[an error occurred while processing this directive]


Exploring 2000 - What's in it for me?
(January 2000)
John Savill explores NTFS 5.0 to see how it would suit him

The current version of NTFS is 4.0, I’ve not really noticed any great changes since its first incarnation in Windows NT 3.1 and so we can assume it’s just gone up by 1 with each NT release, NTFS 1 in 3.1, NTFS 2 in 3.5, NTFS 3 in 3.51 and now NTFS 4 in 4.0. Microsoft has made quite a big fuss about NTFS 5.0; is this just an increment to the file system version to match the OS version? Well no. For the first time the jump in the file system number represents a huge leap for the file system functionality.

NTFS was a totally new file system, not just an enhancement to FAT, and offers no ‘backwards compatibility’ for operating systems that only understand FAT, operating systems such as Windows 95, Windows 98 and DOS cannot read NTFS drives so if you want to share a disk between operating systems keep it FAT. There are utilities that exist which enable you to read NTFS from outside NT such as NTFSDos from www.sysinternals.com. Security was a major addition to NTFS. In FAT you could hide files, but anyone could unhide them with the attrib command or view them by using the ‘dir /ah’ command. With computers becoming linked together and more than one person operating a computer, a method was needed to secure files so that only the intended could view/modify files. With NTFS you can assign exact privileges for every user/group to every file and folder providing a secure environment so that only those with the correct permissions can gain access.

As we mentioned above, utilities exist which can access NTFS volumes from outside of the operating system and bypass the NTFS security. More and more people use portables, often with sensitive data on them, and NTFS is no longer secure enough. NTFS 5.0 introduces something to combat this problem.

Dynamic disks

The current volume structure has been carried over from early DOS days; you have a primary partition, and extended partition with a number of logical volumes. Windows 2000 throws this away for a more sophisticated approach. It introduces the idea of a dynamic disk needed for fault tolerant configurations. Dynamic disks are used by the Logical Disk Manager (LDM) which is different from the Disk Management snap-in. Dynamic disks contain only dynamic volumes, there is no concept of a primary partition, logical volume etc. Dynamic disks are needed in Windows 2000 for the creation of mirrored, spanned, striped or striped with parity sets, however, existing sets created under Windows NT 4.0 are supported on basic disks in Windows 2000. Dynamic volumes can also be resized by adding extra space from unpartioned space and used without a reboot.

Only the Windows 2000 operating system understands dynamic disks, Windows 9x, Windows NT 4.0 etc all cannot read dynamic disks and if you multi-boot with any of these do NOT upgrade to dynamic disks. It’s possible to convert a basic disk to a dynamic disk (but this is a one way transformation). Perform the following:

  • Start Computer Manager
  • Expand Storage - Disk Management.
  • Right click on the disk and select ‘Upgrade to Dynamic Disk’
  • Select the disks to upgrade and click OK
  • A summary will be displayed.
  • Click Upgrade
  • Click Yes to the confirmation

Converting Basic disks to Dynamic disks doesn’t require reboots, however, any volumes contained on them after the conversion will generate a popup that basically says a re-boot is necessary before the volumes can be used. It’s safe to say no to the reboot, wait until all the volumes are identified and all the popups go away, and then perform a single re-boot. When you upgrade from basic to dynamic, any existing partitions become simple volumes. Any existing mirrored, striped or spanned volumes sets created with NT 4.0 become dynamic mirrored, striped or spanned volumes respectively.

If you get a message that says you are out of space then you may not have enough unallocated free space at the end of the disk for the private region database that Dynamic disks use to keep volume information. To be Dynamic it needs about 1 MB of this space, sometimes the space is not visible to the user in the GUI, but it is still there. You may not have the space if the partition(s) on the disk take up the entire disk and were created with Setup, an earlier version of NT or another OS. If partitions are created within Windows 2000, the space is reserved, partitions created with Setup will reserve the space in a later release.

To undo this conversion run you should backup any data on the disk you wish to preserve, and then delete all partitions - that should activate the menu choice "Revert to Basic Disk", the entire disk HAS to be unallocated or free space.

The removal of choice

When you install Windows 2000 ALL NTFS partitions will be upgraded to NTFS 5.0. Yes, ANY and ALL NTFS volumes Windows 2000 sees – including removable media – are automatically converted to V5.0 on the fly when Windows 2000 mounts them so make sure if you move disks between machines they are all Windows 2000 or if using Windows NT 4.0 have Service Pack 4 or above installed.

Service Pack 4 for Windows NT 4.0 has an updated NTFS.SYS which can read NTFS 5.0 partitions so apply this to any systems that need to read Windows 2000 NTFS 5.0 partitions and make sure you do this BEFORE installing Windows 2000. You can, if you wish, only copy over the NTFS.SYS if you don’t want to apply Service Pack 4 or above (but you need to anyway to be Y2K compliant, of course if you’re reading this now and you’ve not deployed Service Pack 4, panic!)

By default (you can override using advanced option button) on server installations the boot partition will be upgraded to NTFS if you’re not in a dual boot environment, yep that’s right it automatically upgrades from FAT to NTFS.

