Chapter 17 - File Systems
Microsoft® Windows® 2000 supports four types of file systems on readable/writable disks: the NTFS file system and three file allocation table (FAT) file systems: FAT12, FAT16 and FAT32. Windows 2000 also supports two types of file systems on CD-ROM and digital video disk (DVD) media: Compact Disc File System (CDFS) and Universal Disk Format (UDF). The structures of the volumes formatted by each of these file systems, as well as the way each file system organizes data on the disk, are significantly different. The capabilities and limitations of these file systems must be reviewed to determine their comparative features.
Related Information in the Resource Kit
| • | For more information about disks, see "Disk Concepts and Troubleshooting" in this book. |
| • | For more information about disk storage, see "Removable Storage and Backup" in this book. |
| • | For more information about system recovery, see "Troubleshooting Tools and Strategies" in this book. |
Quick Guide to File Systems
Understanding the differences between file systems is important to configuring a system that best meets the needs of your organization. Use this Quick Guide to find information about the file systems available to users of Windows 2000 and how to implement the new features that are included with NTFS.
Understand the file systems and new file system features in Windows 2000.
Review the new features included with NTFS and the advantages of FAT32 support. Also, compare file systems details and compatibility issues.
| • | See "Overview of Windows 2000 File System" in this chapter. |
Choose a file system.
Determine which file system or file systems provide the maximum benefit for your organization. Compare the relative advantages and disadvantages of each file system supported by Windows 2000, and the features that each offers.
| • | See "File System Comparisons" in this chapter. |
Understand the FAT file system.
FAT32 offers enhanced features over FAT16. Review detailed information about these file systems, including the structure of FAT volumes, to determine whether they meet your needs.
| • | See "FAT" in this chapter. |
Understand the NTFS file system.
The version of NTFS included with Windows 2000 offers several enhancements over previous versions of NTFS, as well as features not available with FAT. Review detailed information about NTFS, including the structure of NTFS volumes, to determine whether this file system best meets your needs.
| • | See "NTFS" in this chapter. |
Understand the Compact Disc File System (CDFS).
Review the requirements for formatting CD-ROMs for use with Windows 2000.
| • | See "Compact Disc File System" in this chapter. |
Understand the Universal Disk Format (UDF).
UDF is supported in Windows 2000 for use with removable disk media. If you are using removable media for data storage, review the details about UDF to determine whether it meets your needs.
| • | See "Universal Disk Format" in this chapter. |
Review how Windows 2000 treats long and short file names.
Windows 2000 creates short (8.3) file names to provide MS-DOS compatibility. Review how these short file names are created and how to view the short file names created for files.
| • | See "Using Long File Names" in this chapter. |
Use file system tools to manage files and folders on NTFS volumes.
Use the command-line tools included with Windows 2000 and the Microsoft® Windows® 2000 Resource Kit to manage files and folders; edit access control lists (ACLs); compress and uncompress files and folders; convert FAT volumes to NTFS; review disk space usage; and mount local volumes onto other volumes.
| • | See "File System Tools" in this chapter. |
Overview of Windows 2000 File Systems
The file system you use with Windows 2000 determines which of the operating system's advanced features are available to you. To use a Windows 2000-based computer to startup in Microsoft® MS-DOS®, Microsoft® Windows® 3.x, or Microsoft® Windows® 95, use FAT16. For a multiple-boot configuration with Microsoft® Windows® 95 OSR2 or Microsoft® Windows® 98 using very large volumes, you might want to use FAT32. If you are concerned with disk security, performance, and efficiency, you might choose NTFS.
What's New
The version of NTFS that is included with Windows 2000 provides significant enhancements over previous versions. Windows 2000 also includes support for the FAT32 file system.
FAT32 support Users of MS-DOS and Microsoft® Windows NT® version 4.0 and earlier must note that FAT32 is a new option in Windows 2000. This file system, first seen in Windows 95 OSR2 and later in Windows 98, allows FAT users to format much larger volumes than possible with FAT16, and stores files more efficiently on large volumes.
Note FAT12, FAT16 and FAT32 are referred to synonymously as FAT unless the differences between them must be noted.
NTFS enhancements Users of MS-DOS, Windows 95, and Windows 98 have a new, more advanced option with NTFS. NTFS, the preferred native file system for Windows 2000, is a much more sophisticated, robust, and secure file system than any of the FAT file systems. Users of Windows NT must also note the many improvements made to NTFS in Windows 2000, including the addition of encryption, disk quotas, reparse points, and so on.
Encryption The Encrypting File System (EFS) provides the core file encryption technology used to store encrypted files on NTFS volumes. EFS keeps files safe from intruders who might gain unauthorized physical access to sensitive, stored data (for example, by stealing a portable computer or external disk drive).
Disk quotas Windows 2000 supports disk quotas for NTFS volumes. You can use disk quotas to monitor and limit disk-space use.
Reparse points Reparse points are new file system objects in NTFS that can be applied to NTFS files or folders. A file or folder that contains a reparse point acquires additional behavior not present in the underlying file system. Reparse points are used by many of the new storage features in Windows 2000, including volume mount points.
Volume mount points Volume mount points are new to NTFS. Based on reparse points, volume mount points allow administrators to graft access to the root of one local volume onto the folder structure of another local volume.
Sparse files Sparse files allow programs to create very large files but consume disk space only as needed.
Distributed link tracking NTFS provides a link-tracking service that maintains the integrity of shortcuts to files as well as OLE links within compound documents.
File System Details
An operating system's ability to access files on a volume depends on the file system with which the volume was formatted. Table 17.1 shows the file system formats supported by various operating systems.
Table 17.1 Operating System and File System Compatibility
| Operating System | File System Format |
Windows 2000 | NTFS |
Microsoft® Windows NT® version 4.0 | NTFS |
Windows 95 OEM Service Release 2 (OSR2) and Windows 98 | FAT16 |
Windows 95 (prior to version OSR2) | FAT16 |
MS-DOS | FAT16 |
You can use long and short file names in both NTFS and FAT volumes. A long file name (LFN) can be up to 255 characters long. Short file names have the 8.3 format and are compatible with MS-DOS and other legacy operating systems.
Note 8.3 format means that files can have between 1 and 8 characters in the file name. The name must start with a letter or a number and can contain any characters except the following:
. " / \ [ ] : ; | = , * ? (space)
An 8.3 file name typically has a file name extension between one and three characters long with the same character restrictions. A period separates the file name from the file name extension.
Several special file names are reserved by the system and cannot be used for files or folders:
CON, AUX, COM1, COM2, COM3, COM4, LPT1, LPT2, LPT3, PRN, NUL
File System Comparisons
You can use FAT16, FAT32, NTFS, or a combination of file systems on a single computer, but each volume can have only one file system installed. When choosing which file system to use, you need to determine the following:
| • | How the computer is used (dedicated to Windows 2000 or multiple-boot). |
| • | The number and size of locally installed hard disks. |
| • | Security considerations. |
| • | Interest in using advanced file system features. |
Important It is recommended that you format all Windows 2000 volumes with NTFS except on computers with certain multiple-boot configurations. For more information about NTFS, see "NTFS File System" later in this chapter.
Certain file systems have limitations regarding the minimum and maximum size of volumes that they can format. Additionally, the cluster size of each file system, which depends on the size of the volume and the maximum number of clusters the file system can manage, can affect the choice of file systems.
Table 17.2 provides a comparison of FAT16, FAT32, and NTFS volume and cluster sizes.
Table 17.2 Default Cluster Sizes for Volumes with Windows 2000 File Systems
| Volume size | FAT16 cluster size | FAT32 cluster size | NTFS cluster size |
7 MB–16 MB | 2 KB | Not supported | 512 bytes |
17 MB–32 MB | 512 bytes | Not supported | 512 bytes |
33 MB–64 MB | 1 KB | 512 bytes | 512 bytes |
65 MB–128 MB | 2 KB | 1 KB | 512 bytes |
129 MB–256 MB | 4 KB | 2 KB | 512 bytes |
257 MB–512 MB | 8 KB | 4 KB | 512 bytes |
513 MB–1,024 MB | 16 KB | 4 KB | 1 KB |
1,025 MB–2 GB | 32 KB | 4 KB | 2 KB |
2 GB–4 GB | 64 KB | 4 KB | 4 KB |
4 GB–8 GB | Not supported | 4 KB | 4 KB |
8 GB–16 GB | Not supported | 8 KB | 4 KB |
16 GB–32 GB | Not supported | 16 KB | 4 KB |
32 GB–2 TB | Not supported | Not supported | 4 KB |
The following are some file system size limitations that should also be considered:
| • | FAT volumes smaller than 16 megabytes (MB) are formatted as FAT12. |
| • | FAT16 volumes larger than 2 gigabytes (GB) are not accessible from computers running MS-DOS, Windows 95, Windows 98, and many other operating systems. |
| • | While FAT32 volumes can theoretically be as large as 2 terabytes, Windows 2000 limits the maximum size FAT32 volume that it can format to 32 GB. However, Windows 2000 can read and write to larger FAT32 volumes formatted by other operating systems. |
| • | The implementation of FAT32 in Windows 2000 limits the maximum number of clusters on a FAT32 volume that can be mounted by Windows 2000 to 4,177,918. This is the maximum number of clusters on a FAT32 volume that can be formatted by Windows 98. |
| • | NTFS volumes can theoretically be as large as 16 exabytes (EB), but the practical limit is 2 terabytes. |
| • | The user can specify the cluster size when an NTFS volume is formatted. However, NTFS compression is not supported for cluster sizes larger than 4 kilobytes (KB). |
Note Clusters are also known as allocation units.
