Published: November 03, 2005
On readable/writable disks, Microsoft Windows XP Professional supports the NTFS file system and three file allocation table (FAT) file systems: FAT12, FAT16, and FAT32. On CDROM and DVD media, Windows XP Professional supports two file systems: Compact Disc File System (CDFS) and Universal Disk Format (UDF).
When choosing a file system for readable/writable disks, you must consider the features associated with each file system. You must also consider limitations, such as maximum volume size, cluster size, file size, and compatibility with other operating systems.
For information on how to obtain the Windows XP Professional Resource Kit in its entirety, please see http://www.microsoft.com/mspress/books/6795.asp.
On This Page
.gif)
Related Information
New in File Systems
Overview
Advantages of Using NTFS
Using the NTFS File System
Comparing FAT File Systems
Compact Disc File System
Universal Disk Format
Using File System Tools
File Naming in Windows XP Professional
Additional Resources
Related Information
-
For more information about disks and volumes, see Chapter 12, “Organizing Disks.”
-
For more information about sharing folders and shared folder permissions, see Chapter 6, “Managing Files and Folders.”
New in File Systems
Windows XP Professional provides improved file system performance and features. Table 13-1 summarizes the enhancements made from Microsoft Windows 2000 to Windows XP Professional.
Table 13-1 Enhancements Since Windows 2000
| Enhancement | Description |
| NTFS performance is improved. | Some data structures on newly formatted NTFS volumes have been moved to a different location on the physical disk. This new location improves performance from 5 to 8 percent, making NTFS performance similar to FAT. |
| A quick-format option is available during Windows XP Professional Setup. | If the volume is already formatted and you are sure the disk is not damaged, use this option during Setup to decrease the time necessary to format the volume. |
| Variable cluster sizes are now available on volumes converted to NTFS. | The format command in Windows XP Professional now aligns FAT data clusters at the cluster size boundary. This alignment improves the conversion of FAT volumes to NTFS because the convert command can now use a variable cluster size, up to a maximum of 4 kilobytes (KB), for converted volumes, instead of a fixed 512-byte cluster size as used in Windows 2000. |
| Default permissions are applied to volumes converted to NTFS. | Convert.exe now applies default permissions on volumes converted to NTFS. This change ensures that converted NTFS volumes receive the same access control lists (ACLs) as natively formatted NTFS volumes. |
| A new parameter prevents the master file table (MFT) from becoming fragmented during the conversion to NTFS. | To prevent the MFT from becoming fragmented during the conversion to NTFS, the /cvtarea parameter in Convert.exe allows you to specify a contiguous placeholder file at the root folder to be used for the MFT. Using this parameter improves NTFS performance after the conversion by ensuring that the MFT occupies a contiguous space on the hard disk. |
| More options are available for defragmenting volumes. | Windows XP Professional offers two choices for defragmenting volumes: the Disk Defragmenter snap-in and a new command-line tool called Defrag.exe. Both tools can defragment NTFS volumes that use any cluster size and files smaller than 16 clusters. Both tools can also defragment the MFT on NTFS volumes. |
| Portable Operating System Interface (POSIX) support is provided by Windows Services for UNIX v3.5. | The POSIX subsystem included with Microsoft Windows NT and Windows 2000 is not included with Windows XP Professional. The broad functionality found on most UNIX systems beyond the POSIX.1 standard is included as part of Microsoft Windows Services for UNIX v3.5, with the Interix 3.5 subsystem. |
| Format DVD-RAM discs. | Windows XP Professional supports formatting DVD-RAM discs as FAT32 volumes. |
| Perform file system tasks at the command line by using Fsutil.exe. | Use Fsutil.exe to perform file system tasks such as disabling long file names, checking whether a volume is flagged as dirty, viewing NTFS-related information about a volume, creating hard links, and managing quotas and sparse files. |
| Create a Microsoft MS-DOS startup floppy disk. | When formatting a floppy disk by using My Computer, select the Create an MS-DOS startup disk option. An MS-DOS startup disk is useful when you need to update a computer’s BIOS. |
If you are migrating from Microsoft Windows NT version 4.0, the enhancements in Table 13-2 apply in addition to those outlined in Table 13-1.
Table 13-2 Enhancements Since Windows NT 4.0
| New Feature | Feature Description |
| An updated version of NTFS provides new features exclusive to NTFS volumes. | NTFS—the recommended native file system for Windows XP Professional—is more functional, robust, and secure than the FAT file systems. The version of NTFS included with Windows 2000 introduced features such as encryption, disk quotas, mounted drives, distributed link tracking, sparse files, and so on. These improvements are also available in Windows XP Professional. |
| FAT32 support allows greater flexibility for computers that start other versions of Windows. | FAT32 was a new option in Windows 2000 and continues to be supported by Windows XP Professional. FAT32 formats much larger volumes than FAT16 and stores files on large volumes more efficiently than FAT16. |
Overview
A file system is the structure in which files are named, stored, and organized. File systems supported by Windows XP Professional include FAT16, FAT32, and NTFS. You can use any combination of these file systems on a hard disk, but each volume on a hard disk can be formatted by using only one file system. When choosing the appropriate file system to use, you need to determine the following:
How the computer is used (dedicated to Windows XP Professional or multiple-boot)
On computers that contain multiple operating systems, file system compatibility becomes more complex because different versions of Windows support different combinations of file systems.
The number and size of locally installed hard disks
Each file system has a different maximum volume size. As volume sizes increase, your choice of file systems becomes limited. For example, to create volumes larger than 32 gigabytes (GB) in Windows XP Professional, you must use NTFS.
Security considerations
NTFS offers security features, such as encryption and file and folder permissions. These features are not available on FAT volumes.
Interest in using advanced file system features
NTFS offers features such as disk quotas, distributed link tracking, compression, and mounted drives. These features are not available on FAT volumes.
Advantages of Using NTFS
NTFS provides performance, reliability, and advanced features not found in any version of FAT. Use NTFS wherever possible to gain the maximum benefits from Windows XP Professional, including the following:
Robust, reliable performance
NTFS guarantees the consistency of the volume by using standard transaction logging and recovery techniques. In the event of a system failure, NTFS uses its log file and checkpoint information to restore the consistency of the file system when the computer is restarted.
In the event of a bad-sector error, NTFS dynamically remaps the cluster containing the bad sector and allocates a new cluster for the data. NTFS also marks the cluster as bad and no longer uses it.
Built-in security features
When you set permissions on a file or folder, you specify the groups and users whose access you want to restrict or allow and then select the type of access. For example, you can let one group read the contents of a file, let another group make changes to the file, and prevent all other groups from accessing the file.
The Encrypting File System (EFS) is the technology used to store encrypted files on NTFS volumes. After you encrypt a file or folder, you work with the encrypted file or folder just as you do with any other files and folders. However, an intruder who tries to access your encrypted files or folders is prevented from doing so, even if the intruder has physical access to the computer.
Supports large volumes
Using the default cluster size (4 KB) for large volumes, you can create an NTFS volume up to 16 terabytes. You can create NTFS volumes up to 256 terabytes using the maximum cluster size of 64 KB. NTFS also supports larger files and more files per volume than FAT.
NTFS manages disk space more efficiently than FAT by using smaller cluster sizes. For example, a 30-GB NTFS volume uses 4-KB clusters. The same volume formatted by using FAT32 uses 16-KB clusters. Using smaller clusters reduces wasted space on hard disks.
Designed for storage growth
By enabling disk quotas, you can track and control disk space usage for NTFS volumes. You can configure whether users are allowed to exceed their limit, and you can also configure Windows XP Professional to log an event when a user exceeds a specified warning level or quota limit.
To create extra disk space, you can compress files on NTFS volumes. Compressed files can be read and written by any Windows-based application without first being decompressed by another program.
If you run out of drive letters or need to create additional space that is accessible from an existing folder, you can mount a volume at any empty folder on a local NTFS volume to create a mounted drive. Mounted drives make data more accessible and give you the flexibility to manage data storage based on your work environment and system usage.
