Converting Basic disks to Dynamic disks doesn’t require reboots, however, any volumes contained on them after the conversion will generate a popup that basically says a re-boot is necessary before the volumes can be used. It’s safe to say no to the reboot, wait until all the volumes are identified and all the popups go away, and then perform a single re-boot.

When you upgrade from basic to dynamic, any existing partitions become simple volumes. Any existing mirrored, striped or spanned volumes sets created with NT 4.0 become dynamic mirrored, striped or spanned volumes respectively. If you get a message that says you are out of space then you may not have enough unallocated free space at the end of the disk for the private region database that Dynamic disks use to keep volume information. To be Dynamic it needs about 1 MB of this space, sometimes the space is not visible to the user in the GUI, but it is still there. You may not have the space if the partition(s) on the disk take up the entire disk and were created with Setup, an earlier version of NT or another OS. If partitions are created within Windows 2000, the space is reserved, partitions created with Setup will reserve the space in a later release. To undo this conversion run you should backup any data on the disk you wish to preserve, and then delete all partitions - that should activate the menu choice "Revert to Basic Disk", the entire disk HAS to be unallocated or free space.

The removal of choice

When you install Windows 2000 ALL NTFS partitions will be upgraded to NTFS 5.0. Yes, ANY and ALL NTFS volumes Windows 2000 sees – including removable media – are automatically converted to V5.0 on the fly when Windows 2000 mounts them so make sure if you move disks between machines they are all Windows 2000 or if using Windows NT 4.0 have Service Pack 4 or above installed.

Service Pack 4 for Windows NT 4.0 has an updated NTFS.SYS which can read NTFS 5.0 partitions so apply this to any systems that need to read Windows 2000 NTFS 5.0 partitions and make sure you do this BEFORE installing Windows 2000. You can, if you wish, only copy over the NTFS.SYS if you don’t want to apply Service Pack 4 or above (but you need to anyway to be Y2K compliant, of course if you’re reading this now and you’ve not deployed Service Pack 4, panic!) By default (you can override using advanced option button) on server installations the boot partition will be upgraded to NTFS if you’re not in a dual boot environment, yep that’s right it automatically upgrades from FAT to NTFS.

Encrypted File System

I mentioned problems with NTFS’s security, that tools exist which require console level access to the machine and require booting off a special disk or CD-ROM, but with more and more mobile computers something extra is needed for sensitive data that is carried with us every day. EFS uses a public/private key encryption scheme and the CryptoAPI architecture. EFS can use any symmetric encryption algorithm to encrypt files, however the initial release only uses DES. 128-bit keys are used in North America, 40-bit internationally. No preparation is needed to encrypt files and the first time a user encrypts a file an encryption certificate for the user and a private key are automatically created. If encrypted files are moved they stay encrypted, if users add files to an encrypted folder the new files are automatically encrypted. There is no need to decrypt a file before use; the operating system automatically handles this for you in a secure manner. In the event of a user’s private key being lost (either by reinstallation or new user creation), the EFS recovery agent can decrypt the files. Encrypted files cannot be read from outside Windows 2000 or within Windows 2000 without the required certificate needed to decrypt.

If you’re using Windows 2000 professional in a 4.0-based domain, you will not be able to use the encrypted file system, as a machine in a domain uses the domain policy for recovery if the domain does not support EFS (such as a 3.51 or 4.0 domain). To get around this perform the following:

Reparse Points

Much of the new Windows 2000 file system enhancements are possible thanks to reparse points which basically provide a ‘hook’ into the file system and allow extensions to the storage subsystem without the need for proprietary code to be written.

Reparse points are actually special file system objects which have a special attribute that activates extra functionality in the storage subsystem. Any file or folder can have a reparse point, meaning a single path can trigger multiple portions of extended functionality.

Directory Junctions

These just allow you to join folders together so you can map a directory to any local target directory. Imagine you had three folders, c:\folder1, c:\folder2 and c:\documents. It’s possible to create a directory junction so c:\documents appears as a subdirectory of the other two folders resulting in c:\folder1\documents and c:\folder2\documents. Sadly, to create a directory junction you will need to write a utility since none is supplied.

On first view, directory junctions and the Distributed File System perform some of the same roles, as they both give the appearance of a single directory tree which actually consists of multiple, distributed folders, however there are differences:

• DFS utilises the Active Directory to store its information. Thanks to its Active Directory root DFS can provide fault tolerance and load balancing, directory junctions cannot provide either of these although in a local context it’s not as necessary.
• DFS is more geared to merging network resources into a single namespace where as directory junctions only link local machine resources.
• DFS can work using multiple file systems but directory junctions rely on NTFS 5.0.
• DFS requires a client piece, directory junctions don’t.

Mount Points

Mount points are similar to junction points except they allow only the root of a volume to be mounted as a folder and are created using reparse points, thus the NTFS 5.0 requirement. Mount points are useful for increasing a drive’s ‘size’ without disturbing it. For instance, you could create a mount point to drive d: as c:\documents thus seeming to increase the size available on C:. To create a mount point just perform the following:

• Start the Computer Management MMC snap-in (Start – Programs – Administrative Tools – Computer Management)
• Expand the Storage branch and select Disk Management
• Right click on the volume you want to create as a mount point and select ‘Change Drive Letter and Path’
• Click ‘Add’
  <ntfs5-1.tif>
• Select a new ‘folder’ for the folder to be mounted as. If you click browse it will only show NTFS 5.0 volumes.
• Click OK
• <ntfs5-2.tif> Here we are going to map drive G: as d:\data drive

A warning will be given. Click OK. The quota process will now check the volume and build up a list of current disk usage. The new features are certainly welcome, in particular the Encrypted File System and user quotas are a good start but there are many other third party alternatives to the quota problem which make the built-in NTFS 5.0 solution only good for very small environments. I think the option of the upgrade from NTFS 4.0 to NTFS 5.0 would have been good but with so many Windows 2000 functions relying on NTFS 5.0 I can see why.

One final word though, if you play with the Encrypted File System remember it’s all certificate based, if you reinstall Windows 2000 and you’re not in a domain you’ll lose the certificate to decrypt and access to your work! I know one unhappy person who lost a lot of work after encrypting his folder and reinstalling the OS. New functions are good but make sure you understand them before using! Check the NT FAQ, www.ntfaq.com for information on backing up the EFS recovery certificate.