CHAPTER 4
MICROSOFT WINDOWS 2000 FILE SYSTEMS
Lesson 1:
Disk Management Basics
Before you can install Windows 2000 Server on a hard disk, the portion of the disk that Windows
2000 will use must be initialized with a storage type, partitioned, and formatted. If the system and the
boot partition will be separate, both the disk area to contain the system files and the disk area to
contain the operating system must be
partitioned and formatted.
Windows 2000 supports 4 types of file system: NTFS, FAT16, FAT32 and CDFS. CDFS is the
CD-ROM file system and the UDF Universal Disk Format.
Setting up a Hard Disk
Whether you are setting up the remaining free space on a hard disk on which you installed Windows
2000 or setting up a new hard disk, there are several tasks that must be performed to prepare the disk:
Initializing the disk with a storage type. Initialization defines the fundamental structure of a hard disk.
Windows 2000 supports two types of disk storage basic and dynamic.
Creating partitions or volumes. You must create partitions on a basic disk or create volumes on a
ynamic disk.
Formatting the disk. After you create a partition or volume, you must format it with a specific file
system. NTFS or one of the tow FAT file system, FAT16, or FAT32. The file system you choose
affects disk operations.
Storage, Partition, and Volume Types
Storage Types:
Windows 2000 Supports two types, basic storage and dynamic storage. You cannot use both
types on one disk, but you can on a multidisk system.
NOTE: Windows 2000 storage types are distinct from hardware-level disk array configurations.
A disk array is more commonly known as a redundant array of independent disks (RAID).
Hardware-level RAID initially appears to Windows 2000 as unallocated space. This space is
configured by Windows 2000 as either a basic or dynamic storage type.
======================================================================
winser4.html PAGE
2 2002/01/12
Basic Storage:
Basic storage is the traditional storage, and it dictates the division of a hard disk into partitions. A
partition is a portion of the disk that functions as a physically separate unit of storage. Windows
2000 recognized primary and extended partitions. A disk that is initialized for basic storage is called
a basic disk. Basic storage is the default for Windows 2000.
Dynamic Storage:
Only Windows 2000 supports dynamic storage. To support dynamic storage, a single partition is
created that includes the entire disk. A disk that you initialize for dynamic storage is a dynamic disk.
Dynamic disks are divided into volumes, which can consist of a portion or portions of one or more
physical disks. A dynamic disk can contain simple volumes, spanned volumes, striped volumes
(RAID-0), mirrored volumes (RAID-1) and striped with parity volumes (RAID-5). You create
a dynamic disk by upgrading a basic disk.
NOTE: Removable storage devices contain primary partitions only. You cannot create extended
partitions, logical drives, or dynamic volumes on removable storage devices. You cannot mark a
primary partition on a removable storage device active.
These are hot swappable, you can switch them when the system is turned on, you do not need to
shut off the system. Not the same as the system I have at home, I must shut off to switch drives.
NOTE: YOU need at least 1 MB of free space to upgrade from Basic to Dynamic.
Partition Types (Basic Disks)
You can divide a basic disk into primary and extended partitions. Partitions function as physically
separate storage units. This allows you to separate different types of information, such as data,
applications on another. A basic disk can contain up to four primary partitions, or up to three
primary partitions and one extended partition, for a maximum of four partitions. Only one
partition can be an extended partition.
======================================================================
winser3.html PAGE
3 2001/01/12
Primary Partitions
Windows 2000 uses primary partitions to start the computer. One of them is marked as active.
An Active partition is where the hardware looks for the boot files to start the operating system.
Only one partition on a single hard disk can be active at a time. To dual boot Windows 2000
with Microsoft 95 or MS-DOS, the active partition must be formatted with FAT16. Windows
95 need FAT16, and later versions need FAT32.
TIP If the active partition is formatted with NTFS, Windows 9x can be started from a floppy
diskette. The diskette contains a pointer to the FAT partition containing Windows 9x.
The Windows 2000 system partition is the active partition that contains the hardware-specific
files required to load the operating system. The Windows 2000 boot partition is the primary
partition or logical drive where the operating system files are installed.
The boot and system partitions can be in the same partition. However the system partition must
be on the active partition, usually C, while the boot partition could be on another primary partition
or on and extended partition.
Extended Partitions
An extended partition is created from free space. You can only have one extended partition on a hard
disk, so it is important to include all remaining free space in the extended partition.
Volume Types (Dynamic Disks)
You can upgrade basic disks to dynamic storage and then create Windows 2000 volumes. Fault tolerance
is the ability of a computer or operating system to respond to a catastrophic event without the loss of data.
In Windows 2000, RAID-1, and RAID-5 volumes are fault tolerant.
Simple Volume
A simple volume contains disk space from a single disk and is not fault tolerant. Simple volumes can be
extended into multiple regions (up to 32 regions) of the same disk.
======================================================================
winser3.html PAGE
4 2001/01/12
Spanned Volume
Included disk space from multiple disks (up to 32). The first disk is completely filled and continues in this
manner through each disk that you include in the spanned volume. It is not fault tolerant. If any disk fails
you loose the entire volume.
Mirrored Volume
A mirrored volume consists of two identical copies of a simple volume, each on a separate hard disk. They
provide fault tolerance.
Striped Volume
RAID-0 combines areas of free space from multiple hard disks (up to 32) into one logical volumes. If a
disk in a striped volume fails, the data in the entire volume is lost. Therefore, RAID-0 is not fault tolerant.
RAID-5 Volume
RAID-5 is fault-tolerant striped volume. Parity information is added to each partition. You need a minimum
of 3 disks for RAID 5.
Dynamic Disk and Dynamic Volume Limitations
Dynamic disks can be read only by computers running Windows 2000. You can dual boot a dynamic disk system.
File Systems
Windows 2000 provides read and write support for the NTFS, FAT16, and FAT32 file systems. If you
want disk compression, quotas, or file-levelsecurity you should use NTFS.
FAT16 and FAT32 allow access by and compatibility with other operating systems. To dual boot Windows
2000 and another operating system, format the system partition with either FAT16 or FAT32.
======================================================================
winser3.html PAGE
5 2001/01/12
Common Disk Management Tasks
The Disk Management snap-in provides a central location for disk information and management tasks,
such as creating and deleting partitions and volumes.