You can increase the size of most NTFS volumes by adding unallocated space from the same disk or from another disk. For more information about increasing the size of NTFS volumes, see Chapter 12, “Organizing Disks,”
Other advanced features found only on NTFS volumes
Distributed link tracking maintains the integrity of shortcuts and OLE links. You can rename source files, move them to NTFS volumes on different computers within a Windows 2000 domain, and change the computer name or folder name that stores the target—all without breaking the shortcut or OLE links.
Sparse files consist of large, consecutive areas of zeros. NTFS manages sparse files by tracking the starting and ending point of the sparse file, as well as its useful (nonzero) data. The unused space in a sparse file is made available as free space.
The NTFS change journal provides a persistent log of changes made to files on a volume. NTFS maintains the change journal by tracking information about added, deleted, and modified files for each volume. Programs such as Indexing Service can take advantage of the change journal to boost search performance.
Hard links are NTFS-based links to a file on an NTFS volume. By creating hard links, you can have a single file in multiple folders without duplicating the file. You can also create multiple hard links for a file in a folder if you use different file names for the hard links. Because all the hard links reference the same file, applications can open any of the hard links and modify the file.
When to Use FAT
If your computer runs only Windows XP Professional and you do not plan to install other operating systems, use NTFS. However, if you have other operating systems installed and want to access the volumes, you must use FAT16 or FAT32, depending on which operating systems are on your computer. For example, to start a Windows XP Professional–based computer in Microsoft MS-DOS, Microsoft Windows 3.x, or Microsoft Windows 95, you must use FAT16. For a multiple-boot configuration that has Microsoft Windows‚ 95 OEM Service Release 2 (OSR2), Microsoft Windows 98, or Microsoft Windows Millennium Edition (Me), use FAT32. Table 13-3 shows the file system formats supported by various operating systems.
Table 13-3 Operating System and File System Compatibility
| Operating System | FAT16 | FAT32 | NTFS |
| Windows XP | X | X | X |
| Windows Server™ 2003 | X | X | X |
| Windows 2000 | X | X | X |
| Windows NT 4.0* | X | | X |
| Windows 95 OSR2, Windows 98, and Windows Me | X | X | |
| Windows 95 (prior to OSR2) | X | | |
| MS-DOS | X | | |
* Computers running Windows NT 4.0 require Service Pack 4 or later to access NTFS volumes previously mounted by Windows 2000, Windows Server 2003, or Windows XP Professional.
In multiple-boot configurations, use NTFS for the Windows NT 4.0 with Service Pack 4 or later boot volume, Windows 2000 boot volume, or Windows XP boot volume if you do not want to access these volumes from other operating systems. However, you must format the system volume according to Table 13-3 to start other operating systems. For more information about NTFS compatibility in computers running Windows NT 4.0 and Windows XP Professional, see “NTFS Compatibility with Windows NT 4.0” later in this chapter. For more information about the system and boot volumes, see Chapter 12, “Organizing Disks.”
Although NTFS is the preferred file system for hard disks, Windows XP Professional uses FAT12 when you format floppy disks and FAT32 when you format DVD-RAM discs. For removable media that can be ejected unexpectedly, you must use FAT16 or FAT32. NTFS is disabled for some removable media because NTFS does not flush data to the disk immediately, and removing NTFS-formatted media without using the Safe Removal application can result in data loss.
If you do not plan on removing the media and want to use NTFS, change the Safe Removal policy.
To enable NTFS on removable media
-
In Device Manager, right-click the device and then click Properties.
-
On the Policies tab, click Optimize for performance.
For more information about removing disks and the Safe Removal policies, see Chapter 9, “Managing Devices.”
You no longer need to use FAT for the system and boot volumes because Windows XP Professional offers two troubleshooting tools designed to access NTFS volumes:
-
Safe Mode starts Windows XP Professional by using only the basic set of device drivers and system services loaded.
-
Recovery Console is a special command-line environment that enables you to copy system files from the operating system CD, fix disk errors, and otherwise troubleshoot system problems without installing a second copy of the operating system.
For more information about Safe Mode and the Recovery Console, see Appendix C, “Tools for Troubleshooting.”
Cluster Size
A cluster (or allocation unit) is the smallest amount of disk space that can be allocated to hold a file. All file systems used by Windows XP Professional organize hard disks based on cluster size, which is determined by the number of sectors that the cluster contains. For example, on a disk that uses 512-byte sectors, a 512-byte cluster contains one sector, whereas a 4-KB cluster contains eight sectors.
FAT16, FAT32, and NTFS each use different cluster sizes depending on the size of the volume, and each file system has a maximum number of clusters it can support. The smaller the cluster size, the more efficiently a disk stores information because unused space within a cluster cannot be used by other files. And the more clusters that are supported, the larger the volumes you can create and format by using a particular file system.
Table 13-4 provides a comparison of FAT16, FAT32, and NTFS volume and default cluster sizes.
Table 13-4 Default Cluster Sizes for Volumes with Windows XP Professional File Systems
| Volume Size | FAT16 Cluster Size | FAT32 Cluster Size | NTFS Cluster Size |
| 7 MB–16 MB | 2 KB | Not supported | 512 bytes |
| 17 MB–32 MB | 512 bytes | Not supported | 512 bytes |
| 33 MB–64 MB | 1 KB | 512 bytes | 512 bytes |
| 65 MB–128 MB | 2 KB | 1 KB | 512 bytes |
| 129 MB–256 MB | 4 KB | 2 KB | 512 bytes |
| 257 MB–512 MB | 8 KB | 4 KB | 512 bytes |
| 513 MB–1024 MB | 16 KB | 4 KB | 1 KB |
| 1025 MB–2 GB | 32 KB | 4 KB | 2 KB |
| 2 GB–4 GB | 64 KB | 4 KB | 4 KB |
| 4 GB–8 GB | Not supported | 4 KB | 4 KB |
| 8 GB–16 GB | Not supported | 8 KB | 4 KB |
| 16 GB–32 GB | Not supported | 16 KB | 4 KB |
| 32 GB–2 terabytes | Not supported | Not supported* | 4 KB |
* Windows XP Professional formats FAT32 volumes up to 32 GB regardless of cluster size. To format volumes larger than 32 GB, you must use NTFS. However, Windows XP Professional can mount FAT32 volumes larger than 32 GB that were created by other operating systems.
In the Disk Management snap-in, you can specify a cluster size of up to 64 KB when you format a volume. If you use the format command to format a volume but do not specify a cluster size by using the /a:size parameter, the default values in Table 13-4 are used. To change the cluster size after the volume is formatted, you must reformat the volume.
Before you choose a cluster size other than the default, note the following important limitations:
-
For Microsoft Windows NT, Windows 2000, Windows Server 2003, and Windows XP Professional, the cluster size of FAT16 volumes from 2 GB through 4 GB is 64 KB, which can create compatibility issues with some applications. For example, setup programs do not compute free space properly on a volume with 64-KB clusters and cannot run because of a perceived lack of free space. For this reason, you must use either NTFS or FAT32 to format volumes larger than 2 GB. The format command in Windows XP Professional displays a warning and asks for a confirmation before formatting a volume that has 64-KB clusters using FAT16.
-
Windows XP Professional, like Windows NT 4.0 and Windows 2000, supports file compression. Because file compression is not supported on cluster sizes above 4 KB, the default NTFS cluster size for Windows XP Professional never exceeds 4 KB. For more information about NTFS compression, see “File Compression” later in this chapter.
To check the cluster size of an existing volume, use the chkdsk command or the fsutil fsinfo ntfsinfo command. For more information about using Chkdsk, see Chapter 28, “Troubleshooting Disks and File Systems.” For more information about using Fsutil, see Windows XP Professional Help.
Size Limitations in NTFS and FAT File Systems
Each file system supports a maximum volume size, file size, and number of files per volume. Because FAT16 and FAT32 volumes are limited to 4 GB and 32 GB, respectively, you must use NTFS to create volumes larger than 32 GB. If you use FAT16 or FAT32 in computers that start multiple operating systems, you must note the following size limitations:
-
FAT volumes smaller than 16 MB are formatted as FAT12.
