Making a folder read only in Windows can be useful for protecting important files from accidental changes or deletions. By setting a folder to read only, users can view and open files but won’t be able to modify, delete or add new files.
There are a few easy ways to make a folder read only in Windows 10, 8, 7 and Vista. Here’s a step-by-step guide to making folders read only using File Explorer properties, the command prompt, and registry tweaks.
Set Folder to Read Only with File Explorer
The easiest way to make a folder read only is using File Explorer. Here are the steps
-
Open File Explorer and navigate to the folder you want to make read only.
-
Right click on the folder and select Properties from the context menu.
-
In the Properties window, click the General tab.
-
Check the box next to Read-only under Attributes.
-
Click Apply and then OK to save the changes.
This will make the folder read only, preventing files from being modified, added or deleted. Existing files can still be opened and viewed.
To undo this and make the folder writable again, simply uncheck the Read-only box and click Apply.
Use Command Prompt to Set Read Only Folder
You can also make a folder read only from the command prompt using the attrib command. Here’s how:
-
Open the Command Prompt. Type
cmdin the Windows search box or Start menu to launch it. -
Navigate to the folder you want to make read only using the
cdcommand. For example:cd C:UsersMaxDocumentsReadOnlyFolder -
Type the following command and press Enter:
attrib +r /s /d
This will recursively set the read only attribute on the current folder, all files and all subfolders.
To reverse this, run the same command but use -r instead to remove the read only attribute:
attrib -r /s /dThis method is useful for applying read only attributes to an entire folder structure from the command line.
Use Registry Editor to Make Folder Read Only
You can also make an entire drive read only by editing the Windows registry. This will set all folders and files on the drive as read only.
Warning: Editing the registry incorrectly can cause serious issues, so only make changes if you’re comfortable with the risks. Make a backup first.
Here are the steps to make a drive read only with the registry:
-
Type
regeditin the Windows search box or Start menu to launch the Registry Editor. -
Navigate to the key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlFileSystem -
Right click on the right pane and select New > DWORD (32-bit) Value
-
Name the new value
NtfsDisableLastAccessUpdate -
Double click on the new value and set the data to
1 -
Click OK and close the Registry Editor.
-
Reboot your PC for changes to take effect.
Now the specified drive will be set as read only. Repeat these steps but set the value to 0 to undo the changes.
Remember Folder Attributes
One thing to keep in mind is that setting the read only attribute on folders is only a temporary measure. If applications need to write files within a read only folder, Windows will automatically remove the read only status and allow the write to happen.
To ensure a folder stays read only even after reboots or writes, you’ll need to regularly check and re-apply the read only attribute. Or use the registry method to enforce read only on the entire drive permanently.
It’s also a good idea to communicate with other users who access the read only folders to avoid unintended file changes. And don’t attempt to set system folders like Windows or Program Files as read only, as this can cause issues.
Common Questions About Read Only Folders
Here are some frequently asked questions about working with read only folders:
Can I still open and view files in a read only folder?
Yes, existing files within a read only folder can be opened and viewed normally. The read only restriction only prevents modifying, deleting or adding new files.
What happens if I try to save changes to a file in a read only folder?
You’ll get an error message that the file cannot be saved due to the read only attribute. You’ll need to disable the read only status to save any changes.
Can I delete a read only folder?
No, read only folders and the files within them cannot be deleted. The attribute must first be disabled to delete files again.
Will making a folder read only also apply to subfolders?
No, the read only attribute only applies to the specific folder it’s set on. Subfolders and files will not inherit the read only status automatically.
What’s the best way to apply read only to all files and folders?
Using the attrib command from the command prompt is the easiest way to recursively set read only on all subfolders and files under a parent folder.
When to Use Read Only Folders
Here are some examples of situations when setting a read only folder can be useful:
-
Protecting finished work from further changes, like source code repositories or legal documents.
-
Preventing accidental deletion of important files, like work projects or personal photos.
-
Stopping virus infections from modifying and corrupting files.