You can create a custom MMC and add the Disk Management snap-in to it. The Disk Management MMC
on the Administrative Tools menu. The Disk Management provides shortcuts from the desktop to the
associated task.
Use the Disk Management snap-in to configure and manage your network storage space. You can view the
storage system graphically or view a list. You can also upgrade from basic to dynamic.
Working with Simple Volumes
A simple volume contains disk space from a single disk. You can extend a simple volume to include
unallocated space on the same disk. A simple volume is not fault tolerant, however you can set up two
simple volumes that are mirrored.
You can format a simple volume with NTFS, FAT16, or FAT32, but you can extend that volume
only if it is formatted with NTFS.
Disk Management/Computer Management/Create Volume/Create
Volume Wizard
To extend an NTFS simple volume, right-click the simple volume you want to extend and click
Extend Volume. When you extend a simple volume to another disk, it becomes a spanned volume.
Working with Spanned Volumes
A spanned volume consists of disk space from multiple disks; spanned volumes enable you to use the
total unallocated space on multiple disks more effectively. You can create spanned volumes only on
dynamic disks. Spanned volumes cannot be part of a mirror volume or striped volume and are not
fault tolerant. In you lose any part of a spanned volume you loose the entire thing.
======================================================================
winser3.html PAGE
6 2001/01/12
Combining Free Space to Create a Spanned Volume
You require 2-32 disks of free space. They can all be different sizes. One disk is filled before
writing to another.
By deleting smaller volumes and combining them into one spanned volume, you can free drive
letters for other uses and create a large volume for file system use.
NOTE: All dynamic disk configurations available in Windows 2000 can be configured to use different
technology, manufacturer, or model controllers in a computer. For example, one dynamic disk in a
spanned volume could be connected to an Integrated Device Electronics (IDE) controller while the
other disk is connected to a small computer system interface (SCSI) controller.
Extending and Deleting
You can extend spanned volumes formatted with NTFS by adding free space. Disk Management
formats the new area without affecting any existing files on the original volume. You cannot extend
volumes formatted with FAT16 or FAT32.
You can extend spanned volumes on dynamic disks into a maximum of 32 dynamic disks. After a
volume is extended, it cannot be
part of a mirror set or stripe set. You cannot extend a system or
boot volume.
Working with Striped Volumes
Striped volumes offer the best performance of all the Windows 2000 Server disk management
strategies. In a striped volume, data is written evenly across all physical disks in 64-kilobyte (KB)
units. You can have concurrent I/O commands therefore increasing speed.
You create striped volumes by combining areas of free space from multiple disks (2-32) into one
logical volume. There is no fault tolerance. If a disk in a striped volume fails, the data in the entire
volume is lost.
You need at least two dynamic disks to create a striped volume, and you can create the striped
volume onto a maximum of 32 disks. However, you cannot extend or mirror striped volumes.
======================================================================
winser3.html PAGE
7 2001/01/12
Adding Disks
When you install new disks in a computer running Windows 2000, they are added as basic storage.
Adding New Disks
To add a new disk, install or attach the new physical disk (or disks) and then click Rescan Disks
on the Action menu of the Disk Management snap-in.
You must use Rescan Disks every time that you remove or add disks to a computer.
Adding a Disk that you removed form another Computer
Use Disk Management to add the disk. To do this, right-click the added disk and then click
Import Foreign Disk. A Wizard provides on-screen instructions.
To do this, right-click the added disk and then click Import Foreign Disk. A wizard provides
on-screen instructions.
Changing Storage Type
You can upgrade a disk from basic storage to dynamic storage at any time, with no loss of data.
Any existing mirrored, striped or spanned volume sets created with Windows NT 4.0 become
dynamic mirrored, striped, or spanned volumes, respectively. A Windows NT 4.0 stripe set
with parity converts to a RAID-5 volume
Any disk to be upgraded must contain at least 1 MB of unallocated space for the upgrade to
succeed.
====================================================================
Basic disk
organization Dynamic
Disk organization
====================================================================
System partition Simple Volume (cannot be extended)
Boot partition Simple Volume (cannot be extended)
Primary partition Simple Volume
Extended partition Simple Volume for each logical drive and any
Remaining unallocated space
Logical drive Simple volume
======================================================================
winser3.html PAGE
8 2001/01/12
Volume Set Spanned volume
Stripe Set Striped volume
Mirror Set Mirrored volume
Stripe set with parity RAID-5 volume
======================================================================
Upgrading Basis Disks to Dynamic Disks
To upgrade a basic disk to a dynamic disk, right-click the basic disk that you want to upgrade and
then click Upgrade to Dynamic Disk. A wizard provides on-screen instructions. You must restart
the computer.
After you upgrade a basic to dynamic disk, you can create volumes with improved capabilities on
the disk, but the disk cannot contain primary or extended partitions. Only Windows 2000 can
access dynamic disk.
Reverting to a Basic Disk from a Dynamic Disk
You must remove all volumes from the dynamic disk, so that the entire disk is unallocated space,
before you can change it back to a basic disk.
CAUTION: Converting a dynamic disk to a basic disk causes all data to be lost.
Viewing and Updating Information
To view disk properties in Disk Management, right-click the name of the disk in the Graphical View
window and then click Properties.
======================================================================
Category Description
======================================================================
Disk The number for the disk in the system, for example, Disk 0,
Disk 1, Disk 2, and so on.
Type Type of storage (basic, dynamic or removable)
Status Online, Offline, foreign, or unknown
======================================================================
winser3.html PAGE
9 2001/01/12
Capacity The total capacity for the disk.
Unallocated Space The amount of available unused space on the disk. This
Does not show free space on basic disk partitions or
Dynamic disk volumes.
Device Type IDE, SCSI, or enhanced IDE (EIDE). Also shows the IDE
Channel (Primary or secondary) on which an IDE disk
Resides and the port, target ID, and LUN number for
SCSI disk identification.
Hardware Vendor The hardware vendor for the disk and the disk type
Adapter Name The type of controller to which the disk is attached
Volumes contained The volumes that exist on the disk and their total
On this disk capacity.
