testing the existence of restricted Subfolder without Admin
Posted: 25 Aug 2019 03:45
I had to check the existence of a subfolder in all user profiles.
Usually i do this with admin rights via
Of course, this does not work without admin rights.
...but!
To my surprise, I can however without admin:
... write to the nul-device of all restricted folders and determine if a folder exists.
Here is my little experiment to this topic.
This demo works as user without Rights or as Admin
I do not need any special help here, but I found it strange that there are ways to look behind the restrictions without rights.
Possibly the whole thing is interesting for other users.
Usually i do this with admin rights via
Code: Select all
if exist "folder path"...
...but!
To my surprise, I can however without admin:
Code: Select all
(call;>"restrictedPath\testSubFolder\nul")&&echo Folder exist||echo Errorlevel !errorlevel!
Here is my little experiment to this topic.
Code: Select all
chcp 65001>nul & rem i'm a German some Folder have vowel mutation chars
setlocal enableDelayedExpansion
set "testFolder=%~dp0test"
set "testSubFolder=%testFolder%\myFolder"
md "%testSubFolder%"
rem show the Folder in some ways
dir /b /a "%testFolder%\*"
rem check normal for Folder
if exist "%testSubFolder%" (echo Folder exist) else (echo Folder not exist)
rem Write to nul-"File" in the Folder (this works)
(call;>"%testSubFolder%\nul")&&echo Folder exist||echo Errorlevel !errorlevel!
rem doe the same into a nonexisting Folder (this can't work)
(call;>"%testFolder%\notExisting\nul")&&echo Folder exist||echo Errorlevel !errorlevel!
rem as above... write a real file (this also works)
(call;>"%testSubFolder%\realFile.txt")&&(echo Folder exist & del /q "%testSubFolder%\realFile.txt")||echo Errorlevel !errorlevel!
echo:
echo now removing all access from %testFolder% and doe the same...
rem now remove all access to the Testfolder (also for admins) ( reset later as well by owner)
icacls "%testFolder%" /inheritance:r /t
rem now the same
rem dir don't work
dir /b /a "%testFolder%\*"
rem as expected, can't look behind the Testfolder
if exist "%testSubFolder%" (echo Folder exist) else (echo Folder not exist)
rem ...but i can write to the nul-file of the Subfolder behind the restricted...
(call;>"%testSubFolder%\nul")&&echo Folder exist||echo Errorlevel !errorlevel!
rem same as above ---normal reaction
(call;>"%testFolder%\notExisting\nul")&&echo Folder exist||echo Errorlevel !errorlevel!
rem ...but can't write to a normal file of the Subfolder behind
(call;>"%testSubFolder%\realFile.txt")&&(echo Folder exist &del /q "%testSubFolder%\realFile.txt")||echo Errorlevel !errorlevel!
pause
rem reset this Demo
icacls "%testFolder%" /reset /t
rd /q /s "%testFolder%"
pause
exit /b
I do not need any special help here, but I found it strange that there are ways to look behind the restrictions without rights.
Possibly the whole thing is interesting for other users.