Comparing FAT File Systems
The numerals in the names FAT12, FAT16, and FAT32 refer to the number of bits required for a file allocation table entry.
| • | FAT12 uses a 12-bit file allocation table entry (212 clusters). |
| • | FAT16 uses a 16-bit file allocation table entry (216 clusters). |
| • | FAT32 uses a 32-bit file allocation table entry. However, Windows 2000 reserves the first 4 bits of a FAT32 file allocation table entry, which means FAT32 has a theoretical maximum of 228 clusters. |
Note FAT12 is only used on floppy disks and on very small volumes in Windows 2000.
There are additional relative advantages and disadvantages between FAT16 and FAT32.
Advantages of FAT16
Advantages of FAT16 include:
| • | MS-DOS, Windows 95, Windows 98, Windows NT, Windows 2000, and some UNIX operating systems can use FAT16. |
| • | There are many software tools that can address problems and recover data on FAT16 volumes. |
| • | If you have a startup failure, you can start the computer by using an MS-DOS bootable floppy disk to troubleshoot the problem. |
| • | FAT16 is efficient, in speed and storage, on volumes smaller than 256 MB. |
Disadvantages of FAT16
Disadvantages of FAT16 include:
| • | The root folder can manage a maximum of 512 entries. The use of long file names (LFNs) can significantly reduce the number of available entries. |
| • | FAT16 is limited to 65,536 clusters, but because certain clusters are reserved, it has a practical limit of 65,524. The largest FAT16 volume on Windows 2000 is limited to 4 GB and uses a cluster size of 64 KB. To maintain compatibility with MS-DOS, Windows 95, and Windows 98, a volume cannot be larger than 2 GB. |
| • | FAT16 is inefficient on larger volume sizes, as the size of the cluster increases. The space allocated for storing a file is based on the size of the cluster allocation granularity, not the file size. For example, a 10-KB file stored on a 1.2-GB volume, which uses a 32-KB cluster, wastes 22 KB of disk space. |
| • | The boot sector is not backed up. |
| • | There is no built-in file system security or compression scheme with FAT16. |
Advantages of FAT32
FAT32 has the following enhancements:
| • | The root folder on a FAT32 drive is an ordinary cluster chain and can be located anywhere on the volume. For this reason, FAT32 does not restrict the number of entries in the root folder. |
| • | FAT32 uses smaller clusters (4 KB for volumes up to 8 GB), so it allocates disk space more efficiently than FAT16. Depending on the size of your files, FAT32 creates the potential for tens and even hundreds of megabytes of additional free disk space on larger volumes compared to FAT16. |
| • | FAT32 can automatically use the backup copy of the file allocation table instead of the default copy (with FAT16, only a disk repair tool such as Chkdsk can implement the backup). |
| • | The boot sector is automatically backed up at a specified location on the volume, so FAT32 volumes are less susceptible to single points of failure than FAT16 volumes. |
Disadvantages of FAT32
Disadvantages of FAT32 include:
| • | The largest FAT32 volume that Windows 2000 can format is 32 GB. |
| • | FAT32 volumes are not directly accessible from operating systems other than Windows 95 OSR2 and Windows 98. |
| • | If you have a startup failure, you cannot start the computer by using an MS-DOS or Windows 95 (excluding version OSR2 and later) bootable floppy disk. |
| • | There is no built-in file system security or compression scheme with FAT32. |
NTFS File System
The version of NTFS included with Windows 2000 can take advantage of many advanced features not available by using other file systems. As such, using NTFS wherever possible is recommended to gain the maximum benefits from Windows 2000.
Advantages of NTFS
Formatting Windows 2000 volumes with NTFS instead of FAT allows you to use advanced features that are available only on NTFS, including the following:
| • | NTFS is a recoverable file system. A user seldom needs to run a disk repair program on an NTFS volume. NTFS guarantees the consistency of the volume by using standard transaction logging and recovery techniques. In the event of a system failure, NTFS uses its log file and checkpoint information to automatically restore the consistency of the file system. |
| • | NTFS supports compression on volumes, folders, and files. Files that are compressed on an NTFS volume can be read and written by any Windows-based application without first being decompressed by another program; decompression happens automatically during the file read. The file is compressed again when it is closed or saved. |
| • | NTFS supports all Windows 2000 file system features. |
| • | NTFS does not restrict the number of entries in the root folder. |
| • | Windows 2000 can format volumes up to 2 terabytes with NTFS. |
| • | NTFS manages disk space more efficiently than FAT, using smaller clusters (4 KB for volumes up to 2 terabytes). |
| • | The boot sector is backed up to a sector at the end of the volume. |
| • | NTFS minimizes the number of disk accesses required to find a file. |
| • | On NTFS volumes, you can set permissions on shares, folders, and files that specify which groups and users have access, and what level of access is permitted. NTFS file and folder permissions apply to users working on the local computer and to users accessing the file over the network from a shared folder. You can also set share permissions that operate on network shares in combination with file and folder permissions. |
| • | NTFS supports a native encryption system, EFS, that uses symmetric key encryption in conjunction with public key technology to prevent unauthorized access to file contents. |
| • | Reparse points enable new features such as volume mount points. |
| • | Disk quotas can be set to limit the amount of space users can consume. |
| • | NTFS uses a change journal to track changes made to files. |
| • | NTFS supports distributed link tracking to maintain the integrity of shortcuts and OLE links. |
| • | NTFS supports sparse files so that very large files can be written to disk while requiring only a small amount of storage space. |
Disadvantages of NTFS
While NTFS is recommended for most Windows 2000 users, it is not appropriate in all circumstances. Disadvantages of NTFS include:
| • | NTFS volumes are not accessible from MS-DOS, Windows 95, or Windows 98. The advanced features of the version of NTFS included with Windows 2000 are not available in Windows NT. |
| • | For very small volumes that contain mostly small files, the overhead of managing NTFS can cause a slight performance drop in comparison to FAT. |
A former disadvantage of NTFS was accessing the NTFS-formatted system volume when corrupted or deleted system files prevented the computer from starting. In the past, it was a common requirement that Windows NT be installed to a second, separate folder to access the NTFS system volume of the first installation.
Windows 2000 resolves this problem by offering a pair of new troubleshooting tools. The first tool, known as Safe Mode, allows Windows 2000 to be started with only the basic set of device drivers and system services loaded. Safe Mode allows a system that cannot start, due to system corruption or the installation of incompatible drivers or system services, to bypass those blocking issues, enabling the local administrator to resolve the problem.
If the damage to the operating system files is severe enough that the computer cannot start even in Safe Mode, you can start the computer from either the Windows 2000 operating system CD or Setup floppy disks by using the Recovery Console. The Recovery Console is a special command-line environment that enables the administrator to copy system files from the operating system CD, fix disk errors, and otherwise troubleshoot system problems without installing a second copy of the operating system. For more information about Safe Mode and the Recovery Console, see "Troubleshooting Tools and Strategies" in this book.
Formatting the System Volume in Multiple-Boot Configurations
If you want to start another operating system, such as Windows 95, Windows 98, Microsoft® Windows® for Workgroups, or MS-DOS, use FAT16 for your system volume and the boot volumes for the other operating systems. You can use NTFS for the Windows 2000 boot volume and other volumes on the computer, if those volumes cannot be accessed by an operating system other than Windows 2000.
Performance
For small volumes, FAT16 or FAT32 might provide nominally faster access to files than NTFS because:
| • | The FAT structure is simpler. |
| • | The FAT folder size is smaller for an equal number of files. |
| • | FAT has no controls regulating whether a user can access a file or a folder; therefore, the system does not have to check that a user has access permissions to a file or folder. This advantage is minimal, however, because Windows 2000 still must determine whether the file is read-only, or whether the file is on a FAT or NTFS volume. |
NTFS minimizes the number of disk accesses and time needed to find a file. In addition, if a folder is small enough to fit in the Master File Table (MFT) record, NTFS reads the entire folder when it reads its MFT record.
A FAT folder entry contains an index of the file allocation table, which identifies the cluster number for the first cluster of the folder. To view a file, FAT has to search the folder structure.
For operations performed on large folders containing both long and short file names, the speed of a FAT operation depends on the operation itself and the size of the folder. If FAT searches for a file that does not exist, it needs to search the entire folder— an operation that takes longer on a FAT structure than on the structure used by NTFS.
Several factors affect the speed with which Windows 2000 reads or writes a file:
| • | If a file is badly fragmented, NTFS usually requires fewer disk accesses than FAT to find all of the fragments. |
| • | For both file systems, the default cluster size depends on the volume size, and is always a power of 2. FAT16 addresses are 16 bits, FAT32 addresses are 32 bits, and NTFS addresses are 64 bits. |
| • | The default cluster size for a FAT16 volume is always larger than the default cluster size for either a FAT32 or an NTFS volume of the same size. The larger cluster size for a FAT16 volume, however, means that there might be less fragmentation in files on a FAT16 volume. |
| • | With NTFS, the MFT record can entirely contain small files; FAT contains pointers to files. The file size that fits within the MFT record depends on the cluster size and the number of attributes for the file. |
Maximum Size Limitations
On very large disks, the maximum size of a volume or file and the maximum number of files per volume depend on the file system used to format the volume.
Note Windows 2000 can combine noncontiguous disk areas when creating volume sets and stripe sets, but these volumes have the same maximum size limitations of a single volume.