======================================================================
Volume Properties
To view volume properties in Disk Management, right-click a volume in the Graphical view window
or in the Volume List window and then click Properties.
=======================================================================
Tab Description
=======================================================================
General Lists the volume label, type, file system, and used the free space.
NTFS volumes list two options: (1) compress drive to save disk
Space and (2) Allow Indexing Service to index this drive for
Fast file searching.
Tools Provides a single location from which you can perform volume
Error checking, backup, and defragmentation tasks.
Web Sharing Used to share specifies folders through Internet Information
Services (IIS). This tab appears only if IIS is installed on Windows
2000 Server or if Personal Web Server is installed on Windows
2000 Professional.
Sharing Used to set network-shared volume parameters and permissions.
Hardware Used to check properties of the physical disks installed on the
System an to troubleshoot them.
======================================================================
winser3.html PAGE
10 2001/01/12
Security Used to set NTFS access permissions. This tab is available only
for NTFS version 4.0 and 5.0 volumes. (Windows 2000 uses
NTFS version 5.0)
Quota Used to set user quotas for NTFS 5.0 volumes.
======================================================================
Refresh and Rescan
When you are working with Disk Management, you might need to update the information in the display.
The two commands for updating the display are Refesh and Rescan.
Refresh updates drive letter, file system, volume, and removable media information and determines
whether unreadable volumes are not readable. To update drive letter, file system, and volume
information, click Action and then click Refresh.
NOTE: If you are running the Computer Management snap-in, select the Disk Management node or
any object within this node to start a refresh or rescan operation.
Managing Disks on a Remote Computer
As a member of the Administrators group, you can manage disks on a computer running Windows
2000 that is a member of the same workgroup, domain, or a trusted domain from any other computer
running Windows 2000 in the network.
Lesson Summary:
partitioned, and formatted. Windows 2000 supports basic storage and dynamic storage.
extended partition.
of one or more physical disks.
to perform include adding and removing hard disks and changing the disk storage type.
======================================================================
winser3.html PAGE
11 2001/01/12
Lesson 2:
File Allocation Table (FAT)
Windows 2000 supports two versions of the FAT file system: FAT16 and FAT32.
If FAT32 you cannot extend it, you must convert it to NTFS and then extend it.
The FAT file system wastes a lot of space.
Introduction to the FAT File System
The FAT file system was designed when disks were smaller and folder structures were simple. To protect
the file system, two copies of the file allocation table are stored on the volume.
FAT16 works the same in Windows 2000 as it does in MS-DOS, Windows 3.x, Windows 95, and
Windows 98. FAT32 works the same in Windows 2000 as it does in Windows 95 OSR2 and
Windows 98.
When running Windows 2000, you can move or copy files between FAT and NTFS volumes.
You cannot use Windows 2000 with an compression or partitioning software that requires disk drivers
to be located by MS-DOS.
The FAT16 File System
The FAT disk format is organized into sectors. Each sector can store 512 bytes of data. This is the
smallest unit that is used when reading or writing to or from the disk.
Although the sector is the smallest unit used when transferring data to and from a FAT partition, the
cluster (also called an allocation unit) is the smallest unit the operating system uses when allocating file
storage space on a FAT partition. The size of the cluster varies from drive to drive, depending on the
size of the partition. The default cluster size is determined by the partition size and can be as large as
64 KB.
The file allocation table identifies each cluster in the partition as one of the following:
======================================================================
winser3.html PAGE
12 2001/01/12
· Unused
· Cluster in use by a file
· Bad cluster
· Last cluster in a file.
NOTE: Volumes less than 16 MB will usually be formatted for 12-bit FAT, but the exact size depends
on the disk geometry. FAT12 was the original implementation of FAT. If is intended for very small
media. By taking less space for each FAT entry, the space consumed by the FAT itself is smaller.
Therefore, more space is available for data as opposed to on-disk file system structures. Currently,
users might see FAT12 on very small or old media. For example, 3.5inch floppies are FAT16,
whereas 5.25 inch floppies are FAT12.
The root folder contains an entry for each file and folder on the volumes. The only difference between
the root folder and other folders is that the root folder is on a specified location on the disk and has a fixed
size of 512 table entries per disk drive. The number of entries on a floppy disk depends on the size of the
disk.
The size required when you install an operating system depends on the cluster size, that is why it will vary,
depending on the cluster size.
Sector VS the Cluster
The sector is the smallest portion 512 bytes. The cluster is the smallest unit of storage 64KB. A sector
can be within a cluster, but not the other way around. See page 172 for the chart. What is the advantage
of large cluster size? It is a waste of space, but it has faster reads and writes.
If you have 3 volumes: 500, 700, and 900. What is the largest spanned volume, and what is the largest
stripe set. The spanned volume is 2,1000 (just add them all up), and the stripe set is 500 X 3 = 1,500,
take the smallest and multiply from the number of disks.
Boot Sector
On system (active) partition
File Allocation Table
(FAT)
Primary
File Allocation Table
(FAT)
Copy for fault tolerance
Root folder
Fixed location and length (512 entries long)
======================================================================
winser3.html PAGE
13 2001/01/12
Other folders and all files
Folders have a 32-byte entry for each file and folder contained in the folder. The following table lists
the components of the file and folder entries:
======================================================================
Entry Component Bits
======================================================================
Name 8.3 format
Attribute 8
Create time 24
Create date 16
Last access date 16
Last modified time 16
Last modified date 16
Starting cluster number in FAT 16
File size 32
=======================================================================
There is no organization to the FAT folder structure. Files are given the first available location on the
volume. The starting cluster number is the address of the first cluster used by the file. Each cluster
contains a pointer to the next cluster in the file or a hex indicator (OxFFFF) that the cluster is the
end of the file.
The information in the folder is used by all operating systems that support the FAT file system.
Windows NT operating systems can store additional time stamps in a FAT folder entry.
Because all entries in a folder are the same size, the attribute byte for each entry in a folder describes
what kind of entry it is. For example, one bit indicates that the entry is for a subfolder, and another
bit marks the entry as a volume label.
