How to protect a file in Windows

Question

Update 3: the restrict access, using the security tab works now. (that's manually) now looking to do it programatically (using Visual C#) and also how to access a file using administrator account in a simple user account. hint - I noticed this feature in Windows, right click and use 'Execute as', enter the administrator password and then you can access the file.

Update 2: Found how to display the security tab

To display the Security tab

Open Folder Options in Control Panel. (Click Start, click Control Panel, click Appearance and Themes, and then click Folder Options.)

On the View tab, under Advanced settings, clear Use simple file sharing [Recommended].

Update 1: I found the following article, which suggests how to give permissions to files, however I don't find the security tab when I click properties, do you have it? Any ideas how to get it

I have a file that I want to protect from bein modified. Don't say to me encrypt it, this don't solve the problem, I want that users can't change the file, BUT only me (my program). Is there any type of authentication for Windows files, I know that what I say is stupid about authentication, but some Windows files are inaccessible like 'ntuser.dat.LOG' in the user profile. When I try to open this file it doesn't open.

I want something like that, for this file it seems because Windows is using it. Right. But what about if my program shutdown, I don't want the file to be changed in this case also. How shall i do?

I don't ask for the complete detailed solution, I want ideas, suggestions, tips, or any thing you know that it'll help, as it seems to be complicated :p

Answer 1

you can run a windows service that locks the files or something

Answer 2

Revoke access for all users but yourself (or the account that the program is running as). Right-click in Windows Explorer, Properties, Security.

Answer 3

Idea, then: modify your file so that only one user can have access to it. Remove all other users permissions. Run your application as a service authenticated with the only user who has access to the file.

Answer 4

Are you on a Windows domain, or just a workgroup? What version of Windows is this? Are you an administrator of the computer?

You should be able to take ownership of a file, and then set the permissions so that you're the only one that can access that file. On Windows XP (Vista is similar) Right-click on the file and view Properties. Select the Security tab and then you can set specific permissions on a file. You can click Advanced and set even more specific options.

If you're on a domain, the domain administrators will always be able to view/edit any of your files.

Edit: From KB 290403:

In Windows XP Home Edition and Windows XP Professional, if working in a workgroup, the Security tab is hidden by default. This behavior occurs because in Windows XP Home Edition and Windows XP Professional, guests are forced to log on to a workgroup.

So if you want to pursue this, you can boot your computer into Safe mode and then you'll see the Security tab.

You can also uncheck Simple file sharing in the Advanced options.

Answer 5

You can change de rights of the file to make is owner a user created by your application at installation time. But anyway an administrator car override this, i can't see a way to succesfully lock it.

Even a windows service can be shutdown, there will be no absolute solution as far as I can see.

Answer 6

The file would have to be owned by the SYSTEM user and only have read rights given to the regular USERS group.

Your installer should be able to create the file, give full control to system, then eliminate local user rights to it. Except for the right to read.

Answer 7

Create an MD5 or similar hash using the file's contents. When reopening the file, check the stored hash to make sure that the file hasn't changed.

Answer 8

This is my idea! May be not very useful!

Restrict permission to the file (This is common) and make sure only your porgram has access to it. BUt this is not fail proof as the admin user can change the security of the file.

Read the first n bytes or some random bytes and store it in the registry. Next time when your program starts check whether the bytes match if not the file was changed. If so you try to recreate the file.

Answer 9

It can't be done!

Sorry for this blunt answer, but despite any suggested software measure to "protect" the file, it will not help.

If the user really wants to access the file, he can simply insert the hard disk into another computer and modify the file. Or she can use a Linux live CD that runs independent of the installed operating system.

Answer 10

Sign the file with a private key embedded in your application, and check the signature before loading the file. You'll have to re-sign every time you write the file so that the signature reflects any changes (if the file is modified without being signed, it will be obvious when you try to load the file).

NB this isn't totally secure. A cracker could conceivably extract the key from your application, and use it to sign his modified version of the file. It doesn't protect against a malicious attack, but will keep your average user from modifying the file.

EDIT: Hmm, seems you don't care about DETECTING if the file is modified, you want to actually PREVENT the file from being modified. Sorry, I don't think there is a way to do this. The user could easily kill off any process "locking" the file, or even boot up with a Live CD or something and edit the file that way.

Answer 11

Dare I say it... "NTFS Alternate Data Streams" - please don't shoot me!

Yes their easy to modify, but not easily located by your average junkie.