Maximum Sizes on FAT16 Volumes
FAT16 can support a maximum of 65,524 clusters per volume. Table 17.3 lists FAT16 size limits.
Important For Windows NT and Windows 2000, the cluster size of FAT16 volumes from 2 GB through 4 GB is 64 KB, which can create compatibility issues with some applications. For example, setup programs do not compute volume free space properly on a volume with 64 KB clusters and cannot run because of a perceived lack of free space. For this reason, either NTFS or FAT32 must be used on volumes larger than 2 GB. The Format tool in Windows 2000 displays a warning and asks for a confirmation before formatting a volume with 64 KB clusters.
Table 17.3 FAT16 Size Limits
| Description | Limit |
Ma |
|
Maximum file size | 232 minus 1 bytes |
Maximum volume size | 4 GB |
Files per volume | 216 |
Maximum Sizes on FAT32 Volumes
A FAT32 volume must have a minimum of 65,527 clusters. The maximum number of clusters that Windows 2000 can mount on a FAT32 volume is 4,177,918. Windows 2000 can format volumes up to 32 GB, but it can use larger volumes created by other operating systems. Table 17.4 lists FAT32 size limits.
Table 17.4 FAT32 Size Limits
| Description | Limit |
Ma |
|
Maximum file size | 232 minus 1 bytes |
Maximum volume size | 32 GB (This is due to the Windows 2000 Format tool. The maximum volume size that Windows 98 can create is 127.53 GB). |
Files per volume | Approximately 222 |
Maximum Sizes on NTFS Volumes
In theory, the maximum NTFS volume size is 264 clusters. However, there are limitations to the maximum size of a volume, such as volume tables. By industry standards, volume tables are limited to 232 sectors.
Sector size, another limitation, is typically 512 bytes. While sector sizes might increase in the future, the current size puts a limit on a single volume of 2 terabytes (232 * 512 bytes, or 241 bytes). For now, 2 terabytes is considered the practical limit for both physical and logical volumes using NTFS.
Table 17.5 lists NTFS size limits.
Table 17.5 NTFS Size Limits
| Description | Limit |
Ma |
|
Maximum file size | 2(64) - 1 KB (Theoretical) |
Maximum volume size | 2(64) clusters (Theoretical) |
Files per volume | 2(32) - 1 |
Controlling Access to Files and Folders
On NTFS volumes you can set access permissions on files and folders that specify which groups and users have access, and what level of access is permitted. NTFS file and folder permissions apply to users on the local computer and to users accessing the file over the network. With NTFS you can also set share permissions, which operate on shared folders in combination with file and folder permissions. File attributes (read-only, hidden, and system) also limit file access.
File and Folder Permissions
The version of NTFS included with Windows 2000 provides for inheritable permissions. In the Properties dialog box, on the Security tab, you can set the option Allow inheritable permissions from parent to propagate to this file object. This option is enabled by default. This feature reduces the time and input/output (I/O) work required to change the permissions of many files and subfolders. For example, suppose a user wants to change the permissions on a tree consisting of several thousand files. If the folders and subfolders inherit permissions, the user only needs to set permissions for the top-level folder.
Figure 17.1 shows the permissions listed on the Security tab of the Properties dialog box of a DOC file.
Figure 17.1 Permissions Dialog Box
Figure 17.2 shows the Permissions listed when you click Advanced on the Security tab of the Properties dialog box.
Figure 17.2 Advanced Permissions Dialog Box
Important To preserve permissions when you copy or move files between NTFS folders, use the Robocopy tool on the Windows 2000 Resource Kit companion CD.
You can back up and restore data on FAT and NTFS volumes. However, if you back up data from an NTFS volume and then restore it to a FAT volume, you lose security settings and other file information specific to NTFS.
Although NTFS provides access controls to individual files and folders, users can perform certain actions even if permissions are set on a file or folder to prevent access. For example, you have a folder (MyFolder) containing a file (File1), and you grant Full Control to a user for the folder MyFolder. If you specify that the user has No Access to File1, the user can still delete File1 because the Full Control rights in the folder allow the user to delete the contents of the folder.
To prevent files from being deleted, you must set permissions on the file itself, and you must set permissions for the folder containing the file that won't supercede the file's permissions. In the Properties dialog box, use the Security tab to deny Full Control, but to allow Modify, Read & Execute, Read, and Write permissions in place.
Anyone who has List, Read, or greater permissions in a folder can view file properties on any file in the folder, even if file permissions prevent them from seeing the contents of the file.
Share Permissions
FAT16 and FAT32 allow you to set limited file attributes but you cannot set permissions on individual files and folders. The only security available is the permissions that are set on the entire share, that affect all files and folders on that share, and that only functions over the network. After a folder is shared, you can protect the shared folder by specifying one set of share permissions for all files and subfolders of the shared folder. Share permissions are set in much the same way file and folder permissions are set in NTFS. But because share permissions apply globally to all files and folders in the share, they are significantly less versatile than the file and folder permissions used for NTFS volumes. Share permissions have no effect on users accessing the contents of a shared folder when the shared folder is on a locally-installed disk.
Share permissions apply equally to NTFS and FAT volumes. They are enforced by Windows 2000, not by the file system. However, when you move or copy a file from an NTFS to a FAT volume, permissions and other NTFS attributes are lost.
POSIX Compliance
NTFS provides Portable Operating System Interface for UNIX (POSIX) compliance, which permits UNIX programs to be ported to Windows 2000. Windows 2000 is fully compliant with the Institute of Electrical and Electronic Engineers (IEEE) standard 1003.1, which is a standard for file naming and identification.
The following POSIX-compliant features are included in NTFS:
| • | Case-sensitive naming. For example, POSIX interprets README.TXT, Readme.txt, and readme.txt as separate files. |
| • | Hard links. A file can have more than one name. This allows two different file names, which can be in different folders, to point to the same data. |
| • | Additional time stamps. These show when the file was last accessed or modified. |
Caution You must use POSIX-based programs to manage file names that differ only in case. You cannot use standard Windows 2000 command-line tools (such as copy, del, and move, or their equivalents in Windows Explorer) to manage file names that differ only in case. For example, if you type del MyDoc.Doc at the command prompt, both mydoc.doc and MyDoc.Doc are deleted.
FAT
The FAT file system locates the file allocation table near the beginning of the volume. FAT16 was designed for small disks and simple folder structures. FAT32 allowed users to create large volumes on large disks. Two copies of the file allocation table are stored on the volume. In the event that one copy of the file allocation table is corrupted, the other is used. The file allocation table is stored in a byte offset specified in the FAT boot sector's BIOS Parameter Block (BPB) so that the files needed to start the system can be located.
Note FAT32 can automatically implement the backup file allocation table if the primary file allocation table is damaged. FAT16 volumes require that a disk repair tool, such as Chkdsk, be used to implement the backup file allocation table.
FAT16 File System
FAT16 is included in Windows 2000 for the following reasons:
| • | It provides backward compatibility in the form of an upgrade path for earlier versions of Windows-compatible products. |
| • | It is compatible with most other operating systems. |
FAT16 is not recommended for volumes larger than 511 MB; when relatively small files are placed on a FAT16 volume, FAT16 manages disk space inefficiently. You cannot use FAT16 on volumes larger than 4 gigabytes (GB).
Note On volumes with fewer than 32,680 sectors, the cluster sizes can be up to 8 sectors per cluster. In this circumstance, the format program creates a 12-bit FAT. Volumes less than 16 MB are usually formatted for a 12-bit FAT, but the exact size depends on the disk geometry. The disk geometry also determines when a larger cluster size is needed because the number of clusters on the volume must fit into the number of bits used by the file system managing the volume. Therefore, you might have a 33-MB volume that has only 1 sector per cluster.
FAT12 is the original implementation of FAT and is intended for very small media. The file allocation table for FAT12 is smaller than the file allocation table for FAT16 and FAT32, because it uses less space for each entry, leaving more space for data. All 1.44-MB 3.5-inch floppy disks are formatted with FAT12.
Figure 17.3 illustrates how FAT16 maps clusters on a volume. The file allocation tables (labeled FAT1 and FAT2 in Figure 17.3) identify each cluster in the volume as one of the following:
| • | Unused |
| • | Cluster in use by a file |
| • | Bad cluster |
| • | Last cluster in a file
Figure 17.3 Organization of a FAT16 Volume |
The root folder exists at a specified location and has the maximum number of available entries fixed at 512. The maximum number of entries on a floppy disk depends on the size of the disk.
Note Each folder and 8.3 file name in the root folder counts as an entry. For example, since the maximum number of entries is fixed at 512, if you have 100 folders in the root folder, you can only create 412 more files or folders in the root folder. If those folders or files use names longer than the 8.3 format, fewer files and folders can be created.
Folders contain a 32-byte entry for each file and folder they contain. The entry includes the following information:
| • | Name in 8.3 format (11 bytes) |
| • | Attribute (1 byte, described later in this section) |
| • | Create time (3 bytes) |
| • | Create date (2 bytes) |
| • | Last access date (2 bytes) |
| • | Last modified time (2 bytes) |
| • | Last modified date (2 bytes) |
| • | Starting cluster number in the file allocation table (2 bytes) |
| • | File size (4 bytes) Note Three bytes in each entry are held in reserve. |
In the file allocation table of a FAT16 volume, files are given the first available location on the volume. The starting cluster number is the address of the first cluster used by the file. Each cluster contains a pointer to the next cluster in the file, or an end-of-file indicator at (0xFFFF) which indicates that this cluster is the end of the file. These pointers and end-of-file indicators are shown in Figure 17.4.
