weeks from now), i'll just back it up onto one comp's hdd (they don't restore the comps hdd's unless they die), then copy it back later.

Main problem: Making sure that it doesn't come up in any normal scans. Its going to be in a very out-of-the-way folder, in the middle of nowhere. The chances of the admin actually looking for it specifically is basically 0. He would, however be looking just generally for stuff that doesn't belong.

How does "Sys$.bck" look for a foldername? (note that its going to be hidden....)
Or maybe "De5ktop.ini"? The problem is changing the icon so it looks like the normal ini icon. (I don't have that menu... They have all sorts of "Security measures". Like not allowing people to run programs that arn't called "winword.exe" or "excel.exe". We also have a proxy which sucks as it blocks basically everything.)

From,
Nice coder

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this