-
Allowing temporary users to safely view files without modifying anything.
-
Enforcing compliance rules that require maintaining original documents.
-
Securing confidential files so they can’t be altered or deleted if compromised.
Used properly, read only folders can be a simple yet effective way to add an extra layer of protection for your important data in Windows. Just be mindful of folders that legitimately require write access later, and set the attribute accordingly.
Further Reading and Resources
- Environment Variables
- ICACLS
/deny Sid:perm explicitly denies the specified user access rights. An explicit deny ACE is added for the stated permissions and the same permissions in any explicit grant are removed. WA - write attributes inheritance rights may precede either form and are applied only to directories: (OI) - object inherit
Romeo is correct, you can make your individual files read-only that way through the properties, but you wont be able to protect it from deletion.
A further suggestion, if youd like to quickly change multiple files to read only.
Open up a command prompt and enter the command attrib +r [path] taking advantage of the wildcard *
This is what I am using.
Command below will make a ./delme/ directory read-only – you will not be able to create/change files/directories inside.
It adds a new access rule to delme directory which denies all write operations for everyone and specifies this rule should be applied to all directories and files inside as well.
Execute icacls.exe to see what these codes mean.
Execute icacls.exe .delme to examine existing rules. Also you can see/change them in GUI as it is whosn in accepted answer. And undo it with this command:
- it removes all “deny” rules for group Everyone. Probably the one youve created was the only one such rule.
Same action can be done in Powershell. It is more cumbersome and more readable:
It removes exactly this rule and wouldnt lead to removal of other deny rules if there were any. Again, everything can be controlled in Security tab.
Right click on folder, Properties, below Attributes, set ReadOnly, Apply.
This will make all files in this folder (and subfolders if you select) to be only for read. When you try to save R/O file the software will offer you to Save As different name
5 Answers 5 Sorted by:
Original answer:
If its NTFS, you can use the file system security feature.
- Edit the folders “security” tab, Im assuming you didnt change them before: delete “authenticated users”, it may warn you that you must disable inheritance first, do so in the “advance” option.
- Make sure UAC is on.
Now when you try to edit/add/delete anything inside that folder, UAC will warn you, you can even set it to higher level that you must enter your password every time.
Edit: The above method is a fool-proof easy guide, which only apply to Windows Vista+ and require admin rights, and untempered file/folder security settings to start with.
However if you understand the principle behind, you can do this on nearly any Windows version with NTFS, on any user account.
Assume your normal working account is A, and another “safe” account is B, you can set the folder owner to B and give full privilege to it (dont forget to check “replace all child object permissions with inheritable permissions from this object”), then add account A as read-only, and now you can only write to it with account B, while still read/use it in the daily account A.
Without administrator rights, you cannot remove administrator from the access list, nor change the owner if it was administrator. But the method should work anyway, also if you create the folder, the owner should be default to you.
PS. All above are based on my experience, welcome to advice if you have better method.
You can use ICACLS and explicitly deny the write attributes permission to all the files within a specific folder and prevent yourself (or any security group) from overwriting or modifying these files but still allow read access to open them.
Below is a batch script with environmental %userdomain%%username% variables to define the current domain (or local machine name) and username signed onto the machine you execute the batch script as (i.e.
Replace the value of the Folder= variable to be the full explicit folder path (or UNC path) to the location you need to make the existing files within read only accessible.
If you look at the file ACL permissions, you will see the write attributes with an explicit deny now that applied to this folder and files.
Heres a folder with test documents with V1, V2, and so on which has already had be batch script run against.
If you try to save the file the save as dialogue will pop up, and if you try to overwrite the file that already exists with the same file name, you will get an access denied error message since that file is read-only accessible for this account.
You simply do a save as, give the file a different name but to the same folder which you locked down all the files to be read only accessible, and this is where youd increment your number up by one or whatever.
Any newly saved files in this folder will now have the write attributes denied and thus these permission restrictions are applied to it effective immediately once the file with the new file name is saved to this folder.
