Intoduction
NTFS is Microsoft’s file system for Windows server and desktop operating systems. This short Windows NTFS tutorial provides information and links breaking down how it works, with details on NTFS vs FAT32, NTFS recovery techniques and management best practices. You’ll also find resources dealing with NTFS compression, permissions and optimization.
NTFS explanations
Windows NTFS, or NT File System, is the standard fyle system of the microsoft operationg systems. Before the Windows NT the fyle system where the Microsoft operating system was installed was FAT (File Alocation Table).
FAT was designed to act as a map for all files stored on a hard disk. FAT went though several incarnations before the creation of the NTFS, from FAT 16 to FA32. Because FAT32 was limited to volumes of 32 GB`s many users these days take the advantage of NTFS for file system management.
NTFS has many advantages over the FAT32 like:
- Access control list (ACL) that increased the folder security and alow administrators to controll who to have access on specific file or folder.
- Informations about a files`s cluster and other data data stored with each cluste, not just a governing table.
- Data security on removable and fixed disks.
In simple terms the difference between FAT and NTFS is that while FAT file system has had a number of modifications made alow it to work with larger hard drives, NTFS file system was originally developed to support large hard disks from the beginning.. Also in adition to the use of large hard drives , NTFS offers more secure directories and files against unauthorized users, has better data protection and doesn`t succumb to errors of fragmentation as easily FAT32.
Another benefit of NTFS over FAT32 involves NTFS permissions. Administrator can user NTFS utility to track permissions and provide ownership of files and folders. This benefit led to NTFS file and folder permissions to quickly become the most common form of authorization since windows 2000.
Of course, NTFS permissions were not without some issues. For example, what if NTFS permissions were set to control user access to files, but administrators could still potentially grant themselves permissions to certain restricted documents? The classic “Who will watch the watcher” scenario is naturally all about trust, but was sometimes proacively dealt with for NTFS through auditing tools designed to inform you whenever a change was made.
Data Recovery in NTFS
As one would expect, recovery for NTFS works quite differently than FAT32 recovery. For starters, the NTFS file system is designed to perform file recovery on its own, without the need for third-party data recovery utilities or administrative actions. This is made possibe by two technologies: cluster remapping and transaction logging.
Cluster remapping is a technique that prevents data loss by automatically moving data from clusters containing bad sectors on the hard disk to good clusters. The transaction loggingfeature of the NTFS file system is designed to prevent data corruption. Although the mechanics behind transaction logging in NTFS are complicated, the basic idea is that when a write operation occurs, the Windows NTFS file system records the operation to a log file. Once the write operation is logged, NTFS updates the volume cache and then makes a log entry indicating that the transaction is complete. For more information on how cluster remapping and transaction logging work, check out this article on NTFS data recovery.
There are also some free NTFS recovery tools out there. One such tool is FreeUndelete 2.0, which is designed specifically for the recovery of files deleted from NTFS volumes. For example, say you accidentally deleted a file on an external NTFS-formatted hard drive, and you needed to get it back right away. FreeUndelete is a great free tool for fast NTFS data recovery in instances just like that.
What about NTFS recovery of encrypted files? The trick here is that you must have an authorized private key and a file encryption key that was encrypted using the corresponding public key. Without these keys, there is no way to recover NTFS encrypted files. For a detailed rundown of the process, check out this article on recovery of encrypted files on an NTFS partition.
While the NTFS file system was designed to be much less prone to corruption than FAT32, acorrupt boot sector can somtimes occur, requiring the recovery of NTFS data. The boot sector is critical to Windows NTFS, so if it’s corrupt, the entire volume may be inaccessible. To repair a corrupt boot sector in NTFS, all you need to do is locate the backup copy, then use the information it contains to overwrite the primary boot sector. You can then begin the NTFS data recovery process.
Best practices
There are several expert-recommended best practices to be aware of when working with Windows NTFS. One such suggestion involves NTFS cluster sizes. Since larger cluster sizes speed up disk access, it might be tempting to ramp up the cluster size as far as possible (up to 256K) on a big partition with big files. This isn’t always the smartest thing to do, however, as many third-party utilities aren’t designed to recognize NTFS clusters larger than 4K. Many defragmentation programs, for instance, cannot work correctly when confronted with a non-standard cluster size. Therefore, If you plan on using third-party disk tools, creating RAID arrays or mirrored disks, experts advise that you don’t edit the NTFS cluster size by hand.
There are many different ways to optimize NTFS performance. These techniques include having you or an administrator format NTFS legacy filenames or resize the master file table. For the latter, this involves making sure that there is enough space reserved for the master file table at all times. This is important becuase the NTFS master file table is essentially a directory of all of the files and folders found on the hard disk volume (similar to FAT), so it is critical to the volume’s performance that the master file table remains as unfragmented as possible.
Other Window NTFS optimization techniques include disabling the last access date security feature, minimizing the impact of antivirus utilities, and keeping NTFS compression to a minimum. The latter is especially important, because Windows NTFS compression doesn’t compress files by clusters. Instead, it uses compression units of 16 clusters and calculates file space on the basis of the number of compression units needed. This wastes an average of eight clusters of additional space for each file. In a typical user’s account with hundreds or thousands of files, that space adds up, and when it is charged against users’ quotas, they run out of quota space even though the file size on their screen shows that they still have plenty of space left in their quotas.
It’s also recommended that administrators beware of ACLs on NTFS volumes from old Windows installations. This is because NTFS Access Control Lists (ACLs) and Security Descriptors describe who can access what NTFS objects, and to what degree. If a given user or group has access to an object, the ACL for that object will contain a reference to that user or group not by their name, but by their GUID. This means that if you have an object somewhere on an NTFS partition that belongs to a user on a specific machine, those permissions are unique. You can’t create a user with the same name on another machine and expect to have unrestricted access to that object; you have to take ownership of the object first. By following these steps, you can reverse Windows NTFS object ownership from administrators to object’s creator.
Finally, administators should also take action against NTFS disks that fill up too quickly. This can be the result of compromised systems and corrupted disks, as well as other factors, such as master file table expansion and invalid file names.