Microsoft Windows XP Networking Inside Out
.pdf
13 Chapter
Part 4: Network Resources
Selecting an NTFS Cluster Size
By default, NTFS will automatically select an appropriate cluster size for a partition when it is formatted. However, you can override this default setting. When would you want to do so?
As discussed in “Understanding Cluster Size and File Systems,” page 375, it’s important to balance efficient disk space usage with performance and with the total number of files that can be stored on a volume. Limits to the total number of clusters are unlikely to be a problem with NTFS volumes because an NTFS disk using 4 KB clusters can be as large as 16 TB (that’s 16,384 GB). Disks with larger cluster sizes can be much larger—up to 256 TB.
In terms of performance, Microsoft recommends NTFS cluster sizes of 4 KB, 16 KB, or 32 KB. The smaller cluster size provides the best performance when your files tend to be small and do not change size (editing a document file or adding data to a database file causes the file to grow). When your files tend to be large or increase in size over time, the larger cluster sizes provide better performance, even though they’ll waste more disk space.
Before you decide to use a cluster size larger than 4 KB, keep in mind that file compression is only available on volumes formatted with 4 KB or smaller clusters. If you plan to use NTFS compression, 4 KB will have to be your upper limit.
Keep in mind that there are many parts to a file system, and the preceding list of features provides a general blueprint for the NTFS design objectives. Both Windows XP Professional and Windows XP Home Edition support NTFS, and both operating systems provide you with their best security and management features when the NTFS file system is used. This chapter explores NTFS and details how you can best use NTFS on Windows XP alone and in networking scenarios.
newfeature!
New NTFS Features in Windows XP
Since its inception, NTFS has undergone numerous revisions. The individual components have been retooled, and new functionality has been added. The changes that occurred to the design and implementation of NTFS typically coincide with the release of new operating system versions, such as the release of Windows 2000 after Windows NT 4.0. This is also true for the release of Windows XP. Windows XP includes enhancements to both the performance and management features of NTFS. NTFS also includes
378
4: Network Resources
Chapter 13: Selecting a File System
several new features designed to make installing Windows XP and converting hard disks from FAT to NTFS less time-consuming and more reliable.
Designers have taken advantage of the physical architecture of hard disks to improve the performance of NTFS. In particular, the fact that data access is faster if data is stored at certain locations on the disk is leveraged to reduce the time it takes to locate files on an NTFS partition. The overall performance gain is approximately 5–8 percent.
There are several features relating to the conversion of FAT volumes to NTFS volumes. Most of these features are intended to allow partitions that have been converted from FAT to NTFS to have the same level of functionality as a partition that was natively formatted using NTFS. One such feature is the Format command in Windows XP, which aligns FAT data clusters at the cluster size boundary. The improved alignment makes the conversion of FAT volumes to NTFS more efficient because the Convert command can now use a variable cluster size as one of its parameters. Cluster sizes for converted volumes are now supported to a maximum of 4 KB, whereas Windows 2000 only used 512-byte clusters. Another feature added to improve the functionality of converted drives is the application of default permissions in the form of access control lists (ACLs) applied to the converted volumes. Previously, ACLs were present by default only on drives natively formatted with NTFS.
File system security in NTFS, as implemented using ACLs, is covered in detail in “Configuring NTFS Permissions,” page 433.
The FAT-to-NTFS conversion process in Windows XP also uses another new feature to prevent the fragmentation of the Master File Table (MFT). By preventing the fragmentation of the MFT during the disk’s conversion to NTFS, it becomes more likely that the MFT will occupy a contiguous space after converting a disk, allowing it to be accessed more rapidly. Fragmentation is prevented in a rather creative way— the MFT is temporarily stored in a placeholder file during conversion. When the conversion is complete, the contents of the file can be written to the contiguous disk space.
Preventing file fragmentation is a recurring theme in the implementation of NTFS in Windows XP. There are now two ways to initiate a defragmenting process on a Windows XP computer. The first method is to use Disk Defragmenter, a Microsoft
Management Console (MMC) snap-in accessed by choosing Start, All Programs, Accessories, System Tools, Disk Defragmenter. Using Disk Defragmenter, you can analyze and (if needed) defragment drives. The new alternate method involves using the command-line tool Defrag.exe.