Figure 17.4 Files on a FAT Volume
Figure 17.4 shows three files in a folder. File1.txt uses three clusters. File2.txt is a fragmented file that requires three clusters. File3.txt fits in one cluster. In each case, the file allocation table entry points to the first cluster of the file.
The information in the folder is used by all operating systems that support FAT. Windows 2000 can store additional timestamps in a FAT folder entry. These timestamps show when the file was created or last accessed.
Because all entries in a folder are the same size, the attribute byte for each entry in a folder describes what kind of entry it is. For example, one bit indicates that the entry is for a subfolder and another bit marks the entry as a volume. Typically, the operating system controls the settings of these bits.
The attribute byte includes four bits that can be turned on or off by the user — archive, system, hidden, and read-only.
FAT32 File System
Support for FAT32 is new in Windows 2000. The FAT32 on-disk format and features on Windows 2000 are similar to those on Windows 95 OSR2 and Windows 98.
The size of a FAT32 cluster is determined by the system and can range in size from 1 sector (512 bytes) to 128 sectors (64 KB), incremented in powers of 2.
Note The use of 64 KB clusters in FAT32 can lead to compatibility problems with certain programs. The maximum recommended size cluster for a FAT32 volume is 32 KB.
Since FAT32 requires 4 bytes to store cluster values, many internal and on-disk data structures have been revised or expanded. Most programs are unaffected by these changes; however, disk tools which read the on-disk format must be updated to support FAT32.
The most significant difference between FAT16 and FAT32 is the maximum number of clusters supported, which in turn affects a volume's maximum size and storage efficiency. FAT32 breaks the 4-GB volume limitation of FAT16 by extending the maximum number of clusters to over 4 million. FAT32, as implemented in Windows 2000, can mount a volume as large as 127 GB. Due to the greater number of available clusters within FAT32, each cluster can be made smaller for a particular volume, making data storage more efficient. If you have a FAT16 volume between 2 and 4 GB in size, a 64-KB cluster is used; with FAT32, volumes ranging in size between 256 MB and 8 GB use a 4-KB cluster.
The largest possible file for a FAT32 volume is 4 GB minus 2 bytes. FAT32 contains 4 bytes per cluster in the file allocation table; FAT16 contains 2 bytes per cluster; and FAT12 contains 1.5 bytes per cluster. A FAT32 volume must have at least 65,527 clusters, but no more than 4,177,918 clusters.
In Windows 2000, you cannot format FAT32 volumes greater than 32 GB. Use NTFS to format larger volumes. For more information about why it is recommended that you format all Windows 2000 volumes with NTFS, see "NTFS File System" earlier in this chapter.
Note The Windows 2000 Fastfat driver enables you to mount and fully support a FAT32 volume larger than 32 GB that was created by another operating system.
File Names on FAT Volumes
Files created or renamed on FAT volumes use attribute bits to support LFNs in a way that does not interfere with how MS-DOS gains access to the volume.
Whenever you create a file with an LFN, Windows 2000 creates a conventional 8.3 name for the file and one or more secondary folder entries for the file, one for each set of 13 characters in the LFN. Each secondary folder entry stores a corresponding part of the LFN in Unicode. MS-DOS accesses the file by using the conventional 8.3 file name contained in the folder entry for the file.
Windows 2000 marks the secondary folder entries as part of an LFN by setting the volume ID, read-only, system, and hidden attribute bits. MS-DOS generally ignores folder entries with all these attribute bits set, so these entries are invisible to it.
Figure 17.5 shows all of the folder entries for the file Thequi~1.fox, which has a long name of The quick brown.fox. The long name is in Unicode, so each character in the name uses 2 bytes in the folder entry. The attribute field for the long-name entries has the value 0x0F. The attribute field for the short name has the value 0x20.
Figure 17.5 LFN on a FAT VolumeNote
Windows NT and Windows 2000 do not use the same algorithm to create long and short file names as Windows 95 and Windows 98. However, on computers that use a multiple-boot process to start these operating systems, files that you create when running one operating system can be accessed when running another.
For more information about how Windows 2000 creates short file names, see "Using Long File Names" later in this chapter.
By default, Windows 2000 supports LFNs on FAT volumes. You can prevent a FAT file system from creating LFNs by setting the value of the Win31FileSystem registry entry (in subkey HKEY_LOCAL_MACHINE \System \CurrentControlSet \Control \FileSystem) to 1. This value prevents Windows 2000 from creating new LFNs on all FAT volumes, but it does not affect existing LFNs.
Warning Do not use a registry editor to edit the registry directly unless you have no alternative. The registry editors bypass the standard safeguards provided by administrative tools. These safeguards prevent you from entering conflicting settings or settings that are likely to degrade performance or damage your system. Editing the registry directly can have serious, unexpected consequences that can prevent the system from starting and require that you reinstall Windows 2000. To configure or customize Windows 2000, use the programs in Control Panel or Microsoft Management Console (MMC) whenever possible.
Using FAT with Windows 2000
FAT16 works the same in Windows 2000 as it does in MS-DOS, Windows 3.x, Windows 95, and Windows 98. FAT32 works the same in Windows 2000 as it does in Windows 95 OSR2 and Windows 98. You can install Windows 2000 on an existing FAT primary volume or logical volume. When running Windows 2000, you can move or copy files between FAT and NTFS volumes.
Note If you copy a file from an NTFS volume to a FAT volume, any NTFS-specific properties associated with that file, such as permissions, compression, encryption, and sparse file support, are permanently lost.
You cannot use Windows 2000 with any compression or partitioning software that requires disk drivers to be loaded by MS-DOS, Windows 95, or Windows 98. Therefore, you cannot use DoubleSpace®, DriveSpace®, or DriveSpace® 3 on a FAT16 primary volume or logical volume that you want to access when running Windows 2000.
NTFS
Windows 2000 includes a new version of NTFS, which provides performance, reliability, and advanced functionality not found in any version of FAT. The NTFS data structures allow you to take advantage of new features, such as storage features based on reparse points, management software, and, if the Microsoft® Windows® 2000 Professional computer is connected to a Microsoft® Windows® 2000 Server network, the Active Directory™ directory service.
NTFS also includes security features required for file servers and high-end personal computers in a corporate environment, data access control, and ownership privileges important for data integrity.
NTFS uses clusters as the fundamental unit of disk allocation. In the Disk Management snap-in, you can specify a cluster size of up to 64 KB when you format a volume. If you use the format command to format your NTFS volume, but do not specify a cluster size using the /A:<size> switch, the default values in Table 17.2 are used.
Note Windows 2000, like Microsoft® Windows NT® version 3.51 and Windows NT 4.0, supports file compression. Since file compression is not supported on cluster sizes above 4 KB, the default NTFS cluster size for Windows 2000 never exceeds 4 KB. For more information about NTFS compression, see "Volume, Folder, and File Compression" later in this chapter.
Volume Mount Points
You can add volumes to systems without adding separate drive letters for each new volume, similar to the way Distributed file system (Dfs) links together remote network shares. Volume mount points are robust against system changes that occur when devices are added or removed from a computer.
A volume mount point can be placed in any empty folder of the host NTFS volume. The "mounting" is handled transparently to the user and applications. The version of NTFS included with Windows 2000 must be used on the host volume. However, the volume to be mounted can be formatted in any Windows 2000-accessible file system, including NTFS, FAT16, FAT32, CDFS, or UDF.
One volume can host multiple volume mount points. This allows the local administrator to easily extend the storage capacity of any particular volume on a Windows 2000 system. Users on the local system or connecting to it over a network can continue to use the same drive letter to access the volume, but multiple volumes can be in use simultaneously from that drive letter, depending on the folder used on the host. Windows 2000 automatically prevents resolution problems caused by changes in the internal device name of the target volume. A mount point is the target volume in the same way a drive letter is the target volume.
A useful example of volume mount points can be seen in the following scenario. A user recently installed Windows 2000 onto a relatively small drive C, and is concerned about unnecessary use of storage space on drive C. The user knows that the default document folder, My Documents, is on drive C, and she uses her computer extensively to create and edit digital photos, vector-based graphic art, and desktop publishing (DTP) files. Knowing that these types of documents can quickly consume a lot of disk storage space, the user creates a volume mount point to drive C under the My Documents folder called Art. Any subfolder of the Art folder actually resides on another volume, saving space on drive C.
Note You need local Administrator rights to complete this task.
