Why Every Self-Respecting Administrator Should Ditch Explorer For Good

Windows Explorer is an end user, a consumer product. It creates a reality distortion field that hides part of what is really there and makes you see things that do not exist. That is OK for its intended customer base, but as an administrator you cannot afford to live in a dream world.

Reality Distortion

Windows Explorer uses several techniques to create its reality distortion field. The most common is the use of special files, called desktop.ini, that may change the name and appearance of folders completely. Take a look at the this screenshot which shows the content of my user profile in Explorer:

User profile as seen in Explorer

The same directory looks a bit different on the command line:

USer profile as seen on the command line

Explanation

There is no directory My Music. My Music is a folder (notice the different wording) in Explorer’s virtual namespace. The transformation from physical directory to virtual folder is accomplished by placing a file called desktop.ini with the following content in the directory Music:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21790
InfoTip=@%SystemRoot%\system32\shell32.dll,-12689
IconResource=%SystemRoot%\system32\imageres.dll,-108
IconFile=%SystemRoot%\system32\shell32.dll
IconIndex=-237

The entry LocalizedResourceName tells Explorer where to get the display name for the directory. It is the string resource with ID 21790 in shell32.dll.

Another nice example of desktop.ini in action is Internet Explorer’s history directory. In Windows Explorer it looks like this:

IE History as seen on in Explorer

But what’s really stored on disk is something completely different:

IE History as seen on the command line

This distortion is created by a desktop.ini file with the following content:

[.ShellClassInfo]
ConfirmFileOp=0
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

Folders with Identical Names

Having multiple folders with the same name is impossible on the same level? Not true! Look at this:

Many identical virtual folder names in Explorer

What is impossible is having multiple (physical) directories on the same level. On the disk, things look a bit different:

Many identical virtual folder names on the command line

Again, desktop.ini files were used to change reality.

Multiple Personalities?

Being able to run a file managment tool from different user accounts sounds like so trivial a requirement that surely no product could fail it. Think again, Explorer can. It is simply not possible to create an instance of explorer.exe that runs under credentials different from the user who is logged on.

This makes it impossible to use Explorer for all the really cool things like browsing the Offline Files cache by launching Explorer via RunAsSystem.

Of course this also means that you cannot elevate Explorer.

Bending the Rules

Instead, when you try to access a directory you do not have access to (which happens frequently with UAC enabled), you get this:

Explorer offering to change permissions

Notice the word permanently? If you click continue Explorer alters the permissions on the folder you were trying to access, giving you full access! The result of doing that frequently can easily be total chaos, reducing the carefully crafted ACLs Microsoft built into the file system to protect users from their own foolishness to a joke.

More Bad Vibes

There is even more. Largely unknown to the general public Windows is well capable of handling file system paths much longer than 260 characters (which is generally considered the limit). In fact, the maximum length of a path is in the area of 32,000 characters. Well-designed applications like SetACL Studio or Delprof2 have no problem working with such long paths. Guess who does: Explorer!

It is not uncommon to find files at paths with more than 260 characters. This often happens when administrators try to work with directories that end users access via a drive letter. Compare the following:

Full UNC path: \\server.mydomain.com\ShareName\SubFolder\YetAnotherSubFolder\Directory
End user path: s:\Directory

Administrators access Directory via a path that is 59 characters longer than the path end users work with. It is thus very easy for end users to create paths administrators cannot access. A nice way to hide things this is!

It’s Soooo Slooow

Another thing that may bug me personally more than most is the fact that it is very hard to control Exlorer by keyboard. I favor the keyboard over the mouse because of speed and accuracy. Fooling around with a menu is nearly always slower than just pressing the equivalent key combination – no wonder applications designed for professionals, like Photoshop, bring keyboard shortcuts for most any function. As Explorer was not designed for professionals, it lacks this functionality.

Alternatives

There are many alternative file managers. I personally have been using Total Commander for a long time and am very happy with it. It is not a beauty, but it is fast and reliable and gets the job done really well.

,

11 Responses to Why Every Self-Respecting Administrator Should Ditch Explorer For Good

  1. xpclient April 24, 2013 at 19:40 #

    Not to mention it got worse after XP:

    http://en.wikipedia.org/wiki/List_of_features_removed_in_Windows_Vista
    http://en.wikipedia.org/wiki/List_of_features_removed_in_Windows_7
    Don’t even get me started with Windows 8’s Explorer.

  2. Lil April 24, 2013 at 19:46 #

    We’ve been using Total Commander for Windows for several years now and their product get better with each release. Once you’ve paid for it, you get all future releases for free and you can use the same key file. Too bad it doesn’t fully support silent installs (yet) but I know they are working on it.

  3. Rene April 25, 2013 at 07:00 #

    Or try “Altap Salamander” as a replacement for Explorer. For more information http://www.altap.cz.

  4. Frane April 25, 2013 at 07:36 #

    I agree with Lil, been using Total Commander from DOS days (norton commander) and will be using in future :-)

  5. Carl April 25, 2013 at 09:34 #

    Nice write up, thanks for taking the time Helge

  6. Carsten April 25, 2013 at 12:16 #

    Totally agree. See http://support.microsoft.com/kb/947222
    If you redirect the documents folder you can get real trouble…

  7. @thorstenbutz April 27, 2013 at 15:41 #

    Very nice article; the worst thing is: you did not even mention how ridiculous things are, when you use localized Windows OS.
    This article motivated me to publish a script, that enables “Run as administrator” for the explorer.exe. As a kind of pingback, this script uses your setacl.exe to change the relevant regkey. Maybe someone finds it useful. You can find it here (if URLs are allowed here):
    http://www.thorsten-butz.de/public/Enable-ExplorerRunAs.ps1.txt

  8. Drewfus July 17, 2014 at 11:21 #

    Helge,
    try this one:

    http://onecommander.com/

    Very innovative!

    • Helge Klein July 22, 2014 at 22:34 #

      Looks very interesting, but it seems to be optimized for mouse control and I am more of a keyboard person.

Leave a Reply