======================================================================
winser3.html PAGE
14 2001/01/12
The attributes byte includes four bits that can be turned on or off by the user:
The FAT16 file system is included in Windows 2000 to support backward compatibility with pervious
Windows products. In addition, FAT16 offers widespread compatibility with many other
non-Microsoft operating systems.
As in previous versions, the maximum FAT16 partition size in Windows 2000 is 4 gigabytes (GB).
The default cluster size is determined by the size of the partition. The following table shows the
default cluster sizes for FAT16 volumes:
======================================================================
Partition size Sectors per Cluster
Cluster size
======================================================================
0 MB-32 MB 1 512 bytes (equivalent
to the partition sector
size)
33 MB-64MB 2 1024 bytes
65 MB-128 MB 4 2048 bytes
129 MB-256 MB 8 4096n bytes
256 MB-512 MB 16 8192 bytes
512 MB – 1024 MB 32 16 KB
1024 MB- 2048 MB 64 32KB
2048 MB – 4096 MB 128 64KB
======================================================================
NOTE: Disks that can support sector sizes greater than 512 bytes can create 128KB and 256 KB
clusters. However, the larger the cluster size the greater the potential for wasting disk space. Large
cluster sizes are ideal for very large files like databases.
======================================================================
winser3.html PAGE
15 2001/01/12
The FAT32 File System
The main benefit of FAT32 is its ability to support partitions larger than those handled by FAT16.
FAT16 supports partitions up to 4GB in size, while FAT32 supports partitions up to 2047GB.
However, Windows 2000 FAT32 implementations are limited to creating 32-GB volumes,
although existing FAT32 volumes greater than 32 GB can be mounted.
Existing FAT tools and drivers should continue to work on FAT32 partitions. MS-DOS operating
system disk tools must be revised to support FAT32 drives.
However, because 4 bytes are not required in the take to store cluster values, many internal and
on-disk data structures and published APIs have been revised or expended.
FAT32 Partition Structure
The major benefit of FAT32 over FAT16 is the larger partition sizes it can support. FAT32 breaks
the 4GB partition limit by extending partition capacity. If you format a partition with FAT16, you
have to specify at least 32 KB cluster to support a 4GB or larger partition.
The largest possible file for FAT32 drive is 4GB minus 2 bytes. FAT32 includes 4 bytes per cluster
within the file allocation table. This differs from the FAT16 file system, which contains 2 bytes per
cluster.
A FAT32 partition must have a least 65,527 clusters and the partition cluster size cannot be increased.
Boot sector points to
The first cluster of the root folder.
Root folder can be located anywhere on disk, boot sector points to it. Limit to 65,535 entries.
File Allocation Table
(FAT)
Primary
File Allocation Table
(FAT)
Secondary-mirroring of primary can be disabled for performance.
Other folders and all
files
Varies.
======================================================================
winser3.html PAGE
16 2001/01/12
FAT16 and FAT32 file
systems do not scale well. As the volume
gets bigger, the file allocation table
gets bigger. One
advantage of the large file allocation table is that it dramatically increases
the amount
of time it takes the operating system to compute how
much free space is on the boot volume upon reboot.
File System Limits
The maximum size of a FAT32 volume is limited by the maximum number of FAT entries, the number
of sectors per cluster, and the 32-bit sector count in the partition record. (Sectors of 512 bytes
each are assumed).
The following table maps the maximum partition size possible per cluster size:
======================================================================
Cluster size Maximum
volume size
======================================================================
512 bytes 127.9GB
1KB 255.9GB
2KB 511.9 GB
4KB 1023.9 GB or 1 Terabyte (TB)
8KB 2047 GB (2 TB)
16KB 2047 GB (2TB)
32KB 2047 GB (2TB)
======================================================================
Keep in mind that Windows 2000 limits partition size to 32 GB but will mount larger FAT32
partitions created in other operating systems such as Windows 98.
Lesson Summary:
Windows 2000 supports two versions
of the FAT file system, FAT16 and FAT32.
======================================================================
winser3.html PAGE
17 2001/01/12
the disk in clusters, also known as allocation units.
8 sectors, or as large as 64KB or 128 sectors.
2047 GB in size.
FAT32 partitions that are 2047 GB in size.
data structures, application programming interfaces (APIs) and on-disk format.
Lesson 3:
NT File Systems (NTFS)
Windows 2000 comes with a new version of NTFS. The newest version, NTFS version 5.0,
provides performance, reliability and compatibility not found in FAT. The NTFS data structure
allows you to take advantage of new features based on reparse points. NTFS includes security
features required for file servers and high-end personal computers in a corporate environment,
and it also includes data access control and ownership privileges important for data integrity.
Introduction to NTFS
Microsoft recommends that you format all Windows 2000 partitions with NTFS, except multiple-
boot configurations where non-Windows 2000 and non-Windows NT operating systems are
necessary. Formatting your Windows 2000 partitions with NTFS instead of FAT allows you
to use features available only on NTFS, including recoverability and compression. NTFS
guarantees the consistency of the volume by using standard transaction logging and recovery
techniques.
NTFS supports all Windows 2000 operating system features. It provides faster access speed
than FAT and minimizes the number of disk accesses required to find a file. In addition, NTFS
allows you to set local permissions on files and folders that specify which groups and users have
access to them. This includes setting the level of access that is permitted.
NTFS file and folder permissions apply both to users working at the computer where the file is
stored and to users accessing the file over the network when the file is in a shared folder. With
NTFS you can also share rights that operate on shared folders in combination with file and folder
permissions. FAT only supports share rights.
======================================================================
winser3.html PAGE
18 2001/01/12
TIP Do not configure share folder rights on NTFS partitions. Instead, configure local NTFS
permissions.
Features of Windows 2000
All the new features and enhancements in Windows 2000 are supported by the NTFS file system.
This section outlines many of these features and how they relate to NTFS.
Reparse Points
Reparse points are new file system objects in NTFS used in Windows 2000.
Reparse point allows you to mount a volume (simple) with no drive letter (folder in C: drive) The
user can tell it is a drive by the icon displayed in the hierarchy. You can do this in Disk Management,
mounting volumes. The advantage of mounting volumes, is if you run out of drive letters from A-Z,
you can mount volumes with a separate folder name, and the names are endless, as many as you
can think of. You can share a mounted drive.