-
FAT16 volumes larger than 2 GB are not accessible from computers running MS-DOS, Windows 95, Windows 98, Windows Me, and many other operating systems. This limitation occurs because these operating systems do not support cluster sizes larger than 32 KB, which results in the 2 GB limit.
-
In theory, FAT32 volumes can be about 8 terabytes; however, the maximum FAT32 volume size that Windows XP Professional can format is 32 GB. Therefore, you must use NTFS to format volumes larger than 32 GB. However, Windows XP Professional can read and write to larger FAT32 volumes formatted by other operating systems.
-
If you create multidisk volumes such as spanned or striped volumes, the amount of space used on each disk is applied to the total size of the volume. Therefore, to create a multidisk volume that is larger than 32 GB, you must use NTFS.
For more information about FAT16 and FAT32, see “Comparing FAT File Systems” later in this chapter.
Maximum Sizes on NTFS Volumes
In theory, the maximum NTFS volume size is 264 clusters minus 1 cluster. However, the maximum NTFS volume size as implemented in Windows XP Professional is 232 clusters minus 1 cluster. For example, using 64-KB clusters, the maximum NTFS volume size is 256 terabytes minus 64 KB. Using the default cluster size of 4 KB, the maximum NTFS volume size is 16 terabytes minus 4 KB.
Because partition tables on master boot record (MBR) disks support only partition sizes up to 2 terabytes, you must use dynamic volumes to create NTFS volumes over 2 terabytes. Windows XP Professional manages dynamic volumes in a special database instead of in the partition table, so dynamic volumes are not subject to the 2-terabyte physical limit imposed by the partition table. Therefore, dynamic NTFS volumes can be as large as the maximum volume size supported by NTFS.
64-bit computers that use GUID partition table (GPT) disks also support NTFS volumes larger than 2 terabytes.
Note If you use a large number of files in an NTFS folder (300,000 or more), disable short-file name generation, especially if the first six characters of the long file names are similar. For more information, see “Optimizing NTFS Performance” later in this chapter.
Table 13-5 lists NTFS size limits.
Table 13-5 NTFS Size Limits
| Description | Limit |
| Maximum file size | Theory: 16 exabytes minus 1 KB (264 bytes minus 1 KB) Implementation: 16 terabytes minus 64 KB (244 bytes minus 64 KB) |
| Maximum volume size | Theory: 264 clusters minus 1 cluster Implementation: 256 terabytes minus 64 KB (232 clusters minus 1 cluster) |
| Files per volume | 4,294,967,295 (232 files minus 1 file) |
Maximum Sizes on FAT32 Volumes
A FAT32 volume must have a minimum of 65,527 clusters. Windows XP Professional can format FAT32 volumes up to 32 GB, but it can mount larger FAT32 volumes created by other operating systems. Table 13-6 lists FAT32 size limits.
Table 13-6 FAT32 Size Limits
| Description | Limit |
| Maximum file size | 4 GB minus 1 byte (232 bytes minus 1 byte) |
| Maximum volume size | 32 GB (implementation) |
| Files per volume | 4,177,920 |
| Maximum number of files and subfolders within a single folder | 65,534 (The use of long file names can significantly reduce the number of available files and subfolders within a folder.) |
Maximum Sizes on FAT16 Volumes
FAT16 supports a maximum of 65,524 clusters per volume. Table 13-7 lists FAT16 size limits.
Table 13-7 FAT16 Size Limits
| Description | Limit |
| Maximum file size | 4 GB minus 1 byte (232 bytes minus 1 byte) |
| Maximum volume size | 4 GB |
| Files per volume | Approximately 65,536 (216 files) |
| Maximum number of files and folders within the root folder | 512 (Long file names can reduce the number of available files and folders in the root folder.) |
Formatting a Volume
You choose a file system when you format a volume. During the format, Windows XP Professional places key file system structures on the volume. These structures include the boot sector, the file allocation table (for FAT volumes), and the master file table (for NTFS volumes). Depending on the program you use to format a volume, you can also choose one or more of the following formatting options.
Volume label
Specifies the name of the volume using up to 11 characters for FAT volumes and 32 characters for NTFS volumes. Volume labels make it easy to identify volumes when you view them in Microsoft Windows Explorer, My Computer, and Disk Management.
Quick format
Creates the file system structure on the volume without verifying the integrity of every sector in the volume, which increases the formatting speed. If the volume is already formatted and you are sure the disk is not damaged, use this option. If quick format fails, perform the format again without using quick format. A full format identifies and tracks bad sectors so that they are not used for storing data.
Note You must use the quick format option if you format a volume created on a third-party hardware-based RAID array that supports pre-allocating space for future use even though the physical disks do not have this space available. In this case, if you do not choose the quick format option, the format does not complete because Windows XP Professional cannot read every sector on the disk.
Enable compression
Compresses all files in the NTFS volume. For more information about compression, see “File Compression” later in this chapter.
Allocation unit (cluster) size
Specifies the cluster size to be used when the volume is formatted. Use the default size unless you want to choose a different cluster size for performance reasons. For more information about the impact of cluster sizes on performance, see “Optimizing NTFS Performance” later in this chapter.
The available formatting options vary according to the program you use to format the volume. Table 13-8 describes the programs that you can use to format a volume as well as the available options for each program.
Table 13-8 Options Available When You Format a Volume
| Format Option | Where the Option Is Available | Where the Option Is Available | Where the Option Is Available | Where the Option Is Available |
| | Setup | My Computer or Windows Explorer | Disk Management | Format Command |
| Volume label | No option to create a volume label. | Available for all volumes. | Available for all volumes. | Use the /v:label parameter to specify the volume label. |
| Quick format | Available for all volumes. | Available for all volumes. | Available for all volumes. | Use the /q parameter to specify the quick format option. |
| Enable compression | No option to compress the volume. | Available for NTFS volumes. | Available for NTFS volumes. | Use the /c parameter to enable compression for NTFS volumes. |
| Allocation unit (cluster) size | Uses the default cluster size only. | Offers default cluster sizes for FAT volumes and cluster sizes up to 4 KB for NTFS volumes. | Offers all available cluster sizes. | Use the /a:size parameter to specify the cluster size. |
When you format a volume during Windows XP Professional Setup, you can choose between NTFS and FAT. The version of FAT that Setup uses depends on the size of the volume. For volumes smaller than 2 GB (2048 MB), Setup uses FAT16. For volumes 2 GB or larger, Setup uses FAT32. For volumes 32 GB or larger, Setup uses NTFS and does not offer FAT.
Disk Management requires you to format volumes on dynamic disks and GPT disks as NTFS. Use the format command to format these volumes as FAT or FAT32. For more information about dynamic disks and GPT disks, see Chapter 12, “Organizing Disks.”
Note The format command is also available in Recovery Console. For more information about using Recovery Console, see Appendix C, “Tools for Troubleshooting.”
You cannot format a volume that contains the paging file. Disk Management disables the Format menu command for paging file volumes. My Computer, Windows Explorer, and the format command display an error message when you try to format a paging file volume. You must move or delete the paging file before formatting the volume. For more information about identifying the volume that contains the paging file, see Chapter 12, “Organizing Disks.”
Using the NTFS File System
NTFS is the preferred file system for all computers running Windows XP Professional. By formatting new volumes as NTFS—or converting existing FAT volumes to NTFS—you can take advantage of features unique to NTFS such as mounted drives, encryption, disk quotas, and file and folder permissions. This section describes many of the features available on NTFS volumes, as well as issues related to recoverability, performance, and compatibility.
Features Available on NTFS Systems
This section describes the following NTFS features that are exclusive to NTFS volumes:
File and Folder Permissions
On NTFS volumes, you can set permissions on files and folders that specify which groups and users have access, and what level of access is permitted. NTFS file and folder permissions apply to users on the local computer and to users accessing the file or folder over the network. File and folder permissions are maintained in discretionary access control lists.
