Windows NT 3.1 (the first version of NT despite the 3.1 designation) was released in August 1993 and introduced the New Technology File System (NTFS), which is unique to NT-based operating systems (including Windows 2000 and Windows XP) and is not supported by Windows 9x/Me. NTFS includes many advanced features not found in the FAT file systems. NTFS is the native file system of Windows NT/2000/XP and Vista. Windows 2000 and later use an enhanced version of NTFS called NTFS 5 or NTFS 2000; Windows NT 4.0 must have Service Pack 4 or above installed to be capable of accessing an NTFS 5/NTFS 2000 disk. Although NT/2000/XP support FAT partitions (and Windows 2000/XP even support FAT32), NTFS provides many advantages over FAT, including long filenames, support for larger files and partitions, extended attributes, and increased security. NTFS, like all of Windows NT, was newly designed from the ground up. Backward-compatibility with previous Microsoft operating systems was not a concern because the developers were intent on creating an entirely new 32-bit platform. As a result, few operating systems other than Windows NT and Windows 2000/XP, which are based on Windows NT, can natively read NTFS partitions. More recently that has been changing; for example Apple included the ability to read (but not write) NTFS volumes in the Mac OS X 10.3 (Panther) and later versions. Also NTFS drivers have become available for Linux, MS-DOS, and other OSs as well. Unfortunately most of these solutions have had to be reverse engineered because Microsoft has kept the internal technical details of NTFS mostly private. NTFS supports filenames of up to 255 characters, using spaces, multiple periods, and any other standard characters except the following: *?/\;<>. Since Windows NT 3.51, NTFS has also supported compression on a file-by-file (or folder-by-folder) basis through each file or folder's properties sheet. No third-party program, such as WinZip or PKZip, is needed to compress or decompress files stored on an NTFS drive. NTFS 5 also supports encryption on a file-by-file or folder-by-folder properties sheet. Tip To access advanced file attributes under NTFS such as compression, encryption, and indexing, right-click the file or folder, select Properties, and click the Advanced button to bring up the Advanced properties dialog box. NTFS supports larger volumes (up to 16TiB), larger files, and more files per volume than FAT. NTFS also uses smaller cluster sizes than even FAT32, resulting in more efficient use of a volume. For example, a 30GiB NTFS volume uses 4KiB clusters, whereas the same size volume formatted with FAT32 uses 16KiB clusters. Smaller clusters reduce wasted space on the volume. NTFS cluster sizes are shown in Table 10.37. Table 10.37. NTFS Cluster Sizes
NTFS uses a special file structure called a master file table (MFT) and metadata files. The MFT is basically a relational database that consists of rows of file records and columns of file attributes. It contains at least one entry for every file on an NTFS volume. NTFS creates file and folder records for each file and folder created on an NTFS volume. These are stored in the MFT and consume 1KiB each. Each file record contains information about the position of the file record in the MFT, as well as file attributes and any other information about the file. NTFS was designed to manage clusters using up to 64-bit numbers, which is an astronomical amount, but the current implementations use 32-bit numbers instead. Using 32-bit numbers allows for addressing up to 4,294,967,295 clusters, each of which is typically up to 4KiB. NTFS reserves a total of 32 sectors for a 16-sector-long default volume boot sector and a backup boot sector. The default boot sector is located at the beginning (logical sector 0) of the volume, whereas the backup boot sector is written at the logical center of the volume (if it was formatted using NT 3.51 and earlier) or at the end of the volume (if it was formatted with NT 4.0 or later, including 2000 and XP). An NTFS volume can therefore contain up to 34,359,738,392 total sectors (32 sectors reserved for the default and backup boot sectors, plus 4,294,967,295 clusters x 8 sectors), which is 17.59TB or 16.00TiB. The 32-bit sector numbering scheme used in the partition tables located in the MBR limits a single disk to no more than 4,294,967,295 (2 32 1) sectors, which is 2.2TB or 2TiB. Windows 2000 and later versions (including XP Pro) can get around this on nonbootable drives by using a dynamic disk . Windows 2000 and XP Professional (but not XP Home) offer two types of storage: basic disks and dynamic disks. Basic disks use the same structures as before, with an MBR on the disk containing a partition table limited to four primary partitions per disk, or three primary partitions and one extended partition with unlimited logical drives. Primary partitions and logical drives on basic disks are known as basic volumes . Dynamic disks were first introduced in Windows 2000 and provide the capability to create dynamic volumes that can be simple (using only one drive), spanned (using multiple drives), or striped (using multiple drives simultaneously for increased performance). Dynamic disks use a hidden database (contained in the last megabyte of the disk) to track information about dynamic volumes on the disk and about other dynamic disks in the computer. Because each dynamic disk in a computer stores a replica of the dynamic disk database, a corrupted database on one dynamic disk can be repaired using the database on another. By spanning or striping multiple drives using dynamic disk formats, you can exceed the 2TiB limit of a single MBR-based partition. Note, however, that dynamic disks and volumes are intended for use on servers and not standard desktop PCs. As such this book won't be going into much more detail on dynamic disks and volumes, and in general one should not create them on standard desktop or mobile systems. Although the 32-bit sector numbering in the partition tables on MBR disks limits NTFS basic disks to 2TiB volumes, you can use dynamic volumes to create NTFS volumes larger than 2TiB by spanning or striping multiple basic disks to create a larger dynamic disk. Because the dynamic volumes are managed in the hidden database, they are not affected by the 2TiB limit imposed by the partition tables in the MBR. In essence, dynamic disks enable Windows 2000 and XP Pro to create NTFS volumes as large as 16TiB. The volume limits for NTFS are listed in Table 10.38. Table 10.38. NTFS Volume Limits
