Set all files on Windows XP to a specified create & access date

[donnadigacomo]

How do we set every file on a WINXP PC to a specified creation & access
date.

As part of my monthly cleanup, I already run freeware:
- Malware checkers (spyware, anti-virus, startup programs, etc.)
- Privacy cleaners (cookies, MRUs, tmp files, cache, downloads, etc.)
- Freespace wipers, etc.

I'd like to add a "touch" file-date program to this repetoire.
Basically, it could be a simple batch script, e.g. something like:
FOR %%f in (C:\*) do copy/y/b %%f+,, .> nul

Better yet be a Windows XP program which runs monthly to reset the file
creation, modification, and last access date to the first of the year
(or whatever) without any input required from the user.

Do you have good freeware-only suggestions for such a utility?

Donna

 

[donnadigacomo]

There are numerous "touch" tools freely available via the
Internet. Use this search string in Google to locate them:

"touch.exe" "file date" free
By the way, how does your post relate to public security?

It relates to security in that the DATE you created or modified any
particular file provides potentially useful information to an attacker.
It's like telling the burgler exactly when you'll be home and what room
you will be in and what you will be doing at that time.

Regarding the google search, of course I did the google search!
Run the search you suggested please.
Tell me what you find?

In the thousands of hits, what I came up with in my extensive googling
wer3e only the following fully freeware programs, all of which I
installed and none of which perform the stated task.

SetFileDate (freeware stand-alone program):
http://www.no-nonsense-software.com/freeware/

Property Plus (freeware right-click menu addition):
http://www.ne.jp/asahi/cool/kish/pplusmain.htm

Attribute Changer (freeware right-click menu addition):
http://webplaza.pt.lu/~rpetges/downloads.html

Given this more complete information, what do YOU recommend for a
Windows XP freeware date changer which runs periodically to reset the
date to a previously defined date?

The real question that only an expert can answer is:
Does it exist?

Donna

 

[Mark Dormer]

If they can see the file dates then you already have a large security issue.

A Win32 version of Touch.exe is included in these tools ported from unix
http://unxutils.sourceforge.net/

Note
touch /? won't show you tje help
touch --help will show the help

Regards
Mark Dormer

 

[filthy-mcnasty]

Using at least one appendage, the entity known in this space-time continuum
as (e-mail address removed) revealed in @g47g2000cwa.googlegroups.com:

Given this more complete information, what do YOU recommend for a
Windows XP freeware date changer which runs periodically to reset the
date to a previously defined date?

Doubt you'll find anything to set ALL files as required. Open files won't
be touched and you can't do it under the recovery console either. In safe
mode, with no apps running other than whichever touch tool you settle on,
the best you can hope for is MOST files. System files, being open, will
resist any attempt to tinker

I think - Shoot me down gently

 

[Michael Bednarek]

How do we set every file on a WINXP PC to a specified creation & access
date.

As part of my monthly cleanup, I already run freeware:
- Malware checkers (spyware, anti-virus, startup programs, etc.)
- Privacy cleaners (cookies, MRUs, tmp files, cache, downloads, etc.)
- Freespace wipers, etc.

I'd like to add a "touch" file-date program to this repetoire.
Basically, it could be a simple batch script, e.g. something like:
FOR %%f in (C:\*) do copy/y/b %%f+,, .> nul

FOR /? tells me that the /R switch (quote): "Walks the directory tree".
As for "touch": you couldn't find any such utility?

Better yet be a Windows XP program which runs monthly to reset the file
creation, modification, and last access date to the first of the year
(or whatever) without any input required from the user.

Have you thought this through? Don't you think that these dates may have
significance for backup programs, anti-virus programs, firewalls, etc?
Could you explain again what exactly such an operation would achieve?

 

[Paul Adare]

It relates to security in that the DATE you created or modified any
particular file provides potentially useful information to an attacker.
It's like telling the burgler exactly when you'll be home and what room
you will be in and what you will be doing at that time.

This is nothing more than a prime example of security by obscurity and
is really a complete waste of time and effort and provides no measure of
security at all.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea

 

[Shenan Stanley]

It relates to security in that the DATE you created or modified any

particular file provides potentially useful information to an
attacker. It's like telling the burgler exactly when you'll be home
and what room you will be in and what you will be doing at that time.