Note You can also set shared folder permissions, which operate on shared folders in combination with NTFS file and folder permissions. File attributes (read-only, hidden, and system) also limit file access. For more information about shared folder permissions, see Chapter 6, “Managing Files and Folders.”
File and folder permissions on NTFS volumes are inheritable by default. This feature reduces the time required to change the permissions of many files and subfolders. For example, to change the permissions on a tree of folders, you need only to set permissions for the top-level folder. You can also disable inherited permissions, allowing a file or subfolder to have permissions different from its parent folder. Permissions that are not inherited, but are instead defined directly on an object, are called explicit permissions.
The individual permission entries assigned to an object can be viewed in the Advanced Security Settings dialog box, as shown in Figure 13-1.
To open the Advanced Security Settings dialog box
-
Right-click a file or folder on an NTFS volume.
-
Click Properties, click the Security tab, and then click Advanced.
.jpg)
Figure 13-1 Advanced Security Settings dialog box
If the Security tab does not appear, the computer is not part of a domain, and simple file sharing is enabled. To view the Security tab, you must disable simple file sharing.
To disable simple file sharing
-
In My Computer, click the Tools menu, and then click Folder Options.
-
On the View tab, in Advanced settings, clear the Use simple file sharing (Recommended) check box.
Warning You can back up and restore data on FAT and NTFS volumes. However, if you back up data from an NTFS volume and then restore it to a FAT volume, you lose security settings and other file information specific to NTFS.
Windows XP Professional offers an easy way to view which permissions are effectively granted to any specified user or group for the current object. View this information in the Effective Permissions dialog box.
Effective permissions are the result of combining permissions, both allowed and denied, from all matching entries, whether explicit or inherited. Matching entries name either the user or group directly, or a group in which the specified user or group is a member. The effective permissions are indicated by a check mark next to each permission granted to the user or group. Figure 13-2 shows the permissions assigned to the Art folder for user2.
.jpg)
Figure 13-2 Effective Permissions tab
Although NTFS provides access control to individual files and folders, users can perform certain actions even if permissions are set on a file or folder to prevent access. For example, you have a folder (MyFolder) containing a file (File1), and you grant Full Control to a user for the folder MyFolder. If you deny Full Control for File1, the user can still delete File1 because the Full Control permission for MyFolder consists of a set of special permissions that include Delete Subfolders and Files. This special permission allows the user to delete files within the folder, even if the special permission Delete has been denied (or not granted) to the user for File1. View the special permissions assigned to a file or folder by clicking the Edit button in the Advanced Security Settings dialog box.
To prevent File1 from being deleted, you must ensure that the user is not granted the Delete Subfolders and Files special permission on the parent folder (MyFolder), explicitly or through group membership. To do this, use the Effective Permissions tab to view the folder’s special permissions that are granted to the user. If Delete Subfolders and Files is selected, the user can delete all files within the folder.
To give the user access to the folder and its files without the ability to delete them, clear the Full Control check box and ensure that the user is not also granted Full Control via membership in another group. Although explicit permissions override inherited permissions, you cannot deny Full Control without also denying Modify, Read & Execute, List Folder Contents, Read, and Write. To prevent a user who is granted Full Control, by way of inherited group permissions, from deleting MyFolder and its files, do one of the following:
-
Explicitly deny the Delete Subfolders and Files special permission for either the group or for the individual user.
-
Remove inheritance from the folder and then reset the permissions for the group.
Note Anyone who has List Folder Contents permission for a folder can view file properties on any file in the folder, even if file permissions prevent them from seeing the contents of the file.
For more information about file and folder permissions, see Chapter 17, “Managing Authorization and Access Control.”
Encryption
The Encrypting File System (EFS) uses symmetric key encryption in conjunction with public key technology to protect files and folders. Encryption ensures that only the authorized users and designated recovery agents of that file or folder can access it. Users of EFS are issued a digital certificate with a public key and private key pair. EFS uses the key set for the user who is logged on to the local computer where the private key is stored.
Users work with encrypted files and folders just as they do with any other files and folders. Encryption is transparent to any authorized users; the system decrypts the file or folder when the user opens it. When the file is saved, encryption is reapplied. However, intruders who try to access the encrypted files or folders receive an “Access denied” message if they try to open, copy, move, or rename the encrypted file or folder.
To encrypt or decrypt a folder or file, set the encryption attribute for NTFS folders and files just as you set attributes such as read-only or compressed. If you encrypt a folder, all files and subfolders created in the encrypted folder are automatically encrypted.
Tip Encrypt at the folder level to ensure that new files are automatically encrypted and that temporary files created during the editing process remain encrypted.
EFS is not available in Microsoft Windows XP Home Edition. For more information about EFS, see Chapter 18, “Using Encrypting File System.”
You can also encrypt or decrypt a file or folder using the command-line tool Cipher.exe. For more information about Cipher.exe, see Windows XP Professional Help.
Disk Quotas
Disk quotas track and control disk space usage for NTFS volumes. By using disk quotas, you can configure Windows XP Professional to:
-
Log an event when a user exceeds a specified disk space warning level. The warning level specifies the point at which a user is nearing the quota limit.
-
Prevent further use of disk space or log an event when a user exceeds a specified disk space limit.
Disk quotas are tracked on a per-user, per-volume basis; users are charged only for the files they own. Quotas are tracked per volume, even if the hard disk contains multiple volumes. If you have multiple shared folders on the same volume, the quotas apply to all shared folders equally, and a user’s use of all shared folders cannot exceed the assigned quota on that volume.
The disk space used by each file is charged to the user who owns the file. The file owner is identified by the security identifier (SID) in the security information for the file. The total disk space charged to a user is the sum of the length of all data streams; property set streams and resident user data streams affect the user’s quota. Small files contained entirely within the file’s master file table (MFT) record also affect the user’s quota.
Because disk quotas are based on file ownership, they are independent of the location of the files on the volume. Moving files from one folder to another on the same volume does not change volume space usage. However, copying the files to a different folder on the same volume results in duplicate files in both locations. Thus, the available volume space usage against the user’s quota decreases by the number of bytes copied.
Disk quotas are transparent to the user. When a user views the available disk space for the volume, the system reports only the user’s available quota allowance. If the user exceeds this allowance, the system indicates that the disk is full. To obtain more disk space after exceeding the quota allowance, the user must do one of the following:
-
Delete files.
-
Reduce the size of existing files.
-
Have another user claim ownership of some files.
-
Have the administrator increase the quota allowance.
Disk quotas are based on uncompressed file sizes. Users cannot increase the amount of free space by using NTFS compression to compress the files.
For sparse files, disk quotas are based on the nominal size of the sparse file, not the actual allocated amount of disk space. For example, creating a 50-MB file with all zero bytes consumes 50 MB of that user’s quota. This means the user can write data to the sparse file without exceeding the quota limit because the user has already been charged for the space. For more information about sparse files, see “Sparse Files” later in this chapter.
To enable quotas
-
Right-click a volume in Windows Explorer or My Computer.
-
Click Properties, and then click the Quota tab. (See Figure 13-3.)
-
Do the following:
-
Enable or disable disk quotas.
-
Deny disk space to users who have exceeded their quota limit.
-
Set the default warning level and quota limit assigned to new volume users.
-
Specify whether to log an event in the system log when a user reaches the quota or warning level.
.jpg)
Figure 13-3 Quota tab
If the volume is not formatted by using NTFS, or if you are not a member of the Administrators group on the computer, the Quota tab is not displayed on the volume’s Properties dialog box.
Note You can also use the command-line tool Fsutil.exe to manage quotas. For more information about Fsutil.exe, see Windows XP Professional Help.
Disk Quota States
As the administrator, you can turn quota enforcement on and off. There are three quota states, as shown in Table 13-9.
Table 13-9 Disk Quota States
| State | Description |
| Quota disabled | Quota usage changes are not tracked, and the quota limits are not removed. In this state, performance is not affected by disk quotas. This is the default state. |
| Quota tracked | Quota usage changes are tracked, but quota limits are not enforced. In this state, no quota violation events are generated and no file operations fail because of disk quota violations. |
| Quota enforced | Quota usage changes are tracked, and quota limits are enforced. |
Warning Levels and Disk Quota Limits
When you enable disk quotas, you can set both the warning level and the quota limit.