Encrypted File System

I mentioned problems with NTFS’s security, that tools exist which require console level access to the machine and require booting off a special disk or CD-ROM, but with more and more mobile computers something extra is needed for sensitive data that is carried with us every day. EFS uses a public/private key encryption scheme and the CryptoAPI architecture. EFS can use any symmetric encryption algorithm to encrypt files, however the initial release only uses DES. 128-bit keys are used in North America, 40-bit internationally.

No preparation is needed to encrypt files and the first time a user encrypts a file an encryption certificate for the user and a private key are automatically created. If encrypted files are moved they stay encrypted, if users add files to an encrypted folder the new files are automatically encrypted. There is no need to decrypt a file before use; the operating system automatically handles this for you in a secure manner.

In the event of a user’s private key being lost (either by reinstallation or new user creation), the EFS recovery agent can decrypt the files. Encrypted files cannot be read from outside Windows 2000 or within Windows 2000 without the required certificate needed to decrypt. If you’re using Windows 2000 professional in a 4.0-based domain, you will not be able to use the encrypted file system, as a machine in a domain uses the domain policy for recovery if the domain does not support EFS (such as a 3.51 or 4.0 domain). To get around this perform the following:

Remove the Windows 2000 computer from the Windows NT 4.0 domain.

From the command prompt, type:
secedit /refreshpolicy machine_policy /enforce

Rejoin the Windows 2000 computer to the Windows NT 4.0 domain.

Reparse Points

Much of the new Windows 2000 file system enhancements are possible thanks to reparse points which basically provide a ‘hook’ into the file system and allow extensions to the storage subsystem without the need for proprietary code to be written.

Reparse points are actually special file system objects which have a special attribute that activates extra functionality in the storage subsystem. Any file or folder can have a reparse point, meaning a single path can trigger multiple portions of extended functionality.

Directory Junctions

These just allow you to join folders together so you can map a directory to any local target directory. Imagine you had three folders, c:\folder1, c:\folder2 and c:\documents. It’s possible to create a directory junction so c:\documents appears as a subdirectory of the other two folders resulting in c:\folder1\documents and c:\folder2\documents. Sadly, to create a directory junction you will need to write a utility since none is supplied.

On first view, directory junctions and the Distributed File System perform some of the same roles, as they both give the appearance of a single directory tree which actually consists of multiple, distributed folders, however there are differences:

  • DFS utilises the Active Directory to store its information. Thanks to its Active Directory root DFS can provide fault tolerance and load balancing, directory junctions cannot provide either of these although in a local context it’s not as necessary.
  • DFS is more geared to merging network resources into a single namespace where as directory junctions only link local machine resources.
  • DFS can work using multiple file systems but directory junctions rely on NTFS 5.0.
  • DFS requires a client piece, directory junctions don’t.

Mount Points

Mount points are similar to junction points except they allow only the root of a volume to be mounted as a folder and are created using reparse points, thus the NTFS 5.0 requirement. Mount points are useful for increasing a drive’s ‘size’ without disturbing it. For instance, you could create a mount point to drive d: as c:\documents thus seeming to increase the size available on c:

To create a mount point just perform the following:

Start the Computer Management MMC snap-in (Start – Programs – Administrative Tools – Computer Management)

Expand the Storage branch and select Disk Management

Right click on the volume you want to create as a mount point and select ‘Change Drive Letter and Path’

Click ‘Add’

Select a new ‘folder’ for the folder to be mounted as. If you click browse it will only show NTFS 5.0 volumes. Click OK

If you now look in Explorer you will see your new mount point, but instead of a folder icon it will be a drive icon.

Disk Quotas

Windows 2000 introduces limited quota support which enables you to configure quota limits on a per user/per volume basis. You can’t set a quota over multiple volumes.

Quotas are on file size and even if files are compressed you still only get the MB of amount of the files. If you had a 5 MB quota and compressed your 5 MB of files using NTFS compression you would have used all your quota.

Quota support is only available on NTFS 5.0 volumes and is enabled as follows:

Start Explorer

Right click on the volume and select properties
Check the ‘Enable quota management’ box

You can set default options for new users and also set the actions to take if quota is exceeded, either deny disk space or allow them to carry on. There are also various logging options, either when a user exceeds their warning level or when they exceed their actual quota.

Click Apply

A warning will be given. Click OK. The quota process will now check the volume and build up a list of current disk usage.

The new features are certainly welcome, in particular the Encrypted File System and user quotas are a good start but there are many other third party alternatives to the quota problem which make the built-in NTFS 5.0 solution only good for very small environments.

I think the option of the upgrade from NTFS 4.0 to NTFS 5.0 would have been good but with so many Windows 2000 functions relying on NTFS 5.0 I can see why.One final word though, if you play with the Encrypted File System remember it’s all certificate based, if you reinstall Windows 2000 and you’re not in a domain you’ll lose the certificate to decrypt and access to your work! I know one unhappy person who lost a lot of work after encrypting his folder and reinstalling the OS. New functions are good but make sure you understand them before using! Check the NT FAQ, www.ntfaq.com for information on backing up the EFS recovery certificate.