To create a volume mount point under C:\My Documents
1. | If necessary, add a new hard disk to create a new volume. |
2. | Log on to the computer with an account that has local Administrator rights. |
3. | In Control Panel, double-click Administrative Tools. |
4. | In Administrative Tools, double-click Computer Management. |
5. | In Computer Management, double-click Disk Management. |
6. | If you want to use a previously existing volume as the volume mount point, skip to step 12. Otherwise, right-click in the unallocated space on the disk in which you want to create a new volume and choose Create Partition to start the Create Partition wizard. Follow the steps in the wizard to create an extended partition. Allocate at least as much space as you need to contain all of your art and DTP files. You can also create another primary partition, and then skip to step 8. Note You do not have to use an entire extended partition for just one logical volume. Since extended partitions can contain many logical volumes, you might want to use all the remaining unallocated space for the extended partition and then allocate a portion of that for the volume to be used in this scenario. You can later create another one or more logical volumes out of the remaining free space in the extended partition. If the disk has been upgraded to dynamic disk, you cannot see the options primary partition, extended partition, and logical volume in Disk Management. These terms only apply to basic disks. On dynamic disks you create simple volumes for this task. For more information about primary partitions, extended partitions, logical volumes, basic disks, and dynamic disks, see "Disk Concepts and Troubleshooting" in this book. |
7. | If you created an extended partition in step 6, right-click in the extended partition, and then choose Create Logical Drive. Use as much disk space for the new logical volume as you need to contain all of the games you plan to install on this computer. |
8. | At the Assign Drive Letter or Path screen of the Create Partition wizard, choose the option Mount this volume at an empty folder that supports drive paths, and then click Browse. |
9. | In Windows Explorer, expand drive C, navigate to the folder C:\Documents and Settings\username\My Documents, and then click New Folder. In the folder name placeholder in the Explorer tree, type over the default name New Folder with the name Art, and then click OK. Click Next at the Create Partition wizard. |
10. | Format the new volume with NTFS by using the default-sized allocation units (NTFS is not required, but it is recommended). Enter a volume label for the new volume, or clear the default label in the Volume label text box for none. Click Next twice to finish the wizard. The new volume is automatically formatted after the volume is created. |
11. | Volumes and volume mount points can be addressed by multiple names in the file system namespace. To make the mounted volume accessible directly through a drive letter in Windows Explorer, in Disk Management, right-click the mounted volume, select Change Drive Letter and Path, and then click Add to assign a drive letter. You can also mount this volume to another folder on the same or another host volume. Click OK when done. Skip to step 15 of this procedure. |
12. | To mount previously existing volumes as a volume mount point on a folder of another volume, right-click the volume to be mounted, select Change Drive Letter and Path, and then click Add. |
13. | Select Mount in the NTFS folder, and then click Browse. |
14. | In Windows Explorer, expand drive C, navigate to the C:\Documents and Settings\username\My Documents folder, click New Folder, and in the folder name placeholder in the Explorer tree, type over the default name New Folder with the name Art. Click OK twice to close the wizard. |
15. | In Windows Explorer, navigate to the C:\Documents and Settings\username\My Documents\Art folder and create new folders such as Photos, LineArt, and DTP for the graphic arts documents. |
Any bitmap files are accessed in the Photos folder on the user's computer, the volume mount point used to attach the volume to the My Documents folder on drive C directs all read and write requests to the Photos folder on the mounted volume. Any files stored in the My Documents\Art folder are stored in the root folder of the mounted volume. Any other folder created normally within Windows Explorer under the My Documents folder still resides on drive C.
Note In Windows 2000, only NTFS folders are marked as junctions to provide a mapping function from one folder name to another. NTFS files are not marked in this manner.
The tool Mountvol can identify and manage volume mount points. For more information about Mountvol, see "File System Tools" later in this chapter.
Encryption
EFS uses symmetric key encryption in conjunction with public key technology to protect files and ensure that only the owner of a file can access it. Users of EFS are issued a digital certificate with a public key and a private key pair. EFS uses the key set for the user who is logged on to the local computer where the private key is stored.
Users work with encrypted files and folders just as they do with any other files and folders. Encryption is transparent to the user who encrypted the file; the system automatically decrypts the file or folder when the user accesses. When the file is saved, encryption is reapplied. However, intruders who try to access the encrypted files or folders receive an "Access denied" message if they try to open, copy, move, or rename the encrypted file or folder.
To encrypt or decrypt a folder or file, set the encryption attribute for folders and files just as you set any other attribute. If you encrypt a folder, all files and subfolders created in the encrypted folder are automatically encrypted. It is recommended that you encrypt at the folder level.
You can also encrypt or decrypt a file or folder using the command-line tool Cipher. For quick information about an encrypted file or folder, use the Windows 2000 Resource Kit tool Efsinfo. For more information about Cipher or Efsinfo, see "File System Tools" later in this chapter.
Encrypting File System and Data Recovery
Data recovery is available for EFS as a part of the overall security policy for the system. For example, if you lose your file encryption certificate and associated private key (through disk failure or any other reason), data recovery is available through the designated recovery agent. The recovery agent is, by default, the local system administrator. However, if the computer is connected to a Windows 2000 Server – based network that is using Active Directory, the recovery agent role is assigned by default to the domain administrator.
EFS provides built-in data recovery by requiring that a recovery policy be in place before users can encrypt files. The recovery policy provides for a person to be designated as the recovery agent. The administrator is automatically designated as the recovery agent when logging on to the system for the first time.
The recovery agent has a special certificate and associated private key that allow data recovery for the scope of influence of the recovery policy. If you are the recovery agent, use the export command from the Certificates snap-in to back up the recovery certificate and associated private key to a secure location. After backing up, delete the recovery certificate from the recovery agent's personal store, not from the recovery policy. If you need to perform a recovery operation, first restore the recovery certificate and associated private key to the recovery agent's personal store by using the import command from the Certificates snap-in. After recovering the data, delete the recovery certificate from the recovery agent's personal store. You do not have to repeat the export process. Delete the recovery agent's recovery certificate from the computer, and keep it in a secure location as an additional security measure.
Note The scope of influence in a domain is a site, a domain, or an organizational unit. In a workgroup, the scope of influence is the local hard disk.
The default recovery policy is configured locally for stand-alone computers. For computers on a network, the recovery policy is configured at either the domain, organizational unit, or individual computer level, and applies to all Windows 2000-based computers within the defined scope of influence. Recovery certificates are issued by a certification authority (CA) and managed by using the Certificates snap-in.
Because the Windows 2000 security subsystem handles enforcing, replicating, and caching of the recovery policy, users can implement file encryption on a system that is temporarily offline, such as a portable computer. This process is similar to logging on to the domain account using cached credentials.
Data Backup and Recovery
The main administrative tasks associated with EFS are backing up and restoring encrypted files, configuring a recovery policy, and recovering encrypted data.
Backup copies of encrypted files are also encrypted when you use a backup program designed for Windows 2000.
Data recovery refers to the process of decrypting a file without having the private key of the user who encrypted the file. When restoring encrypted data, the data remains encrypted after the restore operation.
You might need to recover data with a recovery agent if:
| • | A user leaves the company. |
| • | A user loses the private key. |
| • | A law enforcement agency makes a request. |
To recover a file, the recovery agent:
| • | Backs up the encrypted files. |
| • | Moves the backup copies to a secure system. |
| • | Imports their recovery certificate and private key on that system. |
| • | Restores the backup files. |
| • | Decrypts the files, using Windows Explorer or the Cipher command. |
You can use the Group Policy snap-in to define a data recovery policy for domain member servers or for stand-alone or workgroup servers. You can either request a recovery certificate, or export and import your recovery certificates.
Delegate administration of the recovery policy to a designated administrator. Although it is recommended that you limit who is authorized to recover encrypted data, allowing multiple administrators to act as recovery agents is a good idea.
Working With Encrypted Files
When you work with encrypted files and folders, keep the following in mind:
| • | You cannot encrypt files or folders that are compressed. First, uncompress the file or folder, and then encrypt it. On a compressed volume, uncompress folders that you want to encrypt. |
| • | Only the user who encrypted the file can open it. |
| • | You cannot share encrypted files. |
| • | An encrypted file is decrypted if you copy or move the file to a FAT volume. However, a file remains encrypted when backed up by a program designed to work with Windows 2000. |
| • | Cut and paste to move files into an encrypted folder. If you use a drag-and-drop operation, the files are not automatically encrypted in the new folder. |
| • | System files cannot be encrypted. |
| • | Encrypting a folder or file does not protect against deletion. Anyone with delete permission can delete encrypted folders or files. |
| • | Temporary files created when files are being edited are encrypted if all the files are on an NTFS volume and in an encrypted folder. Encrypt the Temp folder on your hard disk to ensure that your encrypted documents remain encrypted during editing. If you create a new document or open an e-mail attachment, the file can be created as an encrypted document in the Temp folder. If you save the encrypted document to another location on an NTFS volume, it remains encrypted in the new location. |
| • | Unless EFS is disabled by Group Policy, you can encrypt or decrypt files and folders on a remote computer that has been enabled for remote encryption. For more information, consult your domain administrator. However, If you open the encrypted file over the network, the data that is transmitted over the network is not encrypted. Other protocols, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS), or IPSec must be used to encrypt data over the wire. |
| • | A recovery policy is automatically implemented when you encrypt your first file or folder; if you lose your file encryption certificate and associated private key, a recovery agent can decrypt the file. |
EFS Recommendations
| • | Encrypt the folder in which you save most of your documents to ensure that your personal documents are encrypted by default. |
| • | Encrypt your Temp folder so that temporary files are automatically encrypted. |
| • | Encrypt folders rather than individual files so that when a program creates temporary files during editing, they are encrypted. |
| • | Use the export command from the Certificates snap-in to back up the file encryption certificate and associated private key on a floppy disk, and keep it in a secure location. |
For more information about EFS, see "Encrypting File System" in the Microsoft® Windows® 2000 Server Resource Kit Distributed Systems Guide.
Sparse Files
A sparse file has an attribute that causes the I/O subsystem to allocate only meaningful (nonzero) data. Nonzero data is allocated on disk, and non-meaningful data (large strings of data composed of zeros) is not. When a sparse file is read, allocated data is returned as it was stored; non-allocated data is returned, by default, as zeros.