Warning level
Specifies when a user is nearing the limit. When the disk space charged to the user exceeds the warning level, the system can generate an event in the system log on the computer hosting the volume. The user is not notified when this level is surpassed.
Quota limit
Specifies the amount of disk space allocated to a user. When the disk space charged to the user exceeds the quota limit, the system generates an event in the system log or denies additional disk space to the user. When you set quota limits on a computer that many users share, make sure to set the limit to at least 2 MB, which is greater than the default 1 KB, to ensure that Windows XP Professional can create a user profile when a user logs on to the computer.
For example, you can set a user’s disk quota limit to 500 MB, and the disk quota warning level to 450 MB. The user can store no more than 500 MB of data on the volume. If more than 450 MB are stored on the volume, the disk quota system will log an event in the system log.
Increasing Quotas for Individual Users
Figure 13-4 shows the Quota Entries window, which you open by clicking the Quota Entries button. In the Quota Entries window, view each user’s quota limit, warning level, and quota usage. You can also change the quota limit and warning level for individual users who need more disk space than the default quota.
.jpg)
Figure 13-4 Quota Entries window
For example, on a volume that contains a shared folder named \\Workstation1\Public, you can set a quota of 500 MB per user while giving two users each a 1-GB limit because they work with large files. If both users have files stored on \\Workstation1\Public, their current usage is displayed in the Quota Entries window.
To change the quota for an individual user
-
Open the Properties dialog box for the appropriate volume.
-
Click the Quota tab, and then click Quota Entries.
-
Select the appropriate user, right-click, and then click Properties to set the quota.
-or-
For a new user who does not have files stored on the volume, on the Quota menu, click New Quota Entry, and then set the quota higher than the default.
Note Disk quotas do not prevent you from allocating more space than is available on the disk. For example, on a 40-GB volume used by 50 users, each user might be allocated 1 GB.
Disk Quotas and Administrators
A new Group Policy setting allows you to specify the default owner of objects (such as files) created by members of the Administrators group. Access the Group Policy setting System objects: Default owner for objects created by members of the administrators group in Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. In Windows XP Professional, the default owner is the object creator. To change the default owner to the Administrators group, use the Group Policy snap-in. For more information about using the Group Policy snap-in, see Chapter 5, “Managing Desktops.”
Although members of the Administrators group do not have quotas enabled by default, you can set quotas for all members of the Administrators group except the built-in Administrator account. In Windows 2000, you cannot set quotas for any member of the Administrators group.
Exceeding Disk Quota Limits
When you select Deny disk space to users exceeding quota limit on the Quota tab of the Properties dialog box, users who exceed their limit receive an “Insufficient disk space” error message and cannot write additional data to the volume without deleting or moving files. Individual programs determine their own error handling for this condition. The program treats the volume as full.
By leaving the Deny disk space to users exceeding quota limit check box cleared, you can let users exceed their quota. This is useful to track use of disk space without denying users access to a volume. You can also specify whether to log an event to the volume host computer’s system log when users exceed either their quota or warning level.
Event Viewer keeps a chronological record of users who exceed their quota or warning level. However, it does not provide information about which users are currently over their quota warning level.
Note Use the fsutil behavior set quotanotify command to set the interval between quota-related events that NTFS records in the system log. For more information about this command, see Windows XP Professional Help.
Deleting Quota Entries
To delete the quota entry for a user, you must first do any of the following:
-
Permanently delete the files.
-
Take ownership of the files and folders.
-
Move the files to a different volume.
You cannot delete quota entries if a user owns files or folders on the volume. If you try to delete a quota entry for a user who still owns files or folders on the volume, a dialog box appears as shown in Figure 13-5.
.jpg)
Figure 13-5 The Disk Quota dialog box
If the user owns files on the volume, use the Disk Quota dialog box to delete the files, take ownership of them, or move them to another volume. However, if the user owns folders on the volume, you can use the Disk Quota dialog box only to take ownership of the folders, not delete or move them. To make it easier to take ownership of folders, click the Show folders only check box.
Local and Remote Implementations of Disk Quotas
You can enable disk quotas on local computers and remote computers. On local computers, use quotas to do the following:
On remote computers, quotas can ensure the following:
-
Disk space on public servers is not monopolized by one or a few users.
-
Information technology (IT) budget for mass storage is managed efficiently by making users account for the use of shared disk space by using public disk space only for necessary files.
You can manage NTFS volumes on remote computers running Windows XP Professional, Windows 2000, and Windows Server 2003. The volumes must be formatted by using NTFS and be shared from the root folder of the volume. Set quotas on the remote volume by mapping to it using Windows Explorer or My Computer.
To set quotas on a mapped remote volume
-
Right-click the mapped remote volume.
-
Click Properties, and then click the Quota tab.
Note You must be a member of the Administrators group on the remote computer to enable, disable, or manage quotas.
Auditing Disk Space Use
Enabling quotas causes a slight decrease in file system performance. By periodically enabling and disabling quotas, you can take advantage of the auditing capabilities provided by Windows XP Professional disk quotas without permanently affecting performance.
To create a record of the audit, save a copy of the system log data from Event Viewer to a comma-delimited file that can be read by programs such as Microsoft Excel. These files can be useful for analyzing the data captured.
Note When you disable quotas, the tracking information displayed in the Quota Entries window is no longer updated. To refresh this information (including the current disk space used by each user), enable disk quotas again.
Disk Quotas in Multiple-Boot Configurations
Disk quotas are not enforced and can be exceeded in multiple-boot configurations when an NTFS volume is mounted by using Windows NT 4.0. However, when that computer resumes running Windows XP Professional, users who exceeded their quotas must delete or move files to a different volume—that is, until they are under their limit—before they can store new files to the quota volume. Disk quotas are enforced on computers configured as a multiple-boot system with Windows XP Professional and Windows 2000 or Windows Server 2003.
Using WMI to Script Disk Quotas
Microsoft Windows Management Instrumentation (WMI) is the application programming interface (API) that allows all system components to be monitored and controlled, either locally or remotely. Using the WMI classes Win32_DiskQuota, Win32_QuotaSettings, and Win32_VolumeQuotaSetting, you can create scripts that help you to do the following:
Using these classes, you can take advantage of other standard WMI features such as WMI Query Language (WQL) query support and event generation based on changes in the data in these classes. For example, a program can request that it be notified when a user is within 2 MB of the quota limit. When this criterion is met, WMI sends an event notification to the program, allowing an action such as increasing the quota or sending an e-mail message to the user.
Note WQL is a subset of Structured Query Language (SQL) with minor changes to support WMI.
For more information about WMI, see the Microsoft Windows Management Instrumentation (WMI) SDK link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
File Compression
NTFS supports compression on individual files, all files within a folder, and all files within NTFS volumes. Because compression is implemented within NTFS, any Windows-based program can read and write compressed files without determining the compression state of the file. When a program opens a compressed file, NTFS decompresses only the portion of the file being read and then copies that data to memory. By leaving data in memory uncompressed, NTFS performance is not affected when it reads or modifies data in memory. NTFS compresses the modified or new data in the file when the data is later written to disk.
The compression algorithms in NTFS support cluster sizes of up to 4 KB. When the cluster size is greater than 4 KB on an NTFS volume, none of the NTFS compression features are available.
Using Windows Explorer or My Computer to compress files
Using Windows Explorer or My Computer, you can set the compression state of a file on an NTFS volume. You can also set the compression state of a folder or volume without changing the compression state of existing files in that folder.
If you have Modify permission for a file or folder, you can change its compression state locally or across a network.
To set the compression state of a volume
In My Computer or Windows Explorer, right-click the volume to compress or uncompress.
Click Properties to display the Properties dialog box.
On the General tab, select or clear the Compress drive to save disk space check box, and then click OK.
In the Confirm Attribute Changes dialog box, select whether to make the compression apply to the entire volume or only to the root folder.
Any change to the compression attribute is applied to the files you specified. If you compress all files in the volume, the process might take a few minutes to finish, depending on the size of the volume, the number of files to compress, and the speed of the computer. The delay occurs because Windows XP Professional must change the compression state of every folder on the volume and compress or uncompress every file on the volume. Changing the compression state of folders is relatively fast because for each folder Windows XP Professional changes only the compression attribute. However, compressing or uncompressing every file on the volume takes longer because NTFS must read data in its current form (compressed or uncompressed) from the disk, convert the data to its new form in memory, and then write the data back to disk.
To set the compression state of a folder or file
In My Computer or Windows Explorer, right-click the file or folder to compress or decompress.
Click Properties to display the Properties dialog box.
On the General tab, click Advanced.
In the Advanced Attributes dialog box, select or clear the Compress contents to save disk space check box and then click OK.
In the Properties dialog box, click OK.
If the compression state was altered for a folder, in the Confirm Attribute Changes dialog box, select whether to make the compression apply only to the selected folder or to the selected folder and all its files and subfolders. Click OK when done.
Note Windows XP Professional can compress closed paging files. However, when you restart Windows XP Professional, the paging files revert to an uncompressed state. For information about paging files, see the topics on virtual memory in Windows XP Professional Help.
You can set Windows Explorer to display alternate colors for compressed files and folders by using the following procedure:
To display alternate colors for compressed files and folders
In My Computer or Windows Explorer, click the Tools menu, and then click Folder Options.
On the View tab, select the Show encrypted or compressed NTFS files in color check box.
Click OK to return to Windows Explorer or My Computer.
Using Compact to compress a volume
Compact.exe is the command-line version of the compression feature in Windows Explorer and My Computer. Compact displays and alters the compression of folders and files on NTFS volumes. It also displays the compression state of folders.
Three reasons to use Compact instead of Windows Explorer or My Computer follow:
You can use Compact in a batch script.
If the system fails during compression or decompression, the operation might not have finished. Use the /f parameter to force the operation to finish in the background.
You can compress or uncompress files that match certain criteria. For example, to compress all .txt files in the current folder, type:
compact /c *.txt
The following list provides examples of Compact syntax.
To compress a volume, from the root folder of the volume, type:
compact /c /i /s:\
The preceding example sets the compression state of the root folder and all folders on the volume and compresses every file on the volume. Using the /i parameter ensures that error messages do not interrupt the compression process.
To set the compression state of the current folder and its subfolders and existing files, from the current folder, type:
compact /c /s
To set the compression state of files in the current folder, subfolders in the current folder, and files within all subfolders—without altering the compression state of the current folder—from the current folder, type:
compact /c /s *.*
For more information about Compact, see Windows XP Professional Help.
Effects of compression on moving and copying files
Moving and copying files and folders can change their compression state. The resulting compression state depends on whether you move or copy the files and whether you move files between NTFS volumes or to FAT volumes.
Note The default behavior for dragging and dropping files and folders in Windows Explorer and My Computer depends on the relationship between the source and the target location. If the selected item is dragged to a folder on the same volume, the item is moved. If the selected item is dragged to a folder on a different volume, the item is copied. To force a copy, press Ctrl as you drag and drop the item to its new location. To force a move, press Shift as you drag and drop it to the new location. If you right-click and drag the selected item, a shortcut menu appears so that you can choose to copy the item, move the item, create a shortcut to the item, or cancel the task.
Moving files or folders within an NTFS volume
When you move an uncompressed file or folder to another folder on the same NTFS volume, the file remains uncompressed, regardless of the compression state of the folder to which it was moved, as shown in Figure 13-6.
.jpg)
Figure 13-6 Moving an uncompressed file to a compressed folder
When you move a compressed file or folder to another folder, the file remains compressed after the move, regardless of the compression state of the folder, as shown in Figure 13-7.
.jpg)
Figure 13-7 Moving a compressed file to an uncompressed folder
Copying files or folders on NTFS volumes
When you copy a file to a folder, the file takes on the compression attribute of the target folder. For example, if you copy a compressed file to an uncompressed folder, the file is uncompressed when it is copied to the folder, as shown in Figure 13-8.
.jpg)
Figure 13-8 Copying a compressed file to an uncompressed folder
When you copy a file to a folder that already contains a file of the same name, the copied file takes on the compression attribute of the target file, regardless of the compression state of the folder, as shown in Figure 13-9.
.jpg)
Figure 13-9 Copying a file to a folder that contains a file of the same name
Copying files between FAT and NTFS volumes
Like files copied between NTFS folders, files copied from a FAT folder to an NTFS folder take on the compression attribute of the target folder. Because Windows XP Professional supports compression only on NTFS volumes, compressed NTFS files copied to a FAT volume are uncompressed. Similarly, compressed NTFS files copied to a floppy disk are uncompressed.
Caution When you copy a file from an NTFS volume to a FAT volume, any NTFS-specific properties associated with that file, such as permissions and data streams, are permanently lost.
Adding files to an almost full NTFS volume
As a best practice for using compression, ensure that you have at least 15 percent free space on the volume. If you copy files to a compressed NTFS folder that does not have room for the files in an uncompressed state, an error message indicates the disk lacks adequate space. A message might also appear if you attempt to read a compressed file on a volume that is almost full. These messages appear because NTFS must reserve enough space to support the possibility that any file that is read into memory might be modified and that the modified data might be written uncompressed to disk. After the files are flushed to disk, NTFS releases any remaining reserved space.
Regain space that NTFS has reserved for open files by dismounting and then remounting the volume or by restarting the computer. Temporarily dismount a volume by using the fsutil volume dismount command. The volume is remounted the next time you access it.
NTFS compression performance
Workstations are good candidates for compression because compression and decompression are performed locally. Heavily loaded servers that have substantial input/output (I/O) traffic are poor candidates for data compression. Because the server must decompress files before sending them across the network, the decompression workload can cause performance degradation on the server. However, read-only servers, read-mostly servers, or servers that store infrequently accessed files might not get performance degradation. For example, if 50 percent of the files on a server are frequently accessed and are close to 100 percent of the server’s I/O workload, do not compress those files. If the other 50 percent of files are accessed once every few days and account for less than 1 percent of the server workload, you might want to compress them.
If your workload involves asynchronous I/O, do not use compression. Compression converts all I/O to synchronous.
If you have programs that use transaction logging and constantly write to a database or log, have the programs store their files on an uncompressed volume. If a program modifies data by using mapped sections in a compressed file, it can produce dirty pages faster than the mapped writer can write them. (A dirty page is a page that has been modified in the cache but is not yet written to disk.) For example, programs such as Microsoft Message Queue cannot function on compressed NTFS volumes.
Avoid placing user home folders and roaming profiles on compressed NTFS volumes because of the large number of read and write operations performed in these folders.
For information about the effect of compression on NTFS performance, see “Optimizing NTFS Performance” later in this chapter.
Other compression methods
In addition to using NTFS compression, you can use the Compressed (zipped) Folders feature in Windows XP Professional and other compression tools.
Using the Compressed (zipped) Folders feature
Use the Compressed (zipped) Folders feature in Windows XP Professional to create, add files to, and extract files from zipped files. In Windows Explorer and My Computer, a zipper on the folder icon identifies Compressed (zipped) Folders. Unlike in NTFS compression, you can create Compressed (zipped) Folders on any FAT or NTFS volume. In addition, Compressed (zipped) Folders are compatible with other programs that create zipped files, so you can share them with users who use other compression programs that support zipped files.
To create a Compressed (Zipped) Folder
In Windows Explorer or My Computer, click the File menu, point to New, and then click Compressed (zipped) Folder.
Compress files, programs, or other folders by dragging them to a Compressed Folder. To use files inside a compressed folder, select Extract All from the File menu or right-click a file and select Open from the shortcut menu.
For more information about using the Compressed (zipped) Folders feature, see Windows XP Professional Help.
Other compression tools
Other compression tools are available to compress files on computers running Windows XP Professional. These tools differ from NTFS compression in the following ways:
They typically run from either the command line or as a stand-alone application.
They can be used to compress files on FAT volumes as well as NTFS volumes.
Files cannot be opened when they are in a compressed state; the file must first be decompressed. When you close the file, it is saved in an uncompressed state, and you must use a program to compress it.
NTFS compression differs from DoubleSpace, DriveSpace, and DriveSpace 3 compression in several ways. For example, NTFS provides faster compression and decompression with minimal loss of compression for a typical text file. Another difference is that these programs compress the entire volume, including the metadata associated with each file and folder. Using NTFS compression, you can compress individual files or folders instead of the entire volume and compress only files you use infrequently.
Note Use the Disk Cleanup tool to compress files that have not been accessed for a specified number of days. For more information about Disk Cleanup, see Windows XP Professional Help.
Mounted Drives
Mounted drives, also known as volume mount points or drive paths, are volumes attached to an empty folder on an NTFS volume. Mounted drives function the same way as any other volume, but they are assigned a label or name instead of a drive letter. Mounted drives are robust against system changes that occur when devices are added or removed from a computer. They are not subject to the 26-volume limit imposed by drive letters, so you can use them for access to more than 26 volumes on your computer.
The version of NTFS included with Windows XP Professional and Windows 2000 must be used on the host volume. However, the volume to be mounted can be formatted in any file system supported by Windows XP Professional, including NTFS, FAT16, FAT32, CDFS, or UDF.
One volume can host multiple mounted drives, providing a way for you to easily extend the storage capacity of any particular volume on a Windows XP Professional system. Users on the local system or users who connect to it over a network can continue to use the same drive letter for access to the volume, but multiple volumes can be in use simultaneously from that drive letter.
Note To identify and manage mounted drives from the command line, use the Mountvol.exe tool. For more information about Mountvol.exe, see Windows XP Professional Help.
The following scenario is an example of mounted drives. A user recently installed Windows XP Professional on volume C, an NTFS volume. She is concerned about storage space on this volume because she uses her computer extensively to create and edit digital photos, graphic art, and desktop publishing (DTP) files. The user knows that the default document folder, My Documents, is on volume C, but she wants to use the E volume on her second hard disk to store her work. She creates a mounted drive on volume C under the My Documents folder labeled Art. Any subfolder of the Art folder actually resides on volume E, thus saving space on volume C.
To create a mounted drive, you must be a member of the Administrators group on the local computer.
To create a mounted drive under C:\My Documents
Log on to the computer using an account that is a member of the Administrators group.
Click Start, click Run, type diskmgmt.msc, and then click OK.
Right-click volume E, and then click Change Drive Letter and Paths.
In the Change Drive Letter and Paths dialog box, click Add, click Mount in the following empty NTFS folder, and then click Browse.
In the Browse for Drive Path dialog box, expand drive C, go to the C:\Documents and Settings\username\My Documents folder, and then click New Folder.
In the folder name placeholder in the Explorer tree, type the name Art over the default name New Folder and then close the dialog boxes.
In My Computer or Windows Explorer, go to volume E and create new folders such as Photos, LineArt, and DTP for the graphic arts documents.
As shown in Figure 13-10, all files stored in the My Documents\Art folder are stored in the root folder of volume E, the mounted drive. Any other folder created within Windows Explorer or My Computer under the My Documents folder still resides on volume C.
.jpg)
Figure 13-10 A mounted drive in My Documents
Hard Links
Use the fsutil hardlink create command to create hard links. A hard link is an NTFS-based link to a given file. When you create a hard link to a file on an NTFS volume, NTFS adds a directory entry for the hard link without duplicating the original file. You can create hard links that
Use the same file name as the original file but appear in different folders.
Use different file names from the original file but appear in the same folder.
Use different file names from the original file and appear in different folders.
Because a hard link is a directory entry for a file, an application can modify a file by using any of its hard links. Applications that use any other hard link can detect the changes. However, directory entries for hard links are updated only when a user accesses a file by using the hard link. For example, if a user opens and modifies a file by using its hard link, and the size of the original file changes, the hard link that is used to access the file also shows the new size.
Warning NTFS updates the properties of a hard link only when a user accesses the original file by using the hard link, not every time a user makes a change to the original file.
Hard links do not have security descriptors; instead, the security descriptor belongs to the original file to which the hard link points. Thus, if you change the security descriptor of any hard link, you actually change the underlying file’s security descriptor. All hard links that point to the file allow the newly specified access. You cannot give a file different security descriptors based on different hard links.
When creating hard links, consider the following:
To delete a file that has multiple hard links, you must delete the file and all its associated hard links.
For more information about using the fsutil hardlink create command, see Windows XP Professional Help.
Distributed Link Tracking
Distributed link tracking ensures that shell shortcuts and OLE links continue to work after the target file is renamed or moved. When you create a shortcut to a file on an NTFS volume, distributed link tracking stamps a unique object identifier (ID) into the target file, known as the link source. Information about the object ID is also stored within the referring file, known as the link client. Distributed link tracking uses this object ID to locate the link source in any combination of the following events that occur on NTFS volumes within a Windows 2000-based domain:
The link source is renamed.
The link source is moved to another folder on the same volume or to a different volume on the same computer.
The link source is moved from one shared network folder to another shared network folder on other computers within the same domain.
The computer containing the link source is renamed.
The name of the shared network folder containing the link source has changed.
The volume containing the link source is moved to another computer within the same domain.
Note Distributed link tracking works only on NTFS volumes in computers running Windows 2000, Windows Server 2003, or Windows XP. The NTFS volumes cannot be on removable media.
Distributed link tracking attempts to maintain links even when they do not occur within a domain, such as cross-domain, within a workgroup, or on a single computer that is not connected to a network. Links can always be maintained in these events when a link source is moved within a computer, or when the network shared folder on the link source computer is changed. Typically, links can be maintained when the link source is moved to another computer; however, this form of tracking is less reliable over time.
Distributed link tracking uses different services for client and server:
The Distributed Link Tracking Client service runs on all Windows 2000 and Windows XP Professional computers. (On Windows Server 2003 computers, this service is stopped and has its startup type set to Manual by default.) In computers that are not part of a network, the Client service performs all activities related to link tracking.
The Distributed Link Tracking Server service is installed on servers running Windows 2000 and Windows Server 2003. (On Windows Server 2003, this service is stopped and has its startup type set to Disabled by default.) The Server service maintains information relating to the movement of link sources. Because of this service and the information it maintains, links within a domain are more reliable than those outside a domain. For computers that run in a domain, the Distributed Link Tracking Client service takes advantage of this information by communicating with the Distributed Link Tracking Server service.
The Distributed Link Tracking Client service monitors activity on NTFS volumes and stores maintenance information in a file called Tracking.log, which is located at the root of each volume in a hidden folder called System Volume Information. This folder is protected by permissions that allow only the system to have access to it. The System Volume Information folder is also used by other Windows XP Professional services such as Indexing Service.
Sparse Files
Sparse files provide a method of saving disk space for files that contain meaningful data as well as large sections of data composed of zeros. If an NTFS file is marked as sparse, NTFS allocates disk clusters only for the data explicitly specified by the application. Nonspecified ranges of the file are represented by nonallocated space on the disk. When a sparse file is read from allocated ranges, the data is returned as it was stored. Data read from nonallocated ranges is returned as zeros. An example of a program that uses sparse files is Indexing Service, which stores its catalogs as sparse files on NTFS volumes.
File system application programming interfaces (APIs) allow for the file to be copied or backed as actual bits and sparse stream ranges. File system APIs also allow for querying allocated ranges. Programs that implement these APIs then need only to read allocated ranges to recover all data in the file. The result is efficient file system storage and access. Figure 13-11 shows how data is stored with and without the sparse file attribute set.
.jpg)
Figure 13-11 Sparse data storage
Figure 13-12 shows the properties of a 1-GB sparse file. Although the file is 1 GB, it occupies only 64 KB of disk space.