Some notable characteristics and features of NTFS include
NTFS ArchitectureThe MFTAlthough NTFS partitions are very different from FAT partitions internally, they do comply with the extra-partitional disk structures described earlier in this chapter. NTFS partitions are listed in the master partition table of a disk drive's master boot record, just like FAT partitions, and they have a volume boot record as well, although it is formatted somewhat differently. When a volume is formatted with NTFS, system files are created in the root folder of the NTFS volume. These system files can be stored at any physical location on the NTFS volume. This means that damage to any specific location on the disk will probably not render the entire partition inaccessible. Typically, 12 NTFS system files (often referred to as metadata files) are created when you format an NTFS volume. Table 10.39 shows the names and descriptions for these files. Table 10.39. NTFS System Files
An NTFS partition is based on a structure called the master file table (MFT). The MFT concept expands on that of the FAT. Instead of using a table of cluster references, the MFT contains much more detailed information about the files and folders in the partition. In some cases, it even contains the files and folders themselves . The first record in the MFT is called the descriptor , which contains information about the MFT itself. The volume boot record for an NTFS partition contains a reference that points to the location of this descriptor record. The second record in the MFT is a mirror copy of the descriptor, which provides fault tolerance, should the first copy be damaged. The third record is the log file record. All NTFS transactions are logged to a file that can be used to restore data in the event of a disk problem. The bulk of the MFT consists of records for the files and folders stored on the partition. NTFS files take the form of objects that have both user- and systemdefined attributes. Attributes on NTFS partitions are more comprehensive than the few simple flags used on FAT partitions. All the information on an NTFS file is stored as attributes of that file. In fact, even the file data itself is an attribute. Unlike FAT files, the attributes of NTFS files are part of the file itself; they are not listed separately in a folder entry. Folders exist as MFT records as well, but they consist mainly of indexes listing the files in the folderthey do not contain the size, date, time, and other information about the individual files. Thus, an NTFS drive's MFT is much more than a cluster list, like a FAT; it is actually the primary data storage structure on the partition. If a file or folder is relatively small (less than approximately 1,500 bytes), the entire file or folder might even be stored in the MFT. For larger amounts of storage, the MFT record for a file or folder contains pointers to external clusters in the partition. These external clusters are called extents . All the records in the MFT, including the descriptors and the log file, are capable of using extents for storage of additional attributes. The attributes of a file that are part of the MFT record are called resident attributes, whereas those stored in extents are called nonresident attributes. NTFS 5 (NTFS 2000)Along with Windows 2000 came a new variation of NTFS called NTFS 5 (also called NTFS 2000); NTFS 5 is also used by Windows XP. This update of the NT file system includes several new features that are exploited and even required by Windows 2000 and Windows XP. Because of this, when you install Windows 2000 or Windows XP, any existing NTFS volumes automatically are upgraded to NTFS 5 (there is no way to override this option). If you also run Windows NT versions earlier than Windows NT 4 Service Pack 4 (SP4), NT 4 is no longer capable of accessing the NTFS 5 volumes. If you want to run both NT 4 and Windows 2000 or Windows XP on the same system (as in a dual-boot configuration), you must upgrade NT 4 by installing Service Pack 4 or later. An updated NTFS.SYS driver in Service Pack 4 enables NT 4 to read from and write to NTFS 5 volumes. New features of the NTFS 5 file system include
Because these featuresespecially the USN Journalare required for Windows 2000 to run, a Windows 2000/Server 2003 domain controller must use an NTFS 5 partition as the system volume. NTFS Changes in Windows XPThe location of the MFT has changed in Windows XP versus Windows 2000 and Windows NT. In Windows 2000 and Windows NT, the MFT is typically located at the start of the disk space used by the NTFS file system. In Windows XP, the $logfile and $bitmap metadata files are located 3GB from the start of the disk space used by NTFS. As a result, system performance has been increased by 5%8% in Windows XP over Windows 2000 or Windows NT. Another improvement in Windows XP's implementation of NTFS is the amount of MFT information read into memory. During bootup, Windows XP reads only a few hundred kilobytes of MFT information if all drives are formatted with NTFS. However, if some or all of the drives are formatted with FAT32, many megabytes of information (the amount varies by the number of drives and the size of the drives) must