NTFS deallocates sparse data streams and only maintains other data as allocated. When a program accesses a sparse file, the file system yields allocated data as actual data and deallocated data as zeros.
NTFS includes full sparse file support for both compressed and uncompressed files. NTFS handles read operations on sparse files by returning allocated data and sparse data. It is possible to read a sparse file as allocated data and a range of data without retrieving the entire data set, although NTFS returns the entire data set by default.
With the sparse file attribute set, the file system can deallocate data from anywhere in the file and, when an application calls, yield the zero data by range instead of storing and returning the actual data. File system application programming interfaces (APIs) allow for the file to be copied or backed as actual bits and sparse stream ranges. The net result is efficient file system storage and access. Figure 17.6 shows how data is stored with and without the sparse file attribute set.
Figure 17.6 Sparse Data StorageImportant
Important If you copy or move a sparse file to a FAT or a non-Windows 2000 NTFS volume, the file is built to its originally specified size. If the required space is not available, the operation does not complete.
Change Journal
The change journal is a new feature of NTFS in Windows 2000 that provides a persistent log of changes made to files on a volume. NTFS uses the change journal to track information about added, deleted, and modified files for each volume. The change journal describes the nature of any changes to files on the volume. When any file or folder is created, modified, or deleted, NTFS adds a record to the change journal for that volume.
The change journal conveys significant scalability benefits to applications that might otherwise need to scan an entire volume for changes. File system indexing, replication managers, virus scanners, and incremental backup applications can benefit from using the change journal.
The change journal is much more efficient than time stamps or file notifications for determining changes in a particular namespace. Applications that normally need to rescan an entire volume to determine changes can now scan once, and subsequently refer to the change journal. The I/O cost depends on how many files have changed, not on how many files exist on the volume.
Each record in the change journal takes approximately 80-100 bytes of space, but there is a configurable maximum size that it never exceeds on disk. When this size is reached, a proportion of the oldest records are discarded.
The APIs are fully documented and can be leveraged by independent software vendors (ISVs). Microsoft uses the change journal in Windows 2000 components such as the Indexing Service. ISVs are planning to use this feature to enhance the scalability and robustness of a range of products including backup, antivirus, and auditing tools.
For more information about the change journal, see the Platform Software Development Kit (SDK) link on the Web Resource page at http://www.microsoft.com/windows2000/library/resources/reskit/WebResources/default.asp.
Disk Quotas
Disk quotas are tracked on a per-user, per-volume basis; users are charged only for the files they own. Quotas are tracked per volume, even if the volumes are different partitions on the same physical hard disk. However, if you have multiple shares on the same volume, the quotas apply to all shares collectively, and a user's utilization of all shares cannot exceed the assigned quota on that volume.
In the Properties dialog box, the Quota tab allows the administrator to perform the following tasks:
| • | Enable or disable disk quotas on a volume. |
| • | Prevent users from saving new data when their disk quota is exceeded. |
| • | Set the default disk quota warning level and disk quota limit assigned to new volume users. |
| • | View disk quota information for each user from the Quota Entries view. |
Disk quotas track and control disk space usage for volumes. Administrators can configure Windows 2000 to perform the following tasks:
| • | Prevent further disk space use and log an event when a user exceeds a specified disk space limit. |
| • | Log an event when a user exceeds a specified disk space warning level. |
When you enable disk quotas, you can set both the disk quota limit and the disk quota warning level. The limit specifies the amount of disk space that is allocated to a user. The warning level specifies when a user is nearing the limit. For example, you can set a user's disk quota limit to 50 megabytes (MB), and the disk quota warning level to 45 MB. The user can store no more than 50 MB of data on the volume; if more than 45 MB are stored on the volume the disk quota system can log a system event.
When you enable disk quotas for a volume, volume usage is automatically tracked for new users, but existing volume users have no disk quotas applied to them. To apply disk quotas to existing volume users, add new quota entries in the Quota Entries window.
For more information about setting disk quotas, see Windows 2000 Professional Help.
Disk Quotas and Free Space
Disk quotas are transparent to the user. When a user asks how much space is free on a disk, the system reports only the user's available quota allowance. If the user exceeds this allowance, the system indicates that the disk is full.
To obtain more disk space after exceeding the quota allowance, the user must do one of the following:
| • | Delete files. |
| • | Have another user claim ownership of some files. |
| • | Have the administrator increase the quota allowance. |
The following conditions apply when you use disk quotas:
| • | Disk quotas set on a volume apply only to that volume. |
| • | Disk quotas cannot be set on individual files or folders. |
| • | Disk quotas are based on uncompressed file sizes. You cannot increase the amount of free space by compressing the data. |
| • | If the computer that hosts the volume with a quota is configured as a multiple-boot system with Windows 2000 and Windows NT 4.0, the quota is not enforced and can be exceeded when it is running Windows NT 4.0. However, when that computer resumes running Windows 2000, users who exceeded their quotas must delete or move files to a different volume — that is, until they are under their limit — before they can store new files to the quota volume. |
| • | To support disk quotas, a disk volume must be formatted with NTFS. Volumes formatted with previous versions of NTFS are upgraded automatically by Windows 2000 Setup. |
| • | To administer quotas on a volume, you must be a member of the Administrators group on the computer where the volume resides. |
| • | If the volume is not formatted with NTFS, or if you are not a member of the Administrators group on the local computer, the Quota tab is not displayed on the volume's Properties page. |
Disk Quota Limits
The disk space used by each file is charged directly to the user who owns the file. The file owner is identified by the security identifier (SID) in the security information for the file. The total disk space charged to a user is the sum of the length of all data streams; property set streams and resident user data streams affect the user's quota. Since compressing or decompressing files does not affect the disk space reported for the files, quota settings on one volume can be compared to settings on another volume.
The following are types of disk quota limits.
Warning threshold You can configure the system to generate a system log file entry on the computer hosting the volume with the quota when the disk space charged to the user exceeds this value. The user is not notified when this threshold is surpassed.
Hard quota You can configure the computer hosting the volume with the quota to generate a system log file entry or deny additional disk space to the user when the disk space charged to the user exceeds this value.
NTFS automatically creates a user quota entry when a user first writes to the volume. Entries that are created automatically are assigned the default warning threshold and hard quota limit values for the volume.
Disk Quotas States
The administrator can turn quota enforcement on and off. There are three quota states, as shown in Table 17.6.
Table 17.6 Disk Quota States
| State | Description |
Quota disabled | Quota usage changes are not tracked, but the quota limits are not removed. In this state, performance is not affected by disk quotas. This is the default state. |
Quota tracked | Quota usage changes are tracked, but quota limits are not enforced. In this state, no quota violation events are generated and no file operations fail because of disk quota violations. |
Quota enforced | Quota usage changes are tracked and quota limits are enforced. |
Administering Disk Quotas
Disk quotas monitor volume use to prevent users from affecting others' use of the volume. For example, if a user saves 50 MB on a volume on which each user has been allocated 50 MB of space, some of this data must be moved or deleted before additional data is written to the volume. Other users can continue to save up to 50 MB of space on that volume.
Note Disk quotas do not prevent administrators from allocating more space than is available on the disk. For example, on a 8-GB volume that is used by 100 users, each user might be allocated 100 MB of space.
Disk quotas are based on file ownership and are independent of the location of the files on the volume. If a user moves files from one folder to another on the same volume, volume space usage does not change. If the user copies the files to a different folder on the same volume, the available volume space usage against the quota for that user decreases by the number of bytes copied.
The administrator can set default quotas for the volume or for specific users on a volume. A new user receives the default quota unless the administrator established a different quota for that specific user. The administrator can view the level of quota tracking, the default quota limits, and the per-owner quota information by looking at the Quota tab on the Properties dialog box for the volume. The per-user quota information contains the user's hard quota limit, warning threshold, and quota usage.
If you do not want to use the default disk space limit and warning threshold values for a particular user, use the New Quota Entry feature to set up quota thresholds and limits before the user writes data to the volume.
User quota entries cannot be deleted if a user owns files on the volume; all files owned by that user must be deleted or moved to another volume, or ownership of the files must be transferred to another user.
Enabling Disk Quotas
When you enable quotas on a volume that already contains files, the space used by all users who have copied, saved, or taken ownership of files on the volume is calculated. The quota limit and warning level are then applied to all current users and new users. You can then disable or set different quotas for specific users. You can also set quotas for specific users who have not yet copied, saved, or taken ownership of any files on the volume.
For example, you can set a quota of 50 MB for all users of share \\Workstation1\Public, while ensuring that two users who work with larger files have a 100-MB limit. If both users have files stored on \\Workstation1\Public, open the Properties dialog box for that volume, click Quota, click Quota entries, select both users, right click, and then click Properties to set their quota limit to 100 MB. However, if either user does not have files stored on the volume, use the Select Users property sheet to set their quota limit higher than the default for new users.
Local and Remote Implementations
Disk quotas can be enabled on both local computers and remote computers. On local computers, quotas can limit the amount of space available to users who log on to the local computer. On remote computers, quotas can limit volume usage by remote users. The remote computer must be formatted with the version of NTFS included with Windows 2000 and be shared from the root folder of the volume. You need Administrator rights to enable, disable, or manage quotas.
You can use quotas to ensure the following:
| • | Disk space on public servers is not monopolized by one or a few users. |
| • | Users do not use excessive disk space on a shared folder on your computer. |
| • | Information technology (IT) budget dollars for mass storage are managed efficiently by making users account for the use of shared disk space, by using public disk space only for necessary files. |
System files are included in the total sum of volume usage of the person who installed Windows 2000 on the local computer. When implementing disk quotas on a local volume, make sure to take into account the disk space used by these files. Depending on the free space available on the volume, you might want to set a high quota limit or no limit for the user who installed the operating system.
