In Windows, CreateFile assumes that application designers are careful not to overwrite or delete files; CreateFile allows write and delete operations to be performed regardless of file attribute settings and regardless of the manner in which the file is accessed. This behavior might be somehow in keeping with the security implementation of Windows, but it differs from current industry standards on most other platforms.

In Windows NT, there is a privilege level that allows directories and files to be deleted even if it has the read-only file attribute set. This privilege level, called full control privilege, applies to the NTFS file system. Judging by the behavior of the CreateFile, WriteFile, and DeleteFile functions on Windows NT, it appears that the full control privilege level is implemented in Windows NT as the default privilege level for FAT and other file systems as well. In Windows NT, if the CREATE_ALWAYS parameter is used, CreateFile deletes any file of the same name that currently exists, regardless of its attributes, and regardless of the access mode set by fdwAccess. The OS/2 version of CreateFile fails if CREATE_ALWAYS is used and the access mode is set to read-only.