A mounted drive is not an extended drive. When you go into command prompt, the drive is listed
as a Junction, not a DIR.
The NTFS directory junction filter driver intercepts the call and executes the enhanced functionality
associated with the reparse point. In the case of a directory junction, the driver mounts another
namespace.
The file system driver returns the call to the calling application. The file system driver mounts
another namespace and returns a handle to the calling function.
NOTE: If the directory junction is removed, the reparse point will not be present. Therefore,
he call to open a directory will not be intercepted by one of the file system filter drivers in the I/O
stack, resulting in normal behavior.
Two of the file system enhancements that reparse points provide include the following:
Hierarchical storage management. Unused files are automatically archived to less expensive
media tape or removable drive.
======================================================================
winser3.html PAGE
19 2001/01/12
Volume mount point. Allows the user to view multiple disk volumes as a single drive.
NOTE: There is a 2MB for Overhead for NTFS File system information.
Native Structured Storage
NNS or Native Structured Storage is a new function of Windows 2000. NSS allows ActiveX
documents to be physically stored in the same multistream format that ActiveX uses to logically
process structured storage. The NSS file system filter makes a file on the disk look like an OLE-
structured storage file.
The NSS file system filter makes all of this appear transparent to an application. The NSS filter
also allows an NSS file to be copied to a floppy, converting the file to the old file format and vice
versa.
Windows 2000 requires a reparse point be placed on any file that uses NSS. A reparse point in a
file performs the following functions:
Indicates that the file has multiple streams
Instructs a file system filter driver to translate the multiple streams into a single stream when the file
is migrated to file systems that do not support NSS.
Disk Quotas
Administrators can not limit the amount of disk space users can consume on a server. Disk Quotas
is a powerful tool used to monitor and constrain disk space usage.
Sparse file Support
Sparse files allow programs to create very large files but to consume disk space only as needed.
NTFS deallocates sparse data streams and maintains only non-sparse data as allocated. When a
program accesses a sparse file, the file system yields allocated data as actual data and deallocated
data as zeros.
A sparse file contains an attribute that causes the I/O subsystem to interpret the file’s data based on
allocated ranges. When a sparse file is read, allocated data is returned as stored, and nonallocated
data is returned, by default, as zeros in accordance with the C2 security requirement specification.
This is not
compression, but similar procedure.
======================================================================
winser3.html PAGE
20 2001/01/12
Sparse File Utilization
NTFS includes full sparse file support for both compressed and uncompressed files. Disk allocation
is required for specified ranges only. NTFS handles read operations on sparse files by returning
allocated data and sparse data defined by file map ranges.
Data streams with an NTFS sparse attribute set have two allocation definitions. The first is the virtual
AllocatedLength, which is rounded up to a cluster boundary greater than or equal to the size of the stream.
An example of sparse utilization is a scientific application that might require 1 TB of storage for data
used in a matrix. Actual meaningful data in the matrix might account for only 1 MB. File system
APIs allow the file to be copied or backed up as actual bits and sparse stream ranges. The net result
is efficiency in file system storage and access.
Link Tracking and Object Identifiers
Similar to linking Word and Excel files.
Change Journal
The Change Journal is a sparse stream that creates a persistent log of track file information about additions,
deletions, and modifications for each NTFS volume. This is useful for applications that need to know what
has occurred on a particular volume.
Change Journal Awareness
The Change Journal will not affect a storage application unless it is specifically used by that application.
The Change Journal operates in a bounded space. It is based on a sparse data stream that allows for
deallocation from the front of a file. It is applicable only to NTFS used in Windows 2000 volumes.
Unique Sequence Number
The USN Journal provides a persistent log of changes made to files on the volume. Applications can
consult the USN Journal for information about the modifications made to a set of files.
======================================================================
winser3.html PAGE
21 2001/01/12
When a user, and administrator, or another domain controller updates a directory object, the directory
object’s controller assigns that change a USN. Each controller maintains its own update sequence numbers
and applies each one incrementally to each directory change made to that controller’s directory.
When the domain controller writes the change into the directory, it also writes the USN of the change
with the property. This is an automatic operation (a procedure that is considered one invisible process),
so when the controller writes the property change and the change’s USN, it will either succeed
completely or fail completely.
CD and DVD Support
Windows 2000 supports CDFS, UDF, and digital video disc (DVD) storage devices.
Megabyte, Gigabyte, Terabyte, Petabyte, Exabyte.
CD-ROM File System
Windows 2000 continues to provide read-only support for CDFS, which is ISO 9660 compliant.
Windows 2000 also supports long filenames as listed in the ISOL 9660 level two standards.
Windows 2000 only support CD-ROM (Read only), if you want to write to you need to have 3rd
party software.
When creating a CD-ROM to be used under Windows 2000, the following standards must be followed:
NOTE: CDFS does not support lowercase filenames. When an attempt to access a lowercase
filename or directory on a CD-ROM is made, the error message “File Not Found” appears.
Universal Disk Format
The UDF, which is new for Windows 2000, is a file system designed for interchanging data on
DVD and CD. The primary intention of UDF is to support read-only DVD-ROM media. UDF
is a standards-based file system that is ISO 13346 compliant.
======================================================================
winser3.html PAGE
22 2001/01/12
======================================================================
Item Requirement
======================================================================
Logical/Physical Sector Size The logical and physical sector size for a
specific volume will be the same.
Logical Block Size The logical block size for a logical volume
should be set to the logical sector size of the
volume.
Volume Set Physical Sector Size The physical sector size within all media of the
same volume set should have the same
physical sector size.
======================================================================
With UDF, multivolume support and multipartition support are optional. Media support is limited to
rewrite, overwrite, and write onece, read many (WORM) media only.
DVD Support
One of the new storage devices that Windows 2000 supports is DVD. DVD has a capacity nearly 20
times that of a regular CD, so a user can store several video demos for a client presentation and still
have room for other material.
Support for DVD from Microsoft is not limited to a new device driver to support DVD-ROM drives.
Since DVD encompasses such a broad range of uses and technologies, DVD must be viewed in the
context of the whole computer. DVD-ROM discs and devices provide cost-effective storage for
large data files. In the future, DVD will allow for writeable devices, allowing a larger range of options.