Auditing Disk Space Use
Enabling quotas causes a slight increase in server overhead and a slight decrease in file server performance. By periodically enabling and disabling quotas, you can take advantage of the auditing capabilities provided by Windows 2000 disk quotas without permanently affecting performance.
To create a record of the audit, save a copy of the system log data from Event Viewer to a comma-delimited file that can be read by applications such as Microsoft® Excel. These files can be useful for analyzing the data captured.
Exceeding Disk Quota Limits
When you select Deny disk space to users exceeding quota limit on the Quota tab of the Properties dialog box, users who exceed their limit receive an "insufficient disk space" error and cannot write additional data to the volume without deleting or moving files. Individual programs determine their own error handling for this condition. To the program, it appears that the volume is full.
By leaving this option cleared, you can allow users to exceed their limit. This is useful when you do not want to deny users access to a volume, but want to track disk space use. You can also specify whether or not to log an event to the volume host computer's system log when users exceed either their quota warning level or their quota limit.
Event Viewer builds a historical, chronological record of users who exceeded their quota warning level and quota limit, and when they exceeded them. However, it does not provide information about which users are currently over their quota warning level.
For more information about enabling disk quotas, see Windows 2000 Professional Help.
Multiple Data Streams
NTFS supports multiple data streams, in which the stream name identifies a new data attribute on the file. Each data stream is an alternate set of file attributes. Streams have separate opportunistic locks, file locks, allocation sizes, and file sizes, but files can be shared.
This feature enables data to be managed as a single unit. Using multiple data streams, a file can be associated with more than one application at a time, such as Microsoft® Word and WordPad.
Caution When you copy an NTFS file to a FAT volume, such as a floppy disk, data streams and other attributes not supported by FAT are lost.
Distributed Link Tracking
Distributed link tracking can use a unique object identifier (ID) to locate link source files that have been moved locally on a computer or within a Windows 2000 domain. The object ID is stamped into a file when it is made the target of a shortcut or an OLE link. NTFS can maintain the integrity of its references because the objects referenced can be moved transparently. Distributed link tracking stores a file's object ID as part of its tracking information.
Distributed link tracking can resolve broken links in the following circumstances:
| • | The link source file has been renamed. |
| • | The link source file has been moved within the volume, between two volumes on the same computer, or between two computers within the same Windows 2000 Server – based domain. |
| • | The volume containing the link source file has been installed in another computer running Windows 2000 within the same Windows 2000 Server – based domain. |
| • | The Windows 2000 – based computer containing the link source file has been renamed. |
| • | The name of the network share containing the link source file has been changed. |
Volume, Folder, and File Compression
Windows 2000 supports compression on individual files, folders, and entire NTFS volumes. Files compressed on an NTFS volume can be read and written by any Windows-based application without first being decompressed by another program. Decompression occurs automatically when the file is read. The file is compressed again when it is closed or saved. Compressed files and folders have an attribute of C when viewed in Windows Explorer.
Only NTFS can read the compressed form of the data. When an application such as Microsoft® Word or an operating system command such as copy requests access to the file, the compression filter driver decompresses the file before making it available. For example, if you copy a compressed file from another Windows 2000–based computer to a compressed folder on your hard disk, the file is decompressed when read, copied, and then recompressed when saved.
This compression algorithm is similar to that used by the Windows 98 application DriveSpace 3, with one important difference — the limited functionality compresses the entire primary volume or logical volume. NTFS allows for the compression of an entire volume, of one or more folders within a volume, or even one or more files within a folder of an NTFS volume.
The compression algorithms in NTFS are designed to support cluster sizes of up to 4 KB. When the cluster size is greater than 4 KB on an NTFS volume, none of the NTFS compression functions are available.
Compressing and Decompressing Volumes, Folders, and Files
Volumes, folders and files on an NTFS volume are either compressed or decompressed. The compression state of a folder does not necessarily reflect the compression state of the files in that folder. For instance, a folder might be compressed, yet some or all the files in that folder can be decompressed if you selectively decompressed them.
You can set the compression state of folders and compress or decompress files by using Windows Explorer or the command-line program Compact.
Using Windows Explorer
With Windows Explorer, you can set the compression state of an NTFS folder without changing the compression state of existing files in that folder. If you have Read or Write permission, you can change the compression state locally or across a network. You can select individual folders or files to compress or decompress.
To set the compression state of a volume
1. | Open Windows Explorer. In the left pane, right-click the root folder of the volume that you want to compress or decompress. |
2. | Click Properties to display the Properties dialog box. |
3. | On the General tab, select or clear the Compress drive to save disk space check box. |
4. | In the Confirm Attribute Changes dialog box, select whether to make the compression apply only to the root folder or the entire volume, and then click OK. |
The change to the compression attribute is applied to the files and folders you specified. If you compress the entire volume, it might take a few minutes to complete the process, depending on the size of the volume, the number of files and folders to compress, and the speed of the computer.
To set the compression state of a folder or file
1. | Open Windows Explorer. In the left pane, right-click the folder that you want to compress or decompress. |
2. | Click Properties to display the Properties dialog box. |
3. | On the General tab, click Advanced. |
4. | In the Advanced Attributes dialog box, select or clear the Compress contents to save disk space check box, and then click OK. |
5. | In the Properties dialog box, click OK. |
6. | If the compression state was altered for a folder, in the Confirm Attribute Changes dialog box, select whether to make the compression apply only to the selected folder or to all files and subfolders. Click OK when done. |
Note Windows 2000 allows closed page files to be compressed. However, when you restart Windows 2000, the page files automatically revert to an uncompressed state. For information about page files, see the topics on virtual memory in Windows 2000 Professional Help.
You can set Windows Explorer to display alternate colors for compressed files and folders by using the following procedure:
To display alternate colors for compressed files and folders
1. | In Windows Explorer, click the Tools menu. |
2. | On the Tools menu, click Folder Options. |
3. | On the View tab, select the Display compressed files and folders with alternate color check box. |
4. | Click OK to return to Windows Explorer. |
Using Compact
Compact is the command-line version of the compression functionality in Windows Explorer. The compact command displays and alters the compression of folders and files on NTFS volumes. It also displays the compression state of folders.
There are two reasons why you might want to use Compact instead of Windows Explorer:
| • | You can use Compact in a batch script. |
| • | If the system fails during compression or decompression, the file or folder is marked as Compressed or Uncompressed. If the operation did not complete, Compact forces the operation to complete in the background. |
Note Unlike Windows Explorer, Compact automatically compresses or decompresses any files that are not already in the compression state that you set for the folder.
For more information about Compact, see "File System Tools" later in this chapter.
Effects of Compression on Moving and Copying Files
Moving and copying files and folders on disk volumes can change their compression state. The compression state of these files and folders, and the file system in which they were created, can impact the way they are affected while being moved or copied. The compression state of an NTFS file or folder is controlled by its compression attribute.
Note The default behavior for dragging and dropping files and folders in Windows Explorer depends on the relationship between the source and the target location. If the selected item is dragged to a folder on the same volume, the item is moved. If the selected item is dragged to a folder on a different volume, the item is copied. You can force a copy by holding down the CTRL key as you drop the item to its new location. Holding down the SHIFT key as you drop the item moves it. If you right-click and drag the selected item, a context popup menu appears that allows you to select whether to copy, move, or create a shortcut to the item, or cancel the task.
Moving Files or Folders on NTFS Volumes
When you move an uncompressed file or folder to another folder, the file remains uncompressed, regardless of the compression state of the folder to which it was moved. For example, if you move an uncompressed file to a compressed folder, the file remains uncompressed after the move, as shown in Figure 17.7.
Figure 17.7 Moving an Uncompressed File to a Compressed Folder
When you move a compressed file or folder to another folder, the file remains compressed after the move, regardless of the compression state of the folder, as shown in Figure 17.8.
Figure 17.8 Moving a Compressed File to an Uncompressed Folder
Copying Files or Folders on NTFS Volumes
When you copy a file to a folder, the file takes on the compression attribute of the target folder. For example, if you copy a compressed file to an uncompressed folder, the file is uncompressed when it is copied to the folder, as shown in Figure 17.9.
Figure 17.9 Copying a Compressed File to an Uncompressed Folder
When you copy a file to a folder that already contains a file of the same name, the copied file takes on the compression attribute of the target file, regardless of the compression state of the folder, as shown in Figure 17.10.
Figure 17.10 Copying a File to a Folder that Contains a File of the Same Name
Moving and Copying Files Between FAT16, FAT32, and NTFS Volumes
Like files copied between NTFS folders, files moved or copied from a FAT folder to an NTFS folder take on the compression attribute of the target folder. Because Windows 2000 supports compression only on NTFS volumes, compressed NTFS files moved or copied to a FAT volume are automatically decompressed. Similarly, compressed NTFS files copied or moved to a floppy disk are automatically decompressed.
Adding Files to an Almost Full NTFS Volume
Adding files to an NTFS volume that is almost full generates error messages indicating that there is not enough disk space to write the entire file if the file cannot be compressed, regardless of the compression in the file when it is opened. For this reason, it is possible to get a read error when you are trying to open a compressed file.