If the attacker already has access to your files - then the fact that they
know when you will be back should be the least of your security concerns.

I think you should read this and re-evaluate where you are putting your
concern.. =)
http://www.ranum.com/security/computer_security/editorials/dumb/

 

[Steven L Umbach]

I have never heard of anyone even considering that before and can not
imagine it would have any impact on securing an operating system or data.
There are many other things you can do to increase security that would be
more of a preventative approach such as using a firewall, strong passwords,
restrictive ntfs permissions, and physically securing your computer if other
unwanted users could potentially access it. You can also configure your
computer's cmos to require a password to boot into the operating system or
configure syskey to require a password to access the operating system. In
more extreme cases use a removable hard drive tray so that it is easy to
remove your hard drive to lock up somewhere when you are not using the
computer. The new Shared Computer Toolkit [see link below] can also be used
to implement the Windows Disk Protection Tool so that all changes to the
system drive are removed when the computer is rebooted though this requires
that you have some unpartioned space on your hard drive. -- Steve

http://www.microsoft.com/windowsxp/sharedaccess/overview.mspx

 

[Conor]

Given this more complete information, what do YOU recommend for a
Windows XP freeware date changer which runs periodically to reset the
date to a previously defined date?

Even better, you can set Windows XP so it doesn't actually add a
timestamp at all.

 

[Conor]

This is nothing more than a prime example of security by obscurity and
is really a complete waste of time and effort and provides no measure of
security at all.

Precisely.

 

[Michael Bednarek]

Even better, you can set Windows XP so it doesn't actually add a
timestamp at all.

None at all? How?

 

[Susan Sonnenberg]

This is so common a security task that entire utilities have been written
to touch the creation, last accessed, and last modified date of a Windows
XP file.

See touch.exe at http://unxutils.sourceforge.net for example.

However, since touch.exe leaves files in use alone, most Windows XP
security experts write their own touch-like utility. For example see
http://edais.mvps.org/Code/Libraries/Utility/modTime.bas

Here is a snippet to give you an idea of what you can do to eliminate date
related snooping on your Windows NT computer.

If (GetFileTimes(FileName, FileTimes)) Then
FileTimes.ftModified = SystemTimeToFileTime(VBTimeToSystemTime( _
DateAdd("d", -2,
SystemTimeToVBTime(FileTimeToSystemTime(FileTimes.ftModified)))))
If (Not SetFileTimes(FileName, FileTimes)) Then Call MsgBox("Error
setting file times")
Else
Call MsgBox("Error getting file times")
End If

--

 

[Paul Adare]

microsoft.public.security news group, Susan Sonnenberg <ssonenberg443
@hotmail.com> says...

This is so common a security task that entire utilities have been written
to touch the creation, last accessed, and last modified date of a Windows
XP file.

Once again, this has nothing at all to do with security.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea

 

[Asher_N]

microsoft.public.security news group, Susan Sonnenberg <ssonenberg443
@hotmail.com> says...


Once again, this has nothing at all to do with security.

Not only that, but it will mess up security. Next time you need to verify
an OS component, and you are told that it is of a certain size with a
time stamp of x, you are screwed. It will also screw up backups and your
ability to search for documents by time stamp. It's just stupid. If I get
access to your machine and I want to steal your documents, I'll steal
them, regardless of the time stamp.

 

[Paul Koch]

None at all? How?

The biggest security hole on your computer is the one you don't suspect.

Given that Windows XP maintains these 3 time stamps
o File Creation Date
o Last Accessed Date
o Last Modified Date

What I hope to find is a way to turn OFF the modification of the last
accessed date. I have never ever needed to search for a file based on
this critical information but I have used it to snoop on my children and
on many of my coworkers to monitor their use on the computer. I used it
just last week to see if someone modified a file on me they said they
were working on (they didn't).

Since this last accessed date provides me so much dirt on my friends - I
would hate to see what this information can do for my enemies. Since I
work in a cube on a big network, and since I don't own the computer, I
can not easily lock up my computer from snooping. Since the biggest
security hole on your computer is the one you don't suspect, I find so
much about others via this method of time-stamp snooping. It's great
because they don't suspect it at all!