be read during bootup . Thus, using NTFS utilizes system memory more efficiently . NTFS CompatibilityAlthough NTFS partitions are not directly accessible by DOS and other operating systems, Windows NT/2000 is designed for network use, so other operating systems are expected to be capable of accessing NTFS files via the network. For this reason, NTFS continues to support the standard DOS file attributes and the 8.3 FAT naming convention. One of the main reasons for using NTFS is the security it provides for files and folders. NTFS security attributes are called permissions and are designed to enable system administrators to control access to files and folders by granting specific rights to users and groups. This is a much more granular approach than the FAT file system attributes, which apply to all users. However, you can still set the FAT-style attributes on NTFS files using the standard Windows NT/2000 file management tools, including Windows NT/2000 Explorer and even the command-prompt ATTRIB command. When you copy FAT files to an NTFS drive over the network, the FAT-style attributes remain in place until you explicitly remove them. This can be an important consideration because the FAT-style attributes take precedence over the NTFS permissions. A file on an NTFS drive that is flagged with the FAT read-only attribute, for example, can't be deleted by a Windows NT/2000 user, even if that user has NTFS permissions that grant her full access. To enable DOS and 16-bit Windows systems to access files on NTFS partitions over a network, the file system maintains an 8.3 alias name for every file and folder on the partition. The algorithm for deriving the alias from the long filename is the same as that used by Windows 95's VFAT. Windows NT/2000 also provides its FAT partitions with the same type of long filename support used by VFAT, allocating additional folder entries to store the long filenames as necessary. Creating NTFS DrivesNTFS is designed for use primarily on hard disk drives, and not removable storage. You can't create an NTFS floppy disk, although you can format some removable media (any that use an MBR and partitions), such as Iomega Zip and Jaz cartridges, to use NTFS. Three basic ways to create an NTFS disk partition are as follows :
NTFS ToolsBecause it uses a fundamentally different architecture, virtually none of the troubleshooting techniques outlined for FAT are applicable when dealing with NTFS partitions, nor can the disk utilities intended for use on FAT partitions address them. Windows NT has a rudimentary capability to check a disk for file system errors and bad sectors with its own version of CHKDSK , but apart from that, the operating system contains no other disk repair or defragmentation utilities. Windows 2000 and Windows XP include a command-line and GUI version of CHKDSK and also include a defragmenting tool that is run from the Windows Explorer GUI. Windows XP Professional also includes DiskProbe ( DSKPROBE.exe ), a direct disk sector editor, in its Windows Support Tools (the Windows 2000 Resource Kit also contains DiskProbe). One difference between Windows 2000/XP's CHKDSK and Windows 9x/Me's SCANDISK is that CHKDSK cannot fix file system errors if it is run within the Windows GUI. If you run CHKDSK and select the Automatically Fix File System Errors option, you must schedule CHKDSK to run at the next system startup. You can run CHKDSK without this option to find file system problems; you can also run CHKDSK within the Windows GUI to look for and attempt to fix bad sectors. Tip You can use the FSUTIL command-line program in Windows XP and later to learn more about a particular drive's file system, including whether you need to run CHKDSK or a third-party disk repair tool. For example, to determine whether drive D: is dirty (has file system errors requiring repair), you would open a command prompt and enter this command: FSUTIL DIRTY QUERY D: For more examples of FSUTIL commands and syntax, enter FSUTIL with no options at a command prompt. Note that FSUTIL is not included with Windows 2000 or earlier versions. The NTFS file system, however, does have its own automatic disk repair capabilities. In addition to Windows NT/2000/XP's fault-tolerance features, such as disk mirroring (maintaining the same data on two separate drives) and disk striping with parity (splitting data across several drives with parity information for data reconstruction), the OS has two features to help improve reliability:
NTFS can roll back any transaction (its term for a change to a file stored on an NTFS volume) if it isn't completed properly due to disk errors, running out of memory, or errors such as removing media or disconnecting a device before the transaction process is complete. Each transaction has five steps:
This process is designed to prevent random data (lost clusters) on NTFS drives. With cluster remapping, when Windows (NT/2000/XP) detects a bad sector on an NTFS partition, it automatically remaps the data in that cluster to another cluster. If the drive is part of a fault-tolerant drive array, any lost data is reconstructed from the duplicate data on the other drives. Despite these features, however, there is still a real need for third-party disk repair and defragmentation utilities for Windows NT/2000/XP. These were scarce when Windows NT was first released, but third-party utilities that can repair and defragment NTFS drives are now widely available. One I recommend is Norton Utilities 2004 (also included in Norton SystemWorks 2005) by Symantec, which works with Windows 98, Windows Me, Windows 2000, and Windows XP. Earlier versions work with Windows NT 4.0 and Windows 95. If you are looking for even faster defragmentation, Golden Bow's (www.vopt.com) VoptXP (which also supports Windows 9x, Me, and 2000) is a longtime favorite because of its incredible speed and efficiency. |