Because NTFS allocates space based on the uncompressed size of the files to be copied, if you copy files to a compressed NTFS folder that does not have enough room for the files in their uncompressed state, you receive a message indicating that there is not enough space on the disk. NTFS does not wait for the compression and writing of one file to complete before it works on subsequent files, and the system does not reclaim the unused space from compression until after the buffer is compressed.
When you run a program and save files to a compressed folder on a volume that is almost full, the success of the save depends on factors such as how much the file compresses and whether the beginning of the file compresses well.
If you cannot delete any files or do not have any files that you can compress, you can usually copy all of the files if you first copy the largest or those that compress best, such as BMP and document files. You can also copy them in smaller groups, rather than all at once.
NTFS Compression Algorithm
NTFS compression uses a 3-byte minimum search rather than the 2-byte minimum used by DoubleSpace. This search enables faster compressing and decompressing (roughly two times faster), while sacrificing only 2 percent compression for the average text file.
Each NTFS data stream contains information that indicates whether any part of the stream is compressed. Individual compressed buffers are identified by "holes" following them in the information stored for that stream. If there is a hole, NTFS automatically decompresses the preceding buffer to fill the hole.
NTFS provides real-time access to a compressed file, decompressing the file when it is opened and compressing it when it is closed. When writing a compressed file, the system reserves disk space for the uncompressed size. The system gets back unused space as each individual compression buffer is compressed.
Note Some programs do not allocate space before beginning a save operation and only display an error message when they run out of disk space.
Compression Performance
NTFS compression might cause performance degradation because a compressed NTFS file is decompressed, copied, and then recompressed as a new file, even when copied on the same computer. Similarly, on network transfers, the file is decompressed, which affects bandwidth as well as speed.
The current implementation of NTFS compression runs more efficiently on Windows 2000 Professional than on Windows 2000 Server.
The two ways to measure the performance of NTFS data compression are size and speed. You can tell how well compression works by comparing the uncompressed and compressed file and folder sizes. For more information about seeing the compressed size of folders, see "File System Tools" later in this chapter.
Other Compression Methods
Other compression tools are available to compress files on computers running Windows 2000. These tools differ from NTFS compression in the following ways:
| • | They usually run from either the command line or as a stand-alone application. |
| • | Files cannot be opened when they are in a compressed state — the file must first be decompressed. When you close the file, it is saved in an uncompressed state, and you must use a program to compress it. |
The Windows 2000 Resource Kit includes a tool called Compress, which can only be run from the command line. For more information about this and other programs, see "File System Tools" later in this chapter.
NTFS Recoverability
NTFS is a recoverable file system that guarantees the consistency of the volume by using standard transaction logging and recovery techniques. In the event of a disk corruption, NTFS runs a recovery procedure that accesses information stored in a transaction log file. The NTFS recovery procedure guarantees that the volume is restored to a consistent state. Transaction logging requires a very small amount of overhead.
NTFS ensures the integrity of all NTFS volumes by automatically performing disk recovery operations the first time a program accesses an NTFS volume after the computer is restarted following a failure.
NTFS also uses a technique called cluster remapping to minimize the effects of a bad sector on an NTFS volume.
Important If either the master boot record (MBR) or boot sector is corrupted, you might not be able to access data on the volume. For more information about recovery from errors with the MBR or the boot sector, see "Disks Concepts and Troubleshooting" in this book.
Recovering Data with NTFS
NTFS views each operation that modifies a file on a volume as a transaction, and manages each one as an integral unit. After it is started, the transaction is either completed or, in the event of a disk problem, rolled back (the NTFS volume is returned to its state before the transaction was initiated).
To ensure that a transaction can be completed or rolled back, NTFS records the suboperations of a transaction in a transaction log file before they are written to the disk. When a complete transaction is recorded in the log file, NTFS performs the suboperations of the transaction on the volume cache. After NTFS updates the cache, it commits the transaction by recording in the log file that the transaction is complete.
After a transaction is committed, NTFS ensures that the entire transaction appears on the volume, even if the disk becomes corrupted. During recovery operations, NTFS redoes each committed transaction found in the log file. Then NTFS locates in the log file the transactions that were not committed at the time of the system failure and undoes each transaction suboperation recorded in the log file. Incomplete modifications to the volume are prohibited.
Important NTFS uses transaction logging and recovery to guarantee that the volume structure is not corrupted. For this reason, all system files remain accessible after a system failure. However, user data can be lost because of a system failure or a bad sector.
Caching and Data Recovery
The cache is the area of random access memory (RAM) that contains the most recently used data. When you write data to disk, the lazy-write technique in Windows 2000 indicates that the data is written when it is still in the cache. There can also be cache memory on the disk controller, as with small computer system interface (SCSI) controllers, or on the disk unit, as with EIDE disks. The following information can help you decide whether to enable the disk or controller cache:
| • | Write caching improves disk performance, particularly if large amounts of data are being written to the disk. |
| • | Control of the write-back cache is a firmware function provided by the disk manufacturer. See the documentation supplied with the disk or disk controller. You cannot configure the write-back cache from Windows 2000. |
| • | Write caching does not impact the reliability of the file system's own metadata. NTFS instructs the disk device driver to ensure that metadata is written regardless of whether write caching is enabled. Non-metadata is written to the disk normally and can be cached. |
| • | Read caching in the disk has no impact on file system reliability. |
Cluster Remapping
In the event of a bad-sector error, NTFS automatically implements a recovery technique called cluster remapping. When Windows 2000 detects a bad-sector, NTFS dynamically remaps the cluster containing the bad sector and allocates a new cluster for the data. If the error occurred during a read, NTFS returns a read error to the calling program, and the data is lost. If the error occurs during a write, NTFS writes the data to the new cluster, and no data is lost.
NTFS puts the address of the cluster containing the bad sector in the bad cluster file so the bad sector is not reused.
Important Cluster remapping is not a backup alternative. Once errors are detected, the disk must be monitored closely and replaced if the detect list grows. This type of error is displayed in the System Log of Event Viewer.
FAT uses a form of cluster remapping, but only when the volume is initially formatted. If a bad sector occurs on a FAT volume after it is formatted, data stored within the associated cluster can be permanently lost. NTFS handles cluster remapping dynamically and continuously, ensuring the integrity of your data.
Converting to Windows 2000 File Systems
The on-disk format for NTFS has been enhanced in Windows 2000 to enable new functionality. The upgrade to the new version of NTFS occurs when Windows 2000 mounts an existing, locally installed NTFS volume. The upgrade is automatic and the conversion time is independent of volume size. FAT16 and FAT32 volumes can be converted to NTFS format at any time by using the Convert.exe tool.
Important The location of the MFT is different on volumes that have been converted from previous version of NTFS, so volume performance might not be as good on volumes converted from Windows NT.
You can also upgrade FAT16 and FAT32 volumes to NTFS by using the Convert tool. The conversion of a disk volume from FAT to NTFS requires a sufficient amount of available free disk space to build the NTFS disk structures. For more information about the Convert tool, see "Convert: Converts a Volume from FAT to NTFS" later in this chapter. For additional information about using Convert to convert a volume to NTFS, see the Knowledge Base link on the Web Resource page at http://www.microsoft.com/windows2000/library/resources/reskit/WebResources/default.asp. Search using the keywords "Convert," "NTFS," and "winnt."
Conversion Issues for NTFS and FAT Volumes
FAT and NTFS use very different on-disk structures to represent the allocation of space for files. These structures are often referred to as metadata or file system overhead. Another kind of overhead associated with FAT and NTFS is related to the fact that both file systems allocate disk space in clusters of a fixed size. The exact size of these clusters is determined at format time, and are dependent on the size of the volume. See Table 17.2 for the default cluster sizes of each file system per volume size range.
Like FAT, NTFS has a certain amount of fixed-size overhead and a certain amount of per-file overhead. To support the advanced features of NTFS, such as recoverability, security, and support for very large volumes, the NTFS metadata overhead is somewhat larger than the FAT metadata overhead. However, because NTFS clusters are smaller than FAT clusters for the same size volume, you can store more data on an NTFS volume as on a FAT volume of identical size, even without using NTFS file compression.
Convert builds the NTFS metadata by using space that FAT considers free space. Thus, if the conversion fails, the FAT representation of the user files is still valid.
NTFS Compatibility Issues
Your ability to access your NTFS volumes when you use a multiple-boot process to start up Windows NT and Windows 2000 depends on which version of Windows NT you are using. Redirected clients using NTFS volumes on file and print servers are not affected. If you are running Windows NT 4.0 Service Pack 4 or later, you can read basic volumes formatted with the new version of NTFS.
When a Windows 2000 volume is mounted on a computer running Windows NT 4.0 Service Pack 4 or later, most of the new NTFS features are not available. However, most read and write operations are permitted if they do not make use of any new NTFS features. Features affected by this configuration include the following:
| • | Reparse points. Windows NT cannot perform any operations that makes use of reparse points. |
| • | Disk quotas. When running Windows NT on a multiple-boot computer that also runs Windows 2000, disk quotas implemented by Windows 2000 are ignored, allowing you to consume more disk space than is allowed by your quota. |
| • | Encryption. Windows NT cannot perform any operations on files encrypted by Windows 2000. |
| • | Sparse files. Windows NT cannot perform any operations on sparse files. |
| • | Change journal. Windows NT ignores the change journal. No entries are logged when files are accessed. |
You can only access files on NTFS volumes from Windows NT or Windows 2000. If other operating systems are installed, you must use another file system for the system and boot volumes.
Important Becau