On most PCs that have Microsoft DVD support, DVD will work as a storage device and, if the
proper decoding hardware is present, will support full DVD playback.
DVD-ROM Class Driver
DVD-ROM has its own industry-defined command set. Support for this command set is provided
in Windows 95 by an updated CD-ROM class driver.
Support for UDF is provided to ensure support for UDF-formatted DVD discs. Windows 2000
will provide UDF installable file system similar to FAT 16 and FAT32.
======================================================================
winser3.html PAGE
23 2001/01/12
Copyright Protection
Copyright protection for DVD is provided by encrypting important sectors on a disc and then
decrypting those sectors prior to decoding them. Microsoft will provide support for both software
and hardware decrypters by using a software module that will enable authentication between the
decoders and the DVD-ROM drives in a PC.
Regionalization
As part of the copyright protection scheme used for DVD, six worldwide regions have been set
up by the DVD Consortium. Discs are playable on DVD devices in some or all of the
regions according to regional codes set by the creators of the content.
Structure of NTFS
The main components of NTFS structure are: NTFS volume structure, Windows 2000 boot sector,
Windows 2000 Master File Table and Metadata, and NTFS file attributes.
NTFS Volume Structure:
NTFS uses clusters (also known as allocation units) made up of one or many sectors as the
fundamental unit of disk allocation. However, the default cluster size depends on the partition size.
In Disk Management you can specify a cluster size up to 4KB (4096 bytes). If the Format.exe
program is used to format the NTFS volume through the Command Prompt, a user can specify
any of the default cluster sizes in this table:
WARNING NTFS compression is not supported for cluster sizes greater than 4KB.
The cluster sizes in this table are only recommendations. The sizes can be changed if necessary.
However, changing disk cluster size requires that a partition be reformatted:
=====================================================================
Volume size Sectors
per cluster Cluster size
=====================================================================
512 MB or less 1 512 bytes
513 MB –1024 MB 2 1KB
======================================================================
winser3.html PAGE
24 2001/01/12
1025 MB-2048 MB 4 2 KB
2049 MB-4096 MB 8 4 KB
4097 MB-8192 MB 16 8 KB
8193 MB-16,384 MB 32 16 KB
16,385 MB – 32,768 MB 64 32 KB
> 32,768 MB 128 64 KB
=======================================================================
Windows 2000 Boot Sector
The first information found on a NTFS volume is the boot sector. The boot sector starts at sector
0 and can be up to 16 sectors long. It consists of two structures:
The BIOS Parameter Block, which contains information on the volume layout and file system
structures.
Code that describes how to find and load the startup files for the operating system being loaded.
For Windows 2000 on X86-based computers, this code loads the file Ntldr.
Windows 2000 Master file Table and Metadata
When a volume is formatted with NTFS, a Master File Table (MFT) and Metadata are created.
NTFS uses MFT entries to define the files they correspond to. All information about the file,
including its size, time and date stamps, permissions, and data content, is stored either within
MFT entries or in space external to the MFT but described by the MFT entries.
NTFS allocates space for each MFT record based on the cluster size of the file. The attributes
of the file are written to the allocated space in the MFT.
Each file usually has one file record. However, if a file has a large number of attributes or becomes
highly fragmented, it might need more than one file record.
Small files and directories (typically 1500 bytes or smaller) are contained entirely within the
file’s
MFT
record.
======================================================================
winser3.html PAGE
25 2001/01/12
Metadata are the files NTFS uses to implement the file system structure. NTFS reserves the first
16 records of the MFT for Metadata (approximately 1 MB). The remaining records of the MFT
contain the file and directory records for each file and directory on the partition.
If the first MFT record is corrupted, NTFS reads the second record to find the MFT mirror file.
The data segment locations for both $Mft and $MftMirr are recorded in the boot sector.
NTFS File Attributes
Every allocated sector on an NTFS partition belongs to a file. Even the file system Metadata is
part of a file. NTFS vies each file (or folder) as a set of file attributes.
An attribute type code and, optionally, an attribute name identify each attribute. When a file’s
attribute can fit within the MFT file record for that file, they are called resident attributes.
Implementation of NTFS
When implementing NTFS, several factors should be taken into consideration: upgrading to
Windows 2000, multibooting Windows 2000, and NTFS compatibility issues.
Upgrading to Windows 2000
An upgrade from Windows NT to Windows 2000 (when not in multiple booting) results in the
following:
Windows NT 4.0 Service Pack or Later Conversion
When Windows 2000 is installed on a computer running Windows NT 4.0 with Service Pack
(SP) or later the NTFS volumes are upgraded to NTFS version 5.0 the first time the new
operating system is booted.
======================================================================
winser3.html PAGE
26 2001/01/12
FAT Volume Conversion
Conversions from FAT to NTFS 5.0 take place only if the user confirms it. Winnt32.exe started
in attended mote will display a file system conversion page providing users an option to convert their
existing FAT file system to NTFS.
Installations or upgrades started with Winnt32.exe in unattended mode will convert or leave the file
system alone, based on the value of the FileSystem value name in the answer file. Conversion will
occur automatically if FileSystem= ConvertNTFS and will not be converted if
FileSystem = LeaveAlone.
If a user runs Setup by using Winnt.exe, boot floppies, or CD-ROM boot, the Text mode of the
installation process allows the user to choose the file system.
*** See the table on page
188 ***
Multibooting Windows 2000
The ability to access NTFS volumes when a user multiple boots Windows 2000 with earlier
versions of Windows NT depends on which version of Windows NT is used.
If a user multiple boots Windows 2000 and Windows NT 4.0, SP4, any basic (nondynamic)
volumes formatted with NTFS used in Windows 2000 can be read.
Configurations affected by this scenario include the
following:
NTFS Compatibility
If a user is running Windows NT 4.0 SP4, any basis (nondynamic) volumes formatted with
NTFS used in Windows 2000 can be read.
Ntfs.sys File System Driver
The new Ntfs.sys Windows NT 4.0 file system driver provides support for mounting volumes and
dual-boot systems in mixed Windows NT environments. Because of these compatibility issues,
dual booting between Windows NT 4.0 and Windows 2000 is not recommended. The Windows
NT 4.0 SP4 NTFS driver is provided only to assist in evaluating and upgrading to Windows 2000.
