Windows 10: Prevent executable from being deleted/modified (but still read/write)?

  1.    27 Jun 2016 #1

    Prevent executable from being deleted/modified (but still read/write)?


    I have spent literally days trying to figure this out on my own, and thought I'd finally solicit some advice.

    I have a program that I want to prevent *anyone* (including me, as an administrator) from moving, deleting, or otherwise disabling.

    The program is called Cold Turkey, and it is the best access restriction program for "internet addiction" that I've found. Despite its relative strength, I am still able to get around it by renaming and moving the file or deleting it in safe mode. I know I should just get some self control, but this is what I'm doing now. I'm fairly tech savvy and can unfortunately get around most means of locking the computer. I am looking to be able to:


    • run it without a password and give to a friend to safekeep;
    • have access to the interface to change time and other settings (so read/write/modify, right?)
    • prevent my ability to delete or otherwise disable the program.


    So I then tried a few file "hiding" softwares.

    Wise Folder wasn't good enough for me--no safe mode protection, etc., and I don't believe it played nice with executables.

    Folder Protect did not recognize my password and I spent a good amount of time figuring out how to delete it. Pretty much the same with File Lock Pro. I tried another one that looked promising, but I found that it was freeware and had no customer support whatsoever, which after my bad experiences with FG and the other. Literally, and absolutely, they forgot my pw, and I'm not going through that again.

    All the "lock file" programs generally require a password every time you want to access a program--they're designed to lock down a file rather than just modify permissions. The simpler programs (like Wise) are easy to get around through task manager or safe mode.

    It seems to me that the best surefire way is to modify permissions, but I'm a little scared to do so.
    I initially thought that was the best way to go and read about permissions, but that was way out of my depth. I was able to change permissions, but when it came to changing ownership to another and disabling MY administrative permissions to prevent me from deleting, etc. I couldn't figure it out (apparently not tech savvy enough for that). Plus I think there are some characteristics of this program that prevent this route (NET dependency? PCAP?), although I am not sure. I ended up basically blue-screening and having to use the Tweaking.com repair tool to fix permissions etc.

    So does anyone have advice for this computer addict? A program that will let me run a program and access its interface w/o being able to disable it and/or delete it?

    Appreciate it. Understand some might think this is silly, but I really need to get this under control.

    Oh, and here is a clip of the basic files in this program:

    Click image for larger version. 

Name:	CT files.PNG 
Views:	18 
Size:	38.7 KB 
ID:	86990
      My System SpecsSystem Spec

  2.    27 Jun 2016 #2

    You can't completely achieve what you want, I fear. It is always possible to boot your machine from a Linux CD and delete the file. This will bypass any locker imaginable. This can't technically be prevented.
      My System SpecsSystem Spec

  3.    27 Jun 2016 #3

    Thank you . Is it possible to modify permissions? This seems like it should be... and is probably the best way. No?
      My System SpecsSystem Spec

  4.    28 Jun 2016 #4

    You set permission via the usual security tab (right click on the file and select security). You have to keep in mind that these are security enforced by Windows. If you have sufficient privilege, you can always do what your want. In a normal administrator account, Windows might prevent to do some things but it usually does not prevent to change the permissions to do these things. So you have some indirect permissions to do (almost) everything (change the permissions then do the things you want). If you boot in safe mode you disable many check and you have more permissions. But if you have not secured the boot process, you can always boot from a special CD that enforce no permissions at all. This is the case with some Linux CD. Boot them and do what you want with your file (the purpose is most often legitimate, you can recover files from a completely corrupt and unusable system in this way).
      My System SpecsSystem Spec

  5.    28 Jun 2016 #5

    Thanks. I was told by someone in another forum that you can never remove your access rights as administrator. So you can do this in safe mode? Should I just proceed to change the access rights in safe mode as an administrator, and then replace the administrator with system as owner?

    I would just have to find a program or otherwise disable safe mode and then have a boot disk. That sounds good.

    The other thing I've read is that it is possible to change 3rd party executables to system files by assigning them to TrustedInstaller. But I take it that this is probably risky?

    Thank you!
      My System SpecsSystem Spec

  6.    28 Jun 2016 #6

    anoukaimee said: View Post
    Thanks. I was told by someone in another forum that you can never remove your access rights as administrator. So you can do this in safe mode? Should I just proceed to change the access rights in safe mode as an administrator, and then replace the administrator with system as owner?
    What do you mean "remove your access rights" (you can easily mark a file as non-readable, writable, etc. even by administrator) would you not mean "grant access rights". Frankly I don't know the details but I know there way to launch something in system mode if you are an Administrator. So you can indirectly do it anyway...

    I would just have to find a program or otherwise disable safe mode and then have a boot disk. That sounds good.

    The other thing I've read is that it is possible to change 3rd party executables to system files by assigning them to TrustedInstaller. But I take it that this is probably risky?

    Thank you!
    I don't understand your real goal. What do you want to achieve? To protect you from yourself? Frankly you can't really do that. Safe mode is used to troubleshot the computer in special situation; it is normal that it is not "protected". Even if it was, it would not "prevent" anyone doing what he wants (as I said, boot from a Linux CD, put the hard disk in another machine, etc...), it would just make more difficult for an honest user to troubleshot problems. If you want to protect your system from an accidental mistake, just run as a normal user with no administrative privilege. Modifying your system in unattended way is not very safe, but it is just my opinion.
      My System SpecsSystem Spec

  7.    28 Jun 2016 #7

    Yes, my goal is to "protect myself from myself" without screwing up my software. As I noted above, I am basically a computer addict and it is really concerning. None of these lock programs adequately prevent me from disabling it.

    Going to the length of removing a hard drive or reassigning permissions (which I am now very confused about: can I reassign ownership to the system or not, preventing administrative delete/modify controls? hearing conflicting things) in safe mode, etc. is not something I am going to undertake to disable the software. I just want something to prevent me from doing the easy things, like deleting the file or moving it, etc.

    I understand your admonitions about safety, and I do understand; I feel like if I use Macrium backup and a recovery drive I would be secure enough.

    Now I just need to understand how to 1) take away permissions from users and the administrator; and 2) give them to the system. That's the essence of what I'm asking here.

    So any ideas would be welcome, and thank you!
      My System SpecsSystem Spec


 

Related Threads
WD keeps asking for sending Grim Dawn executable in AntiVirus, Firewalls and System Security
Hello. I love WD but this is becoming quite the annoyance. I am currently playing Grim Dawn a lot (among others) but everytime I launch the game, WD insists on sending the Grim Dawn executable to them for analysis. I agreed and sent it. However...
Solved Write to read only memory in BSOD Crashes and Debugging
I have had two BSODs this morning, the first was PFN list corrupt closely followed by Write to read only memory. This is a clean install of Windows 10, I thought it might cure the BSODs but no such luck. So glad to find this forum. 82075
Hi about cortana , can it write an email , i mean the body and can i use to use it and write a word document because i bought word 2010 ,that's pretty old thanks
I have seen people sending executable & linkable file with phone numbers in Whatapp which after clicking automatically ask us to add to contacts. How these files are created and what is the software name? Please help. Thanks Ashok
Hi there. I observed that when creating an executable with Visual Studio, Windows 10 will launch one (sometimes even two) extra thread. This happens even for the simplest program: int main() { return 0; } If you break on return 0, Visual...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 00:31.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums