The current version of NTFS is 4.0, Ive not
really noticed any great changes since its first incarnation in Windows NT 3.1 and so we
can assume its just gone up by 1 with each NT release, NTFS 1 in 3.1, NTFS 2 in 3.5,
NTFS 3 in 3.51 and now NTFS 4 in 4.0. Microsoft has made quite a big fuss about NTFS 5.0;
is this just an increment to the file system version to match the OS version? Well no. For
the first time the jump in the file system number represents a huge leap for the file
NTFS was a totally new file system, not just an enhancement to FAT, and offers no
backwards compatibility for operating systems that only understand FAT,
operating systems such as Windows 95, Windows 98 and DOS cannot read NTFS drives so if you
want to share a disk between operating systems keep it FAT. There are utilities that exist
which enable you to read NTFS from outside NT such as NTFSDos from www.sysinternals.com. Security was a major
addition to NTFS. In FAT you could hide files, but anyone could unhide them with the
attrib command or view them by using the dir /ah command. With computers
becoming linked together and more than one person operating a computer, a method was
needed to secure files so that only the intended could view/modify files. With NTFS you
can assign exact privileges for every user/group to every file and folder providing a
secure environment so that only those with the correct permissions can gain access.
As we mentioned above, utilities exist which can access NTFS volumes from outside of the
operating system and bypass the NTFS security. More and more people use portables, often
with sensitive data on them, and NTFS is no longer secure enough. NTFS 5.0 introduces
something to combat this problem.
The current volume structure has been carried over from early DOS days; you have a primary
partition, and extended partition with a number of logical volumes. Windows 2000 throws
this away for a more sophisticated approach. It introduces the idea of a dynamic disk
needed for fault tolerant configurations. Dynamic disks are used by the Logical Disk
Manager (LDM) which is different from the Disk Management snap-in. Dynamic disks contain
only dynamic volumes, there is no concept of a primary partition, logical volume etc.
Dynamic disks are needed in Windows 2000 for the creation of mirrored, spanned, striped or
striped with parity sets, however, existing sets created under Windows NT 4.0 are
supported on basic disks in Windows 2000. Dynamic volumes can also be resized by adding
extra space from unpartioned space and used without a reboot.
Only the Windows 2000 operating system understands dynamic disks, Windows 9x, Windows NT
4.0 etc all cannot read dynamic disks and if you multi-boot with any of these do NOT
upgrade to dynamic disks. Its possible to convert a basic disk to a dynamic disk
(but this is a one way transformation). Perform the following:
- Start Computer Manager
- Expand Storage - Disk Management.
- Right click on the disk and select Upgrade to Dynamic
- Select the disks to upgrade and click OK
- A summary will be displayed.
- Click Upgrade
- Click Yes to the confirmation
Converting Basic disks to Dynamic disks doesnt require
reboots, however, any volumes contained on them after the conversion will generate a popup
that basically says a re-boot is necessary before the volumes can be used. Its safe
to say no to the reboot, wait until all the volumes are identified and all the popups go
away, and then perform a single re-boot. When you upgrade from basic to dynamic, any
existing partitions become simple volumes. Any existing mirrored, striped or spanned
volumes sets created with NT 4.0 become dynamic mirrored, striped or spanned volumes
If you get a message that says you are out of space then you may not have enough
unallocated free space at the end of the disk for the private region database that Dynamic
disks use to keep volume information. To be Dynamic it needs about 1 MB of this space,
sometimes the space is not visible to the user in the GUI, but it is still there. You may
not have the space if the partition(s) on the disk take up the entire disk and were
created with Setup, an earlier version of NT or another OS. If partitions are created
within Windows 2000, the space is reserved, partitions created with Setup will reserve the
space in a later release.
To undo this conversion run you should backup any data on the disk you wish to preserve,
and then delete all partitions - that should activate the menu choice "Revert to
Basic Disk", the entire disk HAS to be unallocated or free space.
The removal of choice
When you install Windows 2000 ALL NTFS partitions will be upgraded to NTFS 5.0. Yes, ANY
and ALL NTFS volumes Windows 2000 sees including removable media are
automatically converted to V5.0 on the fly when Windows 2000 mounts them so make sure if
you move disks between machines they are all Windows 2000 or if using Windows NT 4.0 have
Service Pack 4 or above installed.
Service Pack 4 for Windows NT 4.0 has an updated NTFS.SYS which can read NTFS 5.0
partitions so apply this to any systems that need to read Windows 2000 NTFS 5.0 partitions
and make sure you do this BEFORE installing Windows 2000. You can, if you wish, only copy
over the NTFS.SYS if you dont want to apply Service Pack 4 or above (but you need to
anyway to be Y2K compliant, of course if youre reading this now and youve not
deployed Service Pack 4, panic!)
By default (you can override using advanced option button) on server installations the
boot partition will be upgraded to NTFS if youre not in a dual boot environment, yep
thats right it automatically upgrades from FAT to NTFS.
Encrypted File System
I mentioned problems with NTFSs security, that tools exist which require console
level access to the machine and require booting off a special disk or CD-ROM, but with
more and more mobile computers something extra is needed for sensitive data that is
carried with us every day. EFS uses a public/private key encryption scheme and the
CryptoAPI architecture. EFS can use any symmetric encryption algorithm to encrypt files,
however the initial release only uses DES. 128-bit keys are used in North America, 40-bit
No preparation is needed to encrypt files and the first time a user encrypts a file an
encryption certificate for the user and a private key are automatically created. If
encrypted files are moved they stay encrypted, if users add files to an encrypted folder
the new files are automatically encrypted. There is no need to decrypt a file before use;
the operating system automatically handles this for you in a secure manner.
In the event of a users private key being lost (either by reinstallation or new user
creation), the EFS recovery agent can decrypt the files. Encrypted files cannot be read
from outside Windows 2000 or within Windows 2000 without the required certificate needed
to decrypt. If youre using Windows 2000 professional in a 4.0-based domain, you will
not be able to use the encrypted file system, as a machine in a domain uses the domain
policy for recovery if the domain does not support EFS (such as a 3.51 or 4.0 domain). To
get around this perform the following:
Remove the Windows 2000 computer from the Windows NT 4.0 domain.
From the command prompt, type:
secedit /refreshpolicy machine_policy /enforce
Rejoin the Windows 2000 computer to the Windows NT 4.0 domain.
Much of the new Windows 2000 file system enhancements are possible thanks to reparse
points which basically provide a hook into the file system and allow
extensions to the storage subsystem without the need for proprietary code to be written.
Reparse points are actually special file system objects which have a special attribute
that activates extra functionality in the storage subsystem. Any file or folder can have a
reparse point, meaning a single path can trigger multiple portions of extended
These just allow you to join folders together so you can map a directory to any local
target directory. Imagine you had three folders, c:\folder1, c:\folder2 and c:\documents.
Its possible to create a directory junction so c:\documents appears as a
subdirectory of the other two folders resulting in c:\folder1\documents and
c:\folder2\documents. Sadly, to create a directory junction you will need to write a
utility since none is supplied.
On first view, directory junctions and the Distributed File System perform some of the
same roles, as they both give the appearance of a single directory tree which actually
consists of multiple, distributed folders, however there are differences:
- DFS utilises the Active Directory to store its information. Thanks to
its Active Directory root DFS can provide fault tolerance and load balancing, directory
junctions cannot provide either of these although in a local context its not as
- DFS is more geared to merging network resources into a single
namespace where as directory junctions only link local machine resources.
- DFS can work using multiple file systems but directory junctions rely
on NTFS 5.0.
- DFS requires a client piece, directory junctions dont.
Mount points are similar to junction points except they allow only the root of a volume to
be mounted as a folder and are created using reparse points, thus the NTFS 5.0
requirement. Mount points are useful for increasing a drives size
without disturbing it. For instance, you could create a mount point to drive d: as
c:\documents thus seeming to increase the size available on c:
To create a mount point just perform the following:
Start the Computer Management MMC snap-in (Start Programs Administrative
Tools Computer Management)
Expand the Storage branch and select Disk Management
Right click on the volume you want to create as a mount point and select Change
Drive Letter and Path
Select a new folder for the folder to be mounted as. If you click browse it
will only show NTFS 5.0 volumes. Click OK
If you now look in Explorer you will see your new mount point, but instead of a folder
icon it will be a drive icon.
Windows 2000 introduces limited quota support which enables you to configure quota limits
on a per user/per volume basis. You cant set a quota over multiple volumes.
Quotas are on file size and even if files are compressed you still only get the MB of
amount of the files. If you had a 5 MB quota and compressed your 5 MB of files using NTFS
compression you would have used all your quota.
Quota support is only available on NTFS 5.0 volumes and is enabled as follows:
Right click on the volume and select properties
Check the Enable quota management box
You can set default options for new users and also set the actions to take if quota is
exceeded, either deny disk space or allow them to carry on. There are also various logging
options, either when a user exceeds their warning level or when they exceed their actual
A warning will be given. Click OK. The quota process will now check the volume and build
up a list of current disk usage.
The new features are certainly welcome, in particular the Encrypted File System and user
quotas are a good start but there are many other third party alternatives to the quota
problem which make the built-in NTFS 5.0 solution only good for very small environments.
I think the option of the upgrade from NTFS 4.0 to NTFS 5.0 would have been good but with
so many Windows 2000 functions relying on NTFS 5.0 I can see why.One final word though, if
you play with the Encrypted File System remember its all certificate based, if you
reinstall Windows 2000 and youre not in a domain youll lose the certificate to
decrypt and access to your work! I know one unhappy person who lost a lot of work after
encrypting his folder and reinstalling the OS. New functions are good but make sure you
understand them before using! Check the NT FAQ, www.ntfaq.com
for information on backing up the EFS recovery certificate.