======================================================================
winser3.html PAGE
27 2001/01/12
Windows NT does not support:
Mounting Volumes
Windows NT 4.0 systems pre-SP4 are not able to mount NTFS 5.0 volumes. Windows 2000
automatically upgrades NTFS 4.0 volumes to NTFS version 5.0
Dual-Boot Systems
The new NTFS file system driver allows you to dual-boot between Windows NT 4.0 and Windows
2000 systems. To dual-boot Windows NT 4.0 and Windows 2000, install Windows NT 4.0 SP4
on the systems.
Utilities such as CHKDSK and AUTOCHK will not work.
Since files can be read and written on NTFS 5.0 volumes under Windows NT 4.0, Windows 2000
might need to perform clean-up operations on the volume after it was mounted on Windows NT 4.0.
Disk Quotas
When running Windows NT 4.0, Windows 2000 disk quotas are ignored. This means that users can
allocate more disk space than is allowed by their Windows 2000 quota.
Users can still read and write data to existing files, but they cannot increase the size of the file.
NOTE: This is normal quota behavior any time the quota system is taken from a nontracking or tracking
state to an enforced state. The same behavior will manifest itself when a system is upgraded from
Windows NT 4.0 to Windows 2000 with quota enforcement.
======================================================================
winser3.html PAGE
28 2001/01/12
Encryption
No operations, including open, read, write, copy and delete can be done on encrypted files under
Windows NT 4.0
Sparse Files
No operations, including open, read, write, copy and delete can be done on sparse files under
Windows NT 4.0
Object Ids
Full access to the object is available under Windows NT 4.0 Objects can be opened, read, written,
copied, and deleted. If the user has deleted a file with an object ID on it, Windows 2000 must scan
and clean up the orphaned entry in the index.
USN Journal
The USN Journal is ignored under Windows NT 4.0. No entries are logged when files are accessed.
Since the USN Journal is ignored under Windows NT 4.0, not all file changes are logged in the USN
Journal. When Windows 2000 boots, the USN Journal parameters are reset to indicate that the Journal
history is incomplete.
Reparse Points
No operations, including open, read, write, copy and delete, can be done on reparse points under
Windows NT 4.0. Since reparse points cannot be accessed on Windows NT 4.0, no clean-up
operations are necessary under Windows 2000.
Lesson Summary:
NSS and disk quotas.
======================================================================
winser3.html PAGE
29 2001/01/12
Lesson 4:
File System Security
Sharing folders is the only way to make folders and their contents available over the network.
Shared folders provide a way to secure file resources; they can be used on FAT16 and FAT32
partitions, as well as on NTFS partitions.
But NTFS supports more than just shared folders. NTFS permissions can be used to specify which
users and groups can gain access to files and folders and what they can do with their content.
NTFS permissions are not available on volumes that are formatted with FAT.
Shared Folders
Shared folders are used to provide network users with access to file resources. When a folder is
shared, users can connect to the folder over the network and gain access to the files it contains.
Shared Folder Permissions
A shared folder can contain applications, data, or users’ personal data (called home folders) Each
type of data can require different shared folder permissions.
Shared folder
permissions have the following characteristics in common:
at the computer where the folder is stored. They
apply only to users who connect to
the folder over the network.
volume. NTFS permissions are not available on FAT volumes.
you share the folder.
A shared folder appears in Microsoft Windows Explorer as an icon of a hand holding the shared folder.
======================================================================
winser3.html PAGE
30 2001/01/12
To control how users gain access to a shared folder, you must assign shared folder permissions.
=======================================================================
Permission Description
=======================================================================
Read Users can display folder name,
Change Users can create folders, add files to folders, change data
in files, append data to files, change file attributes, delete
folders and files, and perform actions permitted by the
Read permission.
Full Control Users can change file permissions, take ownership of files,
and perform all tasks permitted by the Change permission.
=====================================================================
You can allow or deny shared folder permissions to individual users or to users groups. Generally,
it is best to assign permissions to a group rather than to individual users. You should deny
permissions only when it is necessary to override permissions that are otherwise applied.
Applying Shared Folder Permissions
Applying shared permissions to user accounts and groups affects access to a shared folder.
Denying permission always overrides.
Multiple Permissions
A user can be a member of multiple groups, each with different permissions that provide different
levels of access to a shared folder. For example, if a user has Read permission and is a member
of a group with Change permission, the user’s effective permission is Change, which includes Read.
Deny Overrides Other Permissions
Deny permissions take precedence over any permissions that you otherwise allow for user accounts
and groups. If you deny a shared folder permission to a user, the user will not have that permission,
even if you allow the permission for a group of which the user is a member.
NTFS Permissions
Shared folder permissions are sufficient to gain access to files and folders on a FAT volume but are
not the best solution for an NTFS partition. On a FAT partition, users can gain access to a shared
folder in which they have permissions, as well as to all the folder’s contents.
======================================================================
winser3.html PAGE
31 2001/01/12
If share rights are configured for a folder and NTFS permissions are configured for folder or files
within a folder, the most restrictive rights will become the user’s effective rights to the resource
Copying or Moving Shared Folders
When you copy a shared folder, the original shared folder is still shared, but the copy is not shared.
When you move a shared folder, it is no longer shared.
Guidelines for Shared Folder Permissions:
required tasks.
within a folder.
use share names that all client operating systems can use.
Windows 2000, provides 8.3 character equivalent names, but the resulting names might not be
intuitive to users.
Sharing folders
You can share resources with others by sharing folders containing the resources. You can also control
access to the folder and its contents by assigning permissions to selected users and groups. Once you
have shared a folder, users must connect to the shared folder and must have the appropriate
permissions to gain access to it.
Requirements for Sharing Folders
In Windows 2000, members of the built-in Administrators, Server Operators, and Power Users
groups are able to share folders.
======================================================================
winser3.html PAGE
32 2001/01/12
share folders residing on any machines in the domain.
can share folderson the Windows 2000 Server stand-alone server or the computer
running Windows 2000
User that are granted the Create Permanent Shared Objects user right can also create shares
on the computer where the right is assigned.
