by: Helge, published: Apr 24, 2013, in

Why Every Self-Respecting Administrator Should Ditch Explorer For Good

Windows Explorer is an end user, a consumer product. It creates a reality distortion field that hides part of what is really there and makes you see things that do not exist. That is OK for its intended customer base, but as an administrator you cannot afford to live in a dream world.

Reality Distortion

Windows Explorer uses several techniques to create its reality distortion field. The most common is the use of special files, called desktop.ini, that may change the name and appearance of folders completely. Take a look at the this screenshot which shows the content of my user profile in Explorer:

User profile as seen in Explorer

The same directory looks a bit different on the command line:

USer profile as seen on the command line

Explanation

There is no directory My Music. My Music is a folder (notice the different wording) in Explorer’s virtual namespace. The transformation from physical directory to virtual folder is accomplished by placing a file called desktop.ini with the following content in the directory Music:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21790
InfoTip=@%SystemRoot%\system32\shell32.dll,-12689
IconResource=%SystemRoot%\system32\imageres.dll,-108
IconFile=%SystemRoot%\system32\shell32.dll
IconIndex=-237

The entry LocalizedResourceName tells Explorer where to get the display name for the directory. It is the string resource with ID 21790 in shell32.dll.

Another nice example of desktop.ini in action is Internet Explorer’s history directory. In Windows Explorer it looks like this:

IE History as seen on in Explorer

But what’s really stored on disk is something completely different:

IE History as seen on the command line

This distortion is created by a desktop.ini file with the following content:

[.ShellClassInfo]
ConfirmFileOp=0
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

Folders with Identical Names

Having multiple folders with the same name is impossible on the same level? Not true! Look at this:

Many identical virtual folder names in Explorer

What is impossible is having multiple (physical) directories on the same level. On the disk, things look a bit different:

Many identical virtual folder names on the command line

Again, desktop.ini files were used to change reality.

Multiple Personalities?

Being able to run a file managment tool from different user accounts sounds like so trivial a requirement that surely no product could fail it. Think again, Explorer can. It is simply not possible to create an instance of explorer.exe that runs under credentials different from the user who is logged on.

This makes it impossible to use Explorer for all the really cool things like browsing the Offline Files cache by launching Explorer via RunAsSystem.

Of course this also means that you cannot elevate Explorer.

Bending the Rules

Instead, when you try to access a directory you do not have access to (which happens frequently with UAC enabled), you get this:

Explorer offering to change permissions

Notice the word permanently? If you click continue Explorer alters the permissions on the folder you were trying to access, giving you full access! The result of doing that frequently can easily be total chaos, reducing the carefully crafted ACLs Microsoft built into the file system to protect users from their own foolishness to a joke.

More Bad Vibes

There is even more. Largely unknown to the general public Windows is well capable of handling file system paths much longer than 260 characters (which is generally considered the limit). In fact, the maximum length of a path is in the area of 32,000 characters. Well-designed applications like SetACL Studio or Delprof2 have no problem working with such long paths. Guess who does: Explorer!

It is not uncommon to find files at paths with more than 260 characters. This often happens when administrators try to work with directories that end users access via a drive letter. Compare the following:

Full UNC path: \\server.mydomain.com\ShareName\SubFolder\YetAnotherSubFolder\Directory
End user path: s:\Directory

Administrators access Directory via a path that is 59 characters longer than the path end users work with. It is thus very easy for end users to create paths administrators cannot access. A nice way to hide things this is!

It’s Soooo Slooow

Another thing that may bug me personally more than most is the fact that it is very hard to control Exlorer by keyboard. I favor the keyboard over the mouse because of speed and accuracy. Fooling around with a menu is nearly always slower than just pressing the equivalent key combination – no wonder applications designed for professionals, like Photoshop, bring keyboard shortcuts for most any function. As Explorer was not designed for professionals, it lacks this functionality.

Alternatives

There are many alternative file managers. I personally have been using Total Commander for a long time and am very happy with it. It is not a beauty, but it is fast and reliable and gets the job done really well.

Previous Article What are Slow Logons and Where Do They Come From?
Next Article Monitoring Browser Performance per Site with uberAgent for Splunk