.jpg)
Figure 13-12 Properties of a sparse file
Warning Only NTFS volumes mounted by Windows 2000, Windows Server 2003, or Windows XP support sparse files. If you copy or move a sparse file to a FAT volume or an NTFS volume mounted by an operating system other than Windows XP, Windows Server 2003, or Windows 2000, the file is built to its originally specified size. If the required space is not available, the operation fails.
Multiple Data Streams
A data stream is a sequence of bytes. An application populates the stream by writing data at specific offsets within the stream. The application can then read the data by reading the same offsets in the read path. Every file has a main, unnamed stream associated with it, regardless of the file system used. However, NTFS supports additional named data streams in which each data stream is an alternate sequence of bytes as illustrated in Figure 13-13. Applications can create additional named streams and access the streams by referring to their names. This feature permits related data to be managed as a single unit. For example, a graphics program can store a thumbnail image of a bitmap in a named data stream within the NTFS file containing the image.
.jpg)
Figure 13-13 Unnamed and named streams for StreamExample.doc
To see how data streams work, create a file that contains multiple data streams by adding summary information to a file on an NTFS volume.
To create a data stream for a file on an NTFS volume
Right-click a text file or Wordpad document, and then click Properties.
On the Summary tab, add information about the file, such as the title, subject, and author.
The file information is stored in separate named streams. Figure 13-14 shows the Summary tab of the file StreamExample.doc.
.jpg)
Figure 13-14 Creating alternate data streams by using the Summary tab
FAT volumes support only the main, unnamed stream, so if you try to copy or move StreamExample.doc to a FAT volume or floppy disk, you receive an error message as shown in Figure 13-15. If you copy the file, all named data streams and other attributes not supported by FAT are lost.
.jpg)
Figure 13-15 Message that confirms loss of named data streams
POSIX Compliance
NTFS provides several features to support the Portable Operating System Interface (POSIX) standard, which is defined by the Institute of Electrical and Electronic Engineers (IEEE) standard 1003.1-1990 (also known as ISO/IEC 9945-1:1990).
NTFS includes the following POSIX-compliant features.
Case-sensitive naming
For example, POSIX interprets README.TXT, Readme.txt, and readme.txt as separate files.
Hard links
A file can have more than one name. This allows two different file names, which can be in different folders on the same volume, to point to the same data.
Additional time stamps
These show when the file was last accessed or modified.
The POSIX subsystem included with Windows NT and Windows 2000 is not included with Windows XP Professional. A new subsystem supporting the broad functionality found on most UNIX systems beyond the POSIX.1 standard is shipped as part of Interix 2.2. The Interix subsystem can be certified to the NIST FIPS 151-2 POSIX Conformance Test Suite.
For more information about Interix 2.2, see the Windows Interix 2.2 link on the Web Resources page http://www.microsoft.com/windows/reskits/webresources.
Caution You must use Interix-based programs to manage file names that differ only in case. You cannot use standard Windows XP Professional command-line tools (such as copy, del, and move, or their equivalents in Windows Explorer or My Computer) to manage file names that differ only in case.
NTFS Change Journal
The change journal provides a persistent log of changes made to files on a volume. NTFS uses the change journal to track information about added, deleted, and modified files for each volume. The change journal describes the nature of any changes to files on the volume. When any file or folder is created, modified, or deleted, NTFS adds a record to the change journal for that volume.
The total size of all the records currently in the journal varies, but there is a configurable maximum size. The change journal can exceed the maximum size until the size reaches an outer threshold, at which point a portion of the oldest records are deleted until the change journal is restored to its maximum size. The maximum size of the change journal is configurable but cannot be reduced, only increased.
The change journal conveys significant scalability benefits to applications that might otherwise need to scan an entire volume for changes. File system indexing, replication managers, virus scanners, and incremental backup applications can benefit from using the change journal.
The change journal is much more efficient than time stamps or file notifications for determining changes in a particular namespace. Applications that must rescan an entire volume to determine changes can now scan once and subsequently refer to the change journal. The I/O cost depends on how many files have changed, not on how many files exist on the volume.
The APIs are fully documented and can be leveraged by independent software vendors (ISVs). Microsoft uses the change journal in Windows XP Professional components such as the Indexing Service and File Replication Service. ISVs can use this feature to enhance the scalability and robustness of a range of products including backup, antivirus, and auditing tools.
For more information about the change journal, see the Microsoft Platform SDK link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
Indexing Service
Indexing Service extracts information from a set of documents and organizes it for easy access through the Windows XP Professional Search function, the Indexing Service query form, or a Web browser. After the index is created, users can query the index for documents that contain key words, phrases, or properties. For example, a user can query all documents containing the word “product” or query for all Microsoft Office documents written by a specific author. Indexing Service returns a list of all documents that meet the search criteria.
Although you can run Indexing Service on volumes formatted using any supported file system, Indexing Service works best on NTFS volumes because it uses several NTFS advanced features.
Change journal
After you enable Indexing Service and it completes the first scan of the NTFS volume, additional time-intensive disk scans are not required because Indexing Service uses the change journal to detect file additions, deletions, and modifications. On NTFS volumes, the disk I/O required to update the index is proportional to the number of files that have actually changed. On FAT volumes, Indexing Service must periodically scan all files to locate changes, making the disk I/O proportional to the number of files on the computer that are marked for indexing. Without using Indexing Service, Windows XP Professional must open, read, and close every file in the search, resulting in thousands of disk I/Os per search.
Sparse files
Indexing Service stores the index as a sparse file on NTFS volumes, reducing the size of the index by half when compared to the index size on FAT volumes.
Permissions
Indexing Service does not compromise information security. On NTFS volumes, if a user does not have Read permission for a file, Indexing Service does not return that file in the results list to the user. Similarly, Indexing Service does not indicate that a match was found if the file cannot be accessed.
Encryption
Indexing Service never indexes encrypted documents. If a document is encrypted after it is indexed, it is removed from the catalog.
Indexing Service is disabled by default. For more information about enabling Indexing Service, see Windows XP Professional Help.
Converting Volumes to NTFS
Windows XP Professional can convert FAT16, FAT32, and previous versions of NTFS to the new version of NTFS used in Windows XP.
Converting NTFS Volumes Formatted by Using Windows 2000
When Windows XP Professional first mounts an NTFS volume that was formatted in Windows 2000, Windows XP Professional converts the NTFS volume to NTFS 3.1. The conversion consists of changing the NTFS version from 3.0 to 3.1. No other changes are made to existing metadata or files on the volume. However, Windows XP Professional uses a different header style for new files created on NTFS 3.1 volumes. As a result, some older third-party imaging programs cannot create images of NTFS 3.1 volumes. Contact the manufacturer of your imaging program to find out if a version is available that supports NTFS 3.1 volumes in Windows XP Professional.
Computers running Windows NT 4.0 with Service Pack 4 or later or Windows 2000 can access NTFS 3.1 volumes without any conversion or additional service packs.
Converting NTFS Volumes Formatted by Using Windows NT 4.0 and Earlier
When you upgrade from Windows NT 4.0 to Windows XP Professional, all local volumes formatted by using the version of NTFS used in Windows NT 4.0 and earlier are upgraded to NTFS 3.1. The upgrade occurs when Windows XP Professional mounts the volume for the first time after Windows XP Professional Setup is completed. (The upgrade does not take place during Setup.) Any NTFS volumes that are removed or turned off during Setup, or added after Setup, are converted when Windows XP Professional mounts the volumes.
The Ntfs.sys driver performs the conversion by determining which version of NTFS is used on the volume and converting the volume if necessary. The conversion takes only a few seconds on any size volume and consists of the following new records in the master file table:
$Secure, which contains unique security descriptors for all files within a volume.
$Extend, which is used for extensions such as quotas, reparse point data, and object identifiers. The conversion process also adds three new files the to $Extend directory:
$Quota, used for disk quotas.
$Reparse, used for reparse points.
$ObjID, used for distributed link tracking.
Both $Secure and $Extend take the place of previously unused master file table (MFT) records, so sufficient space always exists in the volume for these two records. However, $Quota, $Reparse, and $ObjID are new additions to the MFT, and you must have enough free space in the volume to contain these files, or the conversion fails.
If