Skip to main content

How to prevent file copying, deletion and renaming?

On a computer with multiple users some kind of access restriction and sharing permission is essential. The nature of the security permission can vary depending upon who has access to the computer and their experience level. Generally, system administrators or owners like to implement any of the 3 kinds of security restrictions – file copying, deletion and modification. The latter two types of protection is easy to enforce in NTFS formatted drives, but preventing copying can be a little tricky.

Hundreds of articles has been written on NTFS permissions and many of you readers might already know it, but for the sake of completeness I will have to include the basics.

Preventing file reading or execution, modification and deletion

Update: Detailed instructions are available herehttp://www.instantfundas.com/2010/12/how-to-protect-files-from-deletion-in.html

These permissions can be set on NTFS formatted drives. Open Windows explorer and go to Tools >Folder Options, click on the View tab and uncheck the box “Use simple file sharing (Recommended)”.

ntfs-file-permissions

Right click on the folders or files you want to set restrictions to and click on Properties. Under the Security tab you can now set Allow or Deny permissions on a number of files operations like:

  • Full Control: Users can modify, add, move, and delete files, as well as their associated properties and directories. In addition, users can change permissions settings for all files and subdirectories.
  • Modify: Users can view and modify files and file properties, including deleting and adding files to a directory or file properties to a file.
  • Read & Execute: Users can run executable files, including scripts.
  • Read: Users can view files and file properties.
  • Write: Users can write to a file.

More permissions are available under the Advanced tab.

Preventing file copying

Preventing copying of files is a bit difficult. The most effective way to prevent unauthorized copying of files from your computer is disabling access to takeaway devices, in other words removable drives. Locking optical drives and disabling USB ports or preventing write access to USB devices is the most fool proof way to restrict file copying, provided the user cannot connect to the Internet. Otherwise they can simply upload files to a remote server and download it later from their own computers. Another way to prevent file copying is to use anti-file copy software. We will look at both methods.

1. Preventing file copying by disabling access to optical drives and USB ports

Optical Drives:
Windows does not provide an easy way to disable access to optical drives. The only way to do it is disabling them in the BIOS and then locking the BIOS with a password. Of course you wouldn’t be able to access them either, so it isn’t the most smartest thing to do. The alternative approach is to use an optical drive locker such as the CD/DVD Drive Locker. It lets you disable selected optical drives so that they become unresponsive to the open/close button. CD/DVD Drive Locker is actually intended to prevent kids from playing with the drive tray and provides very feeble protection as it can be easily overridden.

cd-dvd-locker

USB ports:
USB ports can be disabled quite easily using the registry editor. There are two kinds of restrictions you can put on a USB port – a) disable write privileges to USB port or b) completely disable USB ports

A. Disabling write access to USB ports: Open Windows registry editor and navigate to the following key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Control\StorageDevicePolicies

Create a new DWORD, name it WriteProtect and put the value as 0. To allow write access change the value to 1.

B. Disabling access to USB ports: Open Windows registry editor and navigate to the following key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\UsbStor

Double click on the entry Start on the right pane and set it’s value to 4 (Hexadecimal). To enable USB ports again change the value back to 3.

2. Preventing file copying using anti-file copy software

There are a few anti-file copy software in the market, most of them are commercial. I managed to find one freeware among the lot - M File Anti-Copy

M File Anti-Copy prevents copying of files by disabling the Windows clipboard. With the clipboard disabled, you cannot copy and paste files not only to removable drives but even within partitions and folders. And because the clipboard is disabled you cannot even copy text. The protection feature can be activated or deactivated only by providing the correct password.

mfile-anti-copy

When the application is active you are allowed to copy and move files via the built-in file-copier. The software also protects against file deletion and renaming, but this is in a separate section and you have to apply this setting to individual files and folders, which isn’t very helpful.

The program however suffers from a serious flaw – it can’t prevent copying using drag and drop. This is because M File Anti-Copy prevents file copy by disabling the clipboard. Since drag and drop does not use the clipboard, the program fails. You can still use it and just hope the users don’t discover the loophole.

M File Anti-Copy also provides some additional protection like disabling the Task Manager and regedit.

Prevent file copying is never fool proof, there always be some workaround. The best kind of protection will be to disable all removable drives through either the BIOS or the registry editor, and disconnect the computer from the network to prevent file transfer. Or simply deny physical access to the computer when you are not around.

Comments

  1. Thanks for your tutorial, and I have a question: How to prevent user to copying from folders that I do not allow. User can read only and can not copy files into another folder. Using NTFS permission, please guide me.

    ReplyDelete
  2. That is not possible using only NTFS permission. Only possible solutions are discussed in this article.

    ReplyDelete
  3. Is it possible to prevent somebody from downloading/copying material from a website. Can we allow material only to be read and not copied? Thanks.

    ReplyDelete
  4. If it's on the web, it can be copied. No way to prevent it.

    ReplyDelete
  5. it is very intresting NOT!!!!!!!!!!!!!

    ReplyDelete
  6. lolololololol ROFL i'll still steal your files and copyright.

    ReplyDelete
  7. i want my user can create file folders and rename it but can't delete what should i do .. not getting help to rename access..please help me my email id is [email protected]

    ReplyDelete
  8. imogen major is cool :)

    ReplyDelete
  9. how do companies prevent unauthorised transfer or copying?

    ReplyDelete
  10. i agree lol all fail

    ReplyDelete
  11. This is now outdated. My Vista system does not have a "Security" Tab available for modification.

    ReplyDelete
  12. I should have said the "View" tab does have a selection “Use simple file sharing (Recommended)”. It has "Use Sharing Wizard (Recommended)".

    ReplyDelete
  13. wonder ful software...it's working...thanks...admin

    ReplyDelete
  14. Too bad you cant do this at the file system level

    ReplyDelete

Post a Comment

Popular posts from this blog

How to Record CPU and Memory Usage Over Time in Windows?

Whenever the computer is lagging or some application is taking too long to respond, we usually fire up task manager and look under the Performance tab or under Processes to check on processor utilization or the amount of free memory available. The task manager is ideal for real-time analysis of CPU and memory utilization. It even displays a short history of CPU utilization in the form of a graph. You get a small time-window, about 30 seconds or so, depending on how large the viewing area is.

How to Schedule Changes to Your Facebook Page Cover Photo

Facebook’s current layout, the so called Timeline, features a prominent, large cover photo that some people are using in a lot of different creative ways. Timeline is also available for Facebook Pages that people can use to promote their website or business or event. Although you can change the cover photo as often as you like, it’s meant to be static – something which you design and leave it for at least a few weeks or months like a redesigned website. However, there are times when you may want to change the cover photo frequently and periodically to match event dates or some special promotion that you are running or plan to run. So, here is how you can do that.

Diagram 101: Different Types of Diagrams and When To Use Them

Diagrams are a great way to visualize information and convey meaning. The problem is that there’s too many different types of diagrams, so it can be hard to know which ones you should use in any given situation. To help you out, we’ve created this diagram that lays out the 7 most common types of diagrams and when they’re best used: