File system folders are commonly displayed with a standard icon and set of properties, which specify, for instance, whether the folder is shared. You can customize the appearance and behavior of an individual folder by creating a Desktop.ini file in that folder to specify different options.
The desktop.ini file is a hidden Windows operating system configuration settings file located in every folder and used to store information about the arrangement of a Windows folder. Essentially, if the layout or settings for a folder are changed, a desktop.ini file is automatically generated to save those changes. When you create a new folder in Windows it is created with the standard folder icon, one common use of the desktop.ini file is to use to it set a custom icon for a folder, however this is not the only thing that it is used for. The desktop.ini file can contain alot of attributes but the following custom attributes are the most common:
Desktop.ini files have been part of Windows operating systems for a long time. They provide users with the option to customize the appearance of specific folders in File Explorer, such as changing their icons. That is not all they are good for, however.
As you may see, desktop.ini files may really be used for much more than just changing a folder icon. And although the techniques described above are mainly useful for (if anything) red teaming, either when interacting with a shared-computer environment or with network file shares, it is definitely good to be aware of them, whether one leans more toward the blue or red side of the infosec spectrum.
Note Unlike the Read-only attribute for a file, the Read-only attribute for a folder is typically ignored by Windows, Windows components and accessories, and other programs. For example, you can delete, rename, and change a folder with the Read-only attribute by using Windows Explorer. The Read-only and System attributes is only used by Windows Explorer to determine whether the folder is a special folder, such as a system folder that has its view customized by Windows (for example, My Documents, Favorites, Fonts, Downloaded Program Files), or a folder that you customized by using the Customize tab of the folder's Properties dialog box. As a result, Windows Explorer does not allow you to view or change the Read-only or System attributes of folders. When a folder has the Read-Only attribute set it causes Explorer to request the Desktop.ini of that folder to see if any special folder settings need to be set. It has been seen where if a network share that has a large amount of folders set to Read-only, it can cause Explorer to take longer then what is expected to render the contents of that share while it waits on the retrieval of the Desktop.ini files. The slower the network connectivity to the share the longer this process can take to the point where Explorer may timeout waiting for the data and render nothing or appear to hang. Note In some previous versions of Windows, you can change the Read-only attribute for folders by using the Properties dialog box for the folder, but no versions of Windows permit you to change the System attribute by using Windows Explorer.
Warning If you remove the Read-only or System attribute from a folder, it may appear as a ordinary folder and some customizations may be lost. For example, Windows customizes the Fonts folder and provides a special folder view that permits you to hide variations, such as bold and italic. It also permits you to change the folder's view settings in ways that are specific to fonts. If you remove the Read-only and System attributes of the Fonts folder, these customized view settings are not available. For folders that you have customized by using the Customize tab of the folder'sProperties dialog box, the folder icon and other other customizations may be lost when you remove the Read-only attribute.If a program cannot save files to a folder with the Read-only attribute, such as My Documents, change the Read-only attribute to System by using the Attrib command at a command prompt.Note If the Run command is not listed on the Start menu, do the following: Click Start, click All Programs, click Accessories, and then click Run.To remove the Read-only attribute and to set the System attribute, use the following command:
attrib -r +s c:\testBe aware that some programs may not operate correctly with folders for which the System attribute and the Read-only attribute are set. Therefore, use the following command to remove these attributes:
Windows stores file and folder attributes in the file system with the file and folder name, extension, date and time stamps, and other information. The Read-only check box for folders is not available because it does not apply to the folder. You can use this check box to set the Read-only attribute for files in the folder. However, you cannot use Windows Explorer to determine whether a folder has the Read-only and System attributes set. To determine the attributes that are set on a folder, or to change these attributes, you must use the Attrib command at a command prompt.
Unlike what the name implied, the desktop.ini file does not only exist on your desktop. It can be found in any folder on your computer with a customized appearance set to it. You can open a desktop.ini file with Notepad and change its contents. But it's not advisable to modify the texts if you have no idea what you are doing.
Icon file - It's used to change the icon of a folder. If you have a thumbnail file with the .ico extension in the folder you want to customize, you can set it as the folder's icon. For instance, you change the default folder icon to a cat.ico image, and then the text "IconFile=cat.ico" will appear in the desktop.ini file to save the change.
No, the desktop.ini file is not a virus. But some viruses may exploit the capabilities of the desktop.ini files. Be cautious when you set Windows not to reveal hidden files and protected operating system files, but the desktop.ini file still shows up. In that case, your computer may be infected by malware, and you should scan it with anti-virus software.
As we stated before, the desktop.ini files are usually hidden. When you see them suddenly appear on your desktop or other folders, you must have reset them to do so. Likely, you have accidentally configured your PC to show hidden files when you were editing File Explorer's settings or running an anti-virus program.
Although users are posting that they notice no change to the PC's appearance after deleting the two desktop.ini files on the desktop, we recommend you keep those generated by your system without you making any changes. Because they don't take up much space and removing them may cause other unexpected issues.
For those desktop.ini files created after you altered a folder's display, deleting them will do no harm but restore folders' view settings to the default. If you decide not to have the customized configuration, you can right-click on it and click Delete to move it to Recycle Bin. Or select the desktop.ini file and press Shift + Delete keys to remove it permanently.
We have a Windows 2008 R2 file server sharing home folders for about 600 users. These folders are mapped to a shared drive for each user when they log in on their own workstations, and that mapped drive is in turn set as the default location in the Documents library in windows on everyone's profile, including the default profile on each of our machines. Log in to a new machine for the first time, and your Documents library will point at the file server. For laptop users, we also use the Offline Files feature, so that this follows them even when they're away from work.
Edit:To quickly blow away all desktop.ini files from the entire shared folder structure use the following command: (WARNING: This WILL remove user customizations for their folders, icons, layout settings? etc.)
By now, many of us have seen customized folders in Windows XP and earlier, i.e. folders like My Documents, My Pictures and so on. Well this is accomplished by setting the folder as a System folder and placing a file named desktop.ini into the same folder.
Then I tried creating the folder with Total Commander and copying the content of the original folder with copy and paste, and now the folder is displayed correctly on TC. But Explorer shows me TWO folders with EXACTLY THE SAME NAME! (When I created the folder in TC, and because the name is long and complex, I've copied and pasted the NAME of the folder so I'm COMPLETELY SURE that the name is THE SAME).
Given the important role of folders in Windows, not only in their ability to store our personal data, but in the way they're used to organize the files that comprise the operating system, it should not be surprising that there are lots of cool things you can do with them. The next few solutions should illustrate the flexibility of Windows XP, and the lengths one can go to accomplish just about anything.
The more global and far-reaching a change is, the more likely it is to be difficult or impossible to accomplish without some serious tinkering in the Registry. An example are the icons used by some of the seemingly hard-coded objects in Windows, such as the icons used for ordinary, generic folders:
There's a bug in Windows Explorer that may prevent your custom icon from being used in certain circumstances. The icon will appear whenever you view folders on the desktop or in single-folder windows, but if you open an Explorer window directly (explorer.exe), the old yellow icons will still appear. The way around this is to right-click a folder icon and select Explore, which will display a true Explorer window (with the tree) using your custom icon.
The inherent problem with Window Shortcuts is that they are files, and as such, have the same limitations as files. They are sorted in Explorer with the rest of the files; shortcuts to folders are not grouped with folders as you might expect. Furthermore, shortcuts to folders cannot be specified in a path. For example, if you were to create a shortcut to the folder d:\Yokels\Cletus, name the shortcut Cletus, and then place the shortcut in c:\Brandine, you wouldn't be able to reference files stored in d:\Yokels\Cletus by using the path c:\Brandine\Cletus. 2b1af7f3a8