Can I prevent a file from being deleted? I have a file that is
encrypted so that only I can read it. Now the problem is that although
no one can read it, they can still delete it. I want to prevent that
file from being deleted.
The short answer is no. You can’t prevent it.
The longer answer is you can make it more difficult, but if someone
is determined to delete the file, they probably still can.
Become a Patron of Ask Leo! and go ad-free!
I’m going to assume that this file is on a machine where other
people have access to the machine itself. If your file is on a network
or on a server, anywhere where people do not have physical
access to the machine, then the answer’s different. You can prevent the
file from being deleted simply by putting it somewhere that people have
read-only access, or marking the file itself read-only to everyone but
you. Exactly how you do this depends on what kind of an internet server
or network file server you’re running, but it’s typically not that
hard. Your network or system admin can help on that, or the steps
outlined below may apply.
However, when it comes to a PC that other people might have access
to, all bets are off.
Let’s look at how we can make it difficult, and then I’ll describe
how all that can be bypassed.
First, the drive on which you’ve placed the file must be formatted
NTFS for the additional security options we’re about to play with.
Open up Windows Explorer, click on Tools,
Folder Options click on the View tab
and scroll to the bottom of the Advanced Settings
list. You should see something like this:
Make sure that Use simple file sharing is
not checked, and OK your way back out.
Now, locate and right click on the file you want to protect and
click on Properties. You’ll see a
Security tab; click on that and you should get
something like this:
Now, for each Group or user name in the top list
except Administrator (or perhaps except your own login account
if you are not an administrator), make sure that the
Deny column in the Permissions for…
list is checked. For Administrator the column Allow
should be completely checked.
What this has done is restricted access to the file to only those
with administrative privileges. Anyone else logged into Windows with a
different account will be unable to read, write or delete the file.
Seems like exactly what you were looking for, right?
Here’s the downfall:
If it’s not physically secure,
it’s not secure.
If someone can reboot your machine and boot from a floppy, CD-ROM or
USB drive, then they can boot into any of a number of password and file
recovery programs that can completely bypass the security you’ve just
In fact, here’s an article on how they can become the administrator:
I’ve lost the password to my Windows Administrator account, how do I
get it back?
At that point, they could reformat the drive, and erase everything
including your file.
Even if you remove all the boot options, if they’re really
motivated, they can steal the machine or drive, and install it into some
other system where they can then proceed to get full access. I’m
guessing stealing the drive also qualifies as deleting the file.
The bottom line is that depending on your situation, “making it
difficult” might well be enough. But be aware that it’s not bullet
proof. Encrypting your data is a great thing to do, but make sure you
have a backup – perhaps of the encrypted container – since it’s quite
possible a motivated someone could come along and delete it no matter
what you do.