The current version of NTFS is 4.0, I’ve not really noticed any great changes since its first incarnation in Windows NT 3.1 and so we can assume it’s just gone up by 1 with each NT release, NTFS 1 in 3.1, NTFS 2 in 3.5, NTFS 3 in 3.51 and now NTFS 4 in 4.0. Microsoft has made quite a big fuss about NTFS 5.0; is this just an increment to the file system version to match the OS version? Well no. For the first time the jump in the file system number represents a huge leap for the file system functionality.

NTFS was a totally new file system, not just an enhancement to FAT, and offers no ‘backwards compatibility’ for operating systems that only understand FAT, operating systems such as Windows 95, Windows 98 and DOS cannot read NTFS drives so if you want to share a disk between operating systems keep it FAT. There are utilities that exist which enable you to read NTFS from outside NT such as NTFSDos from www.sysinternals.com. Security was a major addition to NTFS. In FAT you could hide files, but anyone could unhide them with the attrib command or view them by using the ‘dir /ah’ command. With computers becoming linked together and more than one person operating a computer, a method was needed to secure files so that only the intended could view/modify files. With NTFS you can assign exact privileges for every user/group to every file and folder providing a secure environment so that only those with the correct permissions can gain access.

As we mentioned above, utilities exist which can access NTFS volumes from outside of the operating system and bypass the NTFS security. More and more people use portables, often with sensitive data on them, and NTFS is no longer secure enough. NTFS 5.0 introduces something to combat this problem.

Dynamic disks

The current volume structure has been carried over from early DOS days; you have a primary partition, and extended partition with a number of logical volumes. Windows 2000 throws this away for a more sophisticated approach. It introduces the idea of a dynamic disk needed for fault tolerant configurations. Dynamic disks are used by the Logical Disk Manager (LDM) which is different from the Disk Management snap-in. Dynamic disks contain only dynamic volumes, there is no concept of a primary partition, logical volume etc. Dynamic disks are needed in Windows 2000 for the creation of mirrored, spanned, striped or striped with parity sets, however, existing sets created under Windows NT 4.0 are supported on basic disks in Windows 2000. Dynamic volumes can also be resized by adding extra space from unpartioned space and used without a reboot.

Only the Windows 2000 operating system understands dynamic disks, Windows 9x, Windows NT 4.0 etc all cannot read dynamic disks and if you multi-boot with any of these do NOT upgrade to dynamic disks. It’s possible to convert a basic disk to a dynamic disk (but this is a one way transformation). Perform the following:

• Start Computer Manager
• Expand Storage - Disk Management.
• Right click on the disk and select ‘Upgrade to Dynamic Disk’
• Select the disks to upgrade and click OK
• A summary will be displayed.
• Click Upgrade
• Click Yes to the confirmation

Converting Basic disks to Dynamic disks doesn’t require reboots, however, any volumes contained on them after the conversion will generate a popup that basically says a re-boot is necessary before the volumes can be used. It’s safe to say no to the reboot, wait until all the volumes are identified and all the popups go away, and then perform a single re-boot. When you upgrade from basic to dynamic, any existing partitions become simple volumes. Any existing mirrored, striped or spanned volumes sets created with NT 4.0 become dynamic mirrored, striped or spanned volumes respectively.

If you get a message that says you are out of space then you may not have enough unallocated free space at the end of the disk for the private region database that Dynamic disks use to keep volume information. To be Dynamic it needs about 1 MB of this space, sometimes the space is not visible to the user in the GUI, but it is still there. You may not have the space if the partition(s) on the disk take up the entire disk and were created with Setup, an earlier version of NT or another OS. If partitions are created within Windows 2000, the space is reserved, partitions created with Setup will reserve the space in a later release.

To undo this conversion run you should backup any data on the disk you wish to preserve, and then delete all partitions - that should activate the menu choice "Revert to Basic Disk", the entire disk HAS to be unallocated or free space.

The removal of choice

When you install Windows 2000 ALL NTFS partitions will be upgraded to NTFS 5.0. Yes, ANY and ALL NTFS volumes Windows 2000 sees – including removable media – are automatically converted to V5.0 on the fly when Windows 2000 mounts them so make sure if you move disks between machines they are all Windows 2000 or if using Windows NT 4.0 have Service Pack 4 or above installed.

Service Pack 4 for Windows NT 4.0 has an updated NTFS.SYS which can read NTFS 5.0 partitions so apply this to any systems that need to read Windows 2000 NTFS 5.0 partitions and make sure you do this BEFORE installing Windows 2000. You can, if you wish, only copy over the NTFS.SYS if you don’t want to apply Service Pack 4 or above (but you need to anyway to be Y2K compliant, of course if you’re reading this now and you’ve not deployed Service Pack 4, panic!)

By default (you can override using advanced option button) on server installations the boot partition will be upgraded to NTFS if you’re not in a dual boot environment, yep that’s right it automatically upgrades from FAT to NTFS.

Encrypted File System

I mentioned problems with NTFS’s security, that tools exist which require console level access to the machine and require booting off a special disk or CD-ROM, but with more and more mobile computers something extra is needed for sensitive data that is carried with us every day. EFS uses a public/private key encryption scheme and the CryptoAPI architecture. EFS can use any symmetric encryption algorithm to encrypt files, however the initial release only uses DES. 128-bit keys are used in North America, 40-bit internationally.

No preparation is needed to encrypt files and the first time a user encrypts a file an encryption certificate for the user and a private key are automatically created. If encrypted files are moved they stay encrypted, if users add files to an encrypted folder the new files are automatically encrypted. There is no need to decrypt a file before use; the operating system automatically handles this for you in a secure manner.

In the event of a user’s private key being lost (either by reinstallation or new user creation), the EFS recovery agent can decrypt the files. Encrypted files cannot be read from outside Windows 2000 or within Windows 2000 without the required certificate needed to decrypt. If you’re using Windows 2000 professional in a 4.0-based domain, you will not be able to use the encrypted file system, as a machine in a domain uses the domain policy for recovery if the domain does not support EFS (such as a 3.51 or 4.0 domain). To get around this perform the following:

Remove the Windows 2000 computer from the Windows NT 4.0 domain.

From the command prompt, type:
secedit /refreshpolicy machine_policy /enforce

Rejoin the Windows 2000 computer to the Windows NT 4.0 domain.

Reparse Points

Much of the new Windows 2000 file system enhancements are possible thanks to reparse points which basically provide a ‘hook’ into the file system and allow extensions to the storage subsystem without the need for proprietary code to be written.

Reparse points are actually special file system objects which have a special attribute that activates extra functionality in the storage subsystem. Any file or folder can have a reparse point, meaning a single path can trigger multiple portions of extended functionality.

Directory Junctions

These just allow you to join folders together so you can map a directory to any local target directory. Imagine you had three folders, c:\folder1, c:\folder2 and c:\documents. It’s possible to create a directory junction so c:\documents appears as a subdirectory of the other two folders resulting in c:\folder1\documents and c:\folder2\documents. Sadly, to create a directory junction you will need to write a utility since none is supplied.

On first view, directory junctions and the Distributed File System perform some of the same roles, as they both give the appearance of a single directory tree which actually consists of multiple, distributed folders, however there are differences:

• DFS utilises the Active Directory to store its information. Thanks to its Active Directory root DFS can provide fault tolerance and load balancing, directory junctions cannot provide either of these although in a local context it’s not as necessary.
• DFS is more geared to merging network resources into a single namespace where as directory junctions only link local machine resources.
• DFS can work using multiple file systems but directory junctions rely on NTFS 5.0.
• DFS requires a client piece, directory junctions don’t.