WatchPoint Security Blog

Using Group Policy to Disable Show Hidden Files

Written by Chris Hartwig | August 19, 2019

There are thousands of hidden files on your workstation that were installed with your applications and operating system that you probably are not aware exist. Deleting these hidden files could be catastrophic, so keeping these files safe and hidden is important. If you discover certain hidden files and attempt to delete or alter them, there could be a number of unforeseen consequences for the operating system and applications, including data loss and completely crashing the system.

To safeguard against such a system crash, be certain hidden files are in fact hidden. In a domain environment it is best to use group policy to disable showing hidden files to quickly ensure all workstations comply with this policy. 

How to Configure Group Policy to Disable Show Hidden Files

  1.  Open Group Policy Management from Administrative Tools under the Start Menu
  2. Right-click the domain or organizational unit where you would like to apply the OU.
  3. Select Create a GPO in this domain, and Link it hereā€¦
  4. Name the New GPO and click OK
  5. Right-click the new GPO and choose Edit
  6.  Using the Group Policy Management Editor click to expand User Configuration >Preferences > Control Panel Settings > Folder Options
  7. Right-click Folder Options and select New > Folder Options (Windows Vista and later)
  8. Click the radio button Do not show hidden files and folders and click OK
  9. Close the Group Policy Editor and test

Testing your new GPO 

To test this GPO, you will need to bypass it by setting the folder options on the workstation.

  1. From a workstation open the Control Panel and select Folder Options
  2. In Folder Options Click the View Tab, Click the radio button to Show hidden files, folders and drives and click Apply
  3. Create a new text document on the desktop
  4. Right-click that new document, select properties and check the box to mark the document hidden
  5. Click Apply
  6. Hold the Window + r keys and type cmd.exe in the run dialog box.
  7. In the command line window that opens type gpupdate /force

After this commands runs the workstation will apply the Group Policy settings from the domain controller. Once this happens the file you created on the desktop should disappear. 

Although a user can manually show hidden files it is rare that one will have any desire or reason to do so. If a user does manually circumvent the GPO it will reapply each time the user logs in or reboots the workstation. You can also manually force the update by running gpupdate /force from the command line. 

Creating the new GPO should keep all of your hidden files safe from users who might try to delete them preventing data loss and crashed applications or workstations.

Additional Tips You May Enjoy Reading

A Free Tool For Testing Anti-Ransomware Defenses 

Lessor Known File Extension Tricks Used By Hackers 

Enumerate File Shares With Powershell 

Recover Windows Activation Key 

Password Expiry Email Notification 

Brute Force Attack Detection and Blacklisting with Powershell 

Account Lockout Detection and Notification 

Employee Emergency Notifications 

Using NMAP to Find and Close Open Server Ports
View full post