NOTE: If the folder to be shared resides on an NTFS volume, users must also have at least the
Read permission for that folder.
Administrative Shared Folders
Windows 2000 automatically shared folders for administrative purposes. These shares are appended
with a dollar sign ($). The $ hides the shared folder from users who browse the computer. The root
of each volume, the system root folder, and the location of the printer drivers are all hidden shared
folders that you can gain access to across the network.
*** See the table on page 198 ***
Hidden shared folders are not limited to those that the system automatically creates. You can share
additional folders and append a $ to the share name.
Sharing a Folder
You can give it a share name, provide comments to describe the folder and its contents, limit the number
of users who have access to the folder, assign permissions, and share the same folder multiple times.
To share a folder, right-click the folder you want to share and then click Properties.
** See the table on page 199 ***
net^share^datafile=d:\folder name
After you share a folder, the next step is to specify which users have access to the shared folder. You
can assign permissions by clicking the Permission button on the Sharing tab of the shared folder’s
Properties dialog box.
Modifying Shared Folders
You can modify the properties of a shared folder.
*** See the table on
page 200 ***
======================================================================
winser3.html PAGE
33 2001/01/12
NOTE: If you stop sharing a folder while a user has a file open, the user might lose data. If you click
the Do Not Share This Folder option and the user has a connection to the shared folder, Windows
2000 displays a dialog box notifying you that a user has a connection to the shared folder.
NTFS Permissions
NTFS Permissions are a set of standard permissions that allow or deny access for each user or group.
They provide security for resources by allowing administrators and users to control who can gain
access to individual files and folders and to specify the kind of access users can gain.
NTFS folder permissions. Use these permissions to secure access to individual folders on NTFS
ormatted volumes.
NTFS file permissions. Use these permissions to secure access to individual files on NTFS
formatted volumes.
NTFS Full Control Permission
The Full Control permission grants all permissions to access a resource. It is assigned as follows
by default:
assigned the Full Control permission.
at the root of the drive.
to the Everyone group on all resources on that volume
Multiple File Permissions
Permissions to files and folders can be assigned to users and groups. Users can have multiple
permissions assigned to them. A user’s effective permissions are the combination of NTFS
permissions assigned to the individual user and the NTFS permissions assigned to all the groups
the user belongs to.
NTFS file permissions take priority over NTFS folder permissions. For example, is a user is
assigned Write to a folder, and Modify permission to the file, the user can both write to and
modify the file.
======================================================================
winser3.html PAGE
34 2001/01/12
Denying a permission for a user or group blocks that permission from the user, even if the
permission has been granted to a
group and the user belongs to. The user will be able to
read and modify the file, but will not be able
to delete it.
Permission Inheritance
There are rules associated with the priority of file and folder permissions as you move down a
directory tree from the parent folder to the subfolder and files. By default, permissions assigned
to the parent folder are inherited and propagate to subfolders and files contained within the
parent folder.
A file or folder can be prevented from inheriting permissions from the parent folder, and
permissions can be assigned explicitly to the file or folder.
Guidelines for Assigning NTFS Permissions:
Administrators and the owner of a file or folder control which users and groups have permissions
to the file or folder and what the permissions are.
To simplify administration, group resources into application, data and home folders. Doing so
provides three benefits:
separate from applications and the operating system to streamline backing up data and
administration.
for everyone group. Assign Read & Execute to the Users and Administrator group.
group, and FC to Creator Owner.
and own.
======================================================================
winser3.html PAGE
35 2001/01/12
Configuring NTFS Permissions
The owners of files and folders can assign permissions to user accounts and groups.
** See the chart on
page 204 **
Assigning Special Access Permissions
The standard NTFS permissions provide all the permissions necessary to secure data.
NOTE: When special access permissions are assigned to a user or group, the permissions are
indicated as Special on the Access Control Settings dialog box.
There are 13 special access permissions that, when combined constitute the standard NTFS
permissions, such as Read & Execute, Modify and FC.
Assigning special access permissions to folders and files requires three tasks:
Changing Permissions
File and folder owners and other users with Full Control permissions can assign or change
permissions. You can grant network administrators the ability to change permissions on a file
or folder without giving them Full Control over the file or folder. To give network administrators
the ability to change permissions, grant the Change Permissions special access permission on the
file or folder to the network administrators’ group account.
Transferring Ownership
In addition to changing permissions, ownership can be transferred. There are several ways to
transfer ownership:
special access permission.
administrative control. When assigned to a volume or folder, special access
permissions are initially applied only where specified in the Apply Onto drop-down menu.
To transfer or take ownership of a file or folder, click the Owner tab in the Access Control
Settings dialog box.
======================================================================
winser3.html PAGE
36 2001/01/12
Setting Special Access Permissions
Click Advanced on the Security tab. Click View/Edit to modify the special access rights of an
existing user or group.
*** See the chart on page 206 and 207 ***
Copying and Moving files and folders
NTFS allows you to copy and move files and folders.
Copying Files and folders
To copy files and folders within or between NTFS volumes, a user must have been granted Create
files/Write Data and Create folders/Append Data permissions for the destination folder. The user
who performs the copy will become the owner of the new file or folder.
When files or folders are copied, permissions will be inherited or lost, depending on where the file
or folder is copied to:
When a folder or file is moved within an NTFS partition, the folder or file retains its permissions.
When a folder or file is copied within or between NTFS partitions, or moved to another partition,
the folder or file inherits the permissions of the destination folder.
When folders or files are copied to FAT16 or FAT32 volumes, the folders and files lose their
NTFS permissions because FAT16 and FAT32 volumes do not support NTFS permissions.
Moving files and Folders
To move files and folders between NTFS partitions requires the Add permission for the destination
folder or file and the Delete permission for the source folder or file.
======================================================================
winser3.html PAGE
37 2001/01/12
Moving folders or files within a between NTFS volumes can affect the original permissions.
** See the tables on
page 208 ***
When folders or files are moved to FAT16 or FAT32 volumes, the folders and files lose their
NTFS permissions because FAT16 or FAT32 volumes do not support NTFS permissions.
Lesson Summary:
the files it contains.
subfolders and files contained within the parent folder.