The Attrib (attribute)
utility lets you discover the attributes attached to a given file in an
unambiguous way. Attributes are special notations that the file system
makes about the folder or file. For example, when you modify a file, the
file system sets the archive attribute, which tells your backup program
that the file has changed. When the backup program makes a copy of the
file, it resets the archive attribute. See the "Standard FAT and NTFS
File Attributes" sidebar for additional details about attributes. This
utility uses the following syntax:
ATTRIB [{+R | -R}] [{+A | -A }] [{+S | -S}] [{+H | -H}]
[drive:][path][filename] [/S [/D] [/L]]
The following list describes each of the command line arguments.
+
Sets an attribute.
-
Clears an attribute.
R
Modifies the read-only file attribute.
A
Modifies the archive file attribute.
S
Modifies the system file attribute.
H
Modifies the hidden file attribute.
[drive:][path]
filenameDefines one or more
files to modify or query. You can use wildcard characters to define the
file specification. Specifying a file specification without any
attribute changing command line switches displays the attributes for
those files. Using Attrib by itself, without any file specification,
displays the attributes for all files in the directory. This technique
even displays system and hidden files.
/S
Processes files that match the file specification in the current directory and all subdirectories.
/D
Processes the directories as well as the files that match the file specification.
/L
Processes the attributes of a symbolic link, rather than the symbolic link's target.
You can also use the Attrib utility to locate files with a specific attribute. It works much the same as the Dir
(directory) command at the command prompt, but the focus is on the
attributes, rather than other file or folder information. To test this
command, open a command prompt in the root directory (the uppermost
directory) of your C drive, type Attrib *.*
at the command prompt, and press Enter. You'll see a list of all of the
files in the root directory, along with their associated attributes.
For example, many of the files will have an A for archive next to them. Some files, such as ntldr, will have the S (system), H (hidden), and R (read-only) attributes.
It's possible to view
and change the attributes (except system) for a file using Windows
Explorer. To change an attribute, right-click the file and choose
Properties from the context menu. You'll see the file Properties dialog
box. The Read-only and Hidden options on the General tab modify these
attributes on the file. Click Advanced and you'll see the Advanced
Attributes dialog box that contains the File Is Ready for Archiving
option that controls the archive attribute. Although this method is
aesthetically pleasing, you have to change the files one at a time.
Using Attrib, you can change a number of files using a single command.
For example, if you want to remove the system, hidden, and read-only
attributes from every executable in a particular folder, you'd type:
Attrib -h -r -s *.EXE
Standard FAT and NTFS File Attributes
Everyone categorizes
the data they create. For example, you might make a differentiation
between data and executable files, and then further categorize the data
by the application that created it. Categorizing files is important
because the categorization process helps you define the file and specify
what it does for you. The operating system categorizes files, too, and
in a way that you can use to your advantage. By knowing how to use
attributes, you can differentiate between files that the system uses
(ones that you normally don't need to worry about) and those that you
use.
A friend of mine was
relating a story about another use for attributes. You use attributes as
a means of determining how the operating system interacts with files.
Many companies now enforce a policy of setting hidden files so they
remain hidden, even in Windows. Otherwise, users will delete files they
shouldn't, which is where this story began. It seems that one user
deleted all of the "extraneous" files on her system to make room for
more data files, files such as Command.COM, Config.SYS, and AutoExec.BAT.
The next morning, the user complained that the system wouldn't boot.
After restoring the system, the network administrator warned the user
not to delete any more files. The next month, the user did the same
thing all over again. It wasn't long before the company had a new "no
delete" policy in place, which remains in force today for Windows users.
The File Allocation
Table (FAT) file system used with DOS and older versions of Windows, the
File Allocation Table 32-bit (FAT32) file system used with Windows 95
and above, and the Windows NT File System (NTFS) used with versions of
Windows starting with Windows NT, rely on file attributes to identify
particular file conditions. For example, the archive attribute shows
that the file has changed since the last full backup. For example, even though some utilities can perform a task
based on the offline attribute, none of them can manipulate this
attribute in any significant way. All of the inaccessible attributes
appear as part of NTFS. The following list describes the attributes that
you can access using the command line utilities.
A
The operating
system sets this attribute whenever a file or directory experiences a
change. The attribute alerts backup applications to the need for
creating a backup of the file under specific conditions. However, you
can also use the attribute to monitor the system for unexpected changes.
For example, unless you've recently updated a particular Windows DLL,
the archive attribute should remain clear (unset). A change in the
attribute status could indicate the activities of a cracker.
D
The directory
attribute indicates that a file system entry is a directory, a container
for other files and directories. You can use the directory in a number
of ways—everything from mapping the structure of your hard drive to
locating hidden entities on the hard drive. Many viruses now rely on
hidden directories to store their data.
H
The hidden file
attribute indicates that you normally can't see the file as part of a
directory listing. The file still exists and the operating system can
still access it. The original intent of the hidden attribute was to keep
system and other sensitive files hidden from users who might
accidentally modify or delete them. Windows generally makes this feature
obsolete by showing all files, hidden or not, unless you set the
operating system not to display them by selecting the "Do not show
hidden files and folders" option on the View tab of the Folder Options
dialog box. However, the hidden attribute still keeps files hidden from
the view of command line utilities, so you need to know it exists.
R
The read-only
attribute ensures that you can't change, delete, or even move a file
without seeing an error message. The read-only attribute commonly
appears as part of operating system files. However, developers also use
it with read-only data for applications and you might even see it in use
for other purposes, such as license files. Windows does honor the
read-only attribute, so you can't easily override the effects of this
attribute no matter how you access the file.
S
The system attribute
marks a file as one that the operating system relies on to perform
essential tasks. Generally, you don't want to change, delete, or modify
files marked with this attribute—doing so could cause the operating
system to freeze, refuse to boot, or behave erratically.
L
Symbolic
links are essentially pointers to a physical file or folder somewhere
else on the drive, another local drive, or even a network drive. The
symbolic link makes it unnecessary to track where a file or folder
exists. Instead, you focus on the data itself. A directory entry marked
as a symbolic link has no real content—just the pointer to the actual
file or folder.