To protect myself, once a quarter, I run WindowsXP freeware Attribute
Changer 5 ( http://webplaza.pt.lu/~rpetges/downloads.html ) to set these
3 dates to January 01, 2001 at 12:01:01 am for all folders & files on my
hard disc not currently in use by the operating system. Effectively this
resets the dates for all but a few dozen files which are not data files
anyway. I immediately uninstall the program after every use as my company
forbids rogue programs to be installed on the computer.

The ONLY side effect I have seen over the years of using time-stamp
protection came with the advent of the Windows XP security checker which
erroneously reports my Norton antivirus data files are out of date
(Microsoft must do a dumb time-stamp look up or something stupid like
that).

After all this effort to protect myself (and to snoop on others), my only
desire is to find an expert who knows how to TURN OFF the last-accessed
date. I only hope my coworkers don't find out as this is one Windows
security loophole I am having a field day with to get ahead at work!

 

[Paul N. Koch]

Even better, you can set Windows XP so it doesn't actually add a
timestamp at all.

The biggest security hole is the one you don't suspect so as I said I've
gleaned much information about my coworkers habits from time stamp
snooping.

My favorite is the last accessed date for files. You can easily search
their computer for all the files they most recently accessed to piece
together what pet projects (and personal activities) they are working on.

I find the log of their last accessed date files to be more interesting
than the file creation or last modified dates because it tells me what they
are reading day to day. I can even predict ahead of time what they will be
doing tomorrow and when - which I find useful so I can then walk by their
cube at just the right time to gather more information.

By this method, I intend on getting ahead at work which is all that
matters.

Paul Koch

 

[Far Canal]

Paul Koch wrote

After all this effort to protect myself (and to snoop on others), my only
desire is to find an expert who knows how to TURN OFF the last-accessed
date. I only hope my coworkers don't find out as this is one Windows
security loophole I am having a field day with to get ahead at work!

You didn't look very hard

You can prevent NTFS from having to update the last accessed date/time
stamp by setting the following DWord value to 1:

HKLM\System\CurrentControlSet\Control\FileSystem
\NtfsDisableLastAccessUpdate

 

[Michael Bednarek]

alt.comp.freeware.discussion, microsoft.public.windowsxp.general,
alt.comp.freeware, alt.msdos.batch, microsoft.public.security,
alt.privacy.spyware, microsoft.public.windowsxp.general, seen in
alt.msdos.batch:

news:[email protected]:

You snipped the following attribution:[snip]

You didn't answer my question regarding Conor's assertion: how to turn
off timestamping altogether.

What I hope to find is a way to turn OFF the modification of the last
accessed date.

[snip]

It's not really difficult to find. But here you are:
Key: HKLM\SYSTEM\CurrentControlSet\Control\FileSystem
Name: NtfsDisableLastAccessUpdate (DWORD)
Value: 1

[snip]

After all this effort to protect myself (and to snoop on others), my only
desire is to find an expert who knows how to TURN OFF the last-accessed
date. I only hope my coworkers don't find out as this is one Windows
security loophole I am having a field day with to get ahead at work!

In most organisations I know, such behaviour would be subject to
substantial penalties, including dismissal. I suspect Texas Instruments
would have similar rules.

 

[David Candy]

Did you reboot?

 

[David Candy]

NtfsDisableLastAccessUpdate
HKLM\SYSTEM\CurrentControlSet\Control\FileSystem

Data type Range Default value
REG_DWORD 0 | 1 0

Description
Determines whether NTFS updates the last-access time stamp on each directory when it lists the directories on an NTFS volume.

This entry is designed to prevent the NTFS log buffer in physical memory from becoming filled with time stamp update records. If you have an NTFS volume with a very large number of directories (in excess of 70,000), and Windows 2000 does not respond quickly to dir commands, adding this entry to the registry might make directory listings faster.

Value Meaning
0 When listing directories, NTFS updates the last-access time stamp on each directory it detects and writes a record to the NTFS log noting each time change.
1 When listing directories, NTFS does not update the last-access time stamp and does not write time stamp update records to the NTFS log.

Note

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program, such as Group Policy, that edits the registry.

Tip

For more information on NTFS directories, see the Microsoft Knowledge Base link on the Web Resources page. Search the Knowledge Base for Article Q150355, or use the keywords NTFS directories.

Send feedback to MSDN.Look here for MSDN Online resources.