Chapter 13
379
4: Network Resources
13 Chapter
Part 4: Network Resources
Exploring NTFS Features in Windows XP
NTFS supports more features than any other Windows file system (and in fact offers more features than most other operating systems in existence). These features provide a wide range of user services that enable secure, fast, and flexible disk management. The following topics describe the key features of the NTFS file system. Most of these features have corresponding MMC consoles that allow you to activate and configure them.
You can learn how to configure many of these features by reading “Configuring NTFS Features,” page 389. For more information, check out Microsoft Windows XP Inside Out, by Ed Bott and Carl Siechert (Microsoft Press, 2001).
Dynamic Disks
Traditionally, a hard disk is set up as a basic disk, a physical disk that has one or more basic volumes such as partitions and logical drives. Each of these volumes can be formatted with a file system and used to store data. Basic disks work well if there is no need to alter the storage configuration after the initial disk configuration. But in many cases, it is beneficial to have dynamically reconfigurable storage. To fulfill this need, Microsoft introduced dynamic disks with Windows 2000. Dynamic disks contain one or more dynamic volumes, which offer features that are not available with basic disks:
●Administrators can increase the size of a dynamic volume by extending the volume into unallocated or noncontiguous space available on the same physical disk; however, neither system nor boot volumes can be extended.
●Dynamic volumes can be extended across separate physical disks if they are also set up as dynamic disks. The same restrictions about system and boot volumes still apply, however.
●Each dynamic disk maintains a database that stores information about all of the attached dynamic disks and dynamic volumes. Because this database centrally stores the resource information, you have great flexibility in how you manage the volumes and even move disks between computers, and the redundant copies of the dynamic disk database ease recovery of data from corrupt volumes.
You can manage dynamic disks in Windows XP from the Computer Management console, which is available in Administrative Tools in Control Panel. Or, you can simply right-click My Computer and choose Manage. In the Computer Management console, select Disk Management to manage local hard disks, as shown in Figure 13-1.
380
4: Network Resources
Chapter 13: Selecting a File System
Chapter 13
Figure 13-1. The Disk Management snap-in is available from within the Computer Management console.
Using MMC Snap-ins in Windows XP
MMC has been around since the early days of Microsoft Internet Information Services (IIS) in Windows NT. However, in Windows 2000, MMC and its component applications, known as snap-ins, took a front seat in the operating system as a way to organize the various networking tools. This same approach is true in Windows XP. Common tools are all MMC snap-ins, which means they all function within MMC. Using this approach, all of the tools in Windows XP have the same basic appearance. The Computer Management console is a collection of snap-ins used to enable centralized administration of many network functions. It includes such snap-ins as Event Viewer, Device Manager, Disk Defragmenter, Disk Management, and so forth.
However, you are not limited to the default consoles in Windows XP. You can easily create your own consoles that contain the mix of snap-ins that you use most often. To create your custom MMC, just follow these steps:
1Choose Start, Run. Type mmc and press Enter.
2An empty MMC appears. Choose File, Add/Remove Snap-In.
3In the Add/Remove Snap-In dialog box, click the Add button. A list of available snap-ins appears, as shown on the next page.
4Select the snap-in that you want to add to the console, and click the Add button. You might see a dialog box asking you which computer you want the snap-in to manage. If so, select Local Computer (or This Computer) and click Finish. This dialog box only appears with certain snap-ins.
(continued)
381
4: Network Resources
Part 4: Network Resources
Inside Out (continued)
13 Chapter
5Repeat step 4 to add additional snap-ins. When you are done, click Close.
6The snap-ins that you selected for this console now appear in the Add/ Remove Snap-In dialog box, shown here. Click OK.
7The snap-ins appear in the console and are ready for your use. If you plan to reuse this console, choose File, Save As and give the console a name. By default, the console is saved in your Administrative Tools folder. To open it again, type mmc at a command prompt, and then choose File, Open in the console window to select and open it.
382
4: Network Resources
Chapter 13: Selecting a File System
tip Although MMC is beyond the scope of this book, it is a powerful feature that lets you create custom consoles as well as custom views and processes. You can learn more about using MMC in Microsoft Help And Support Center (choose Start, Help And Support).
Change Journal
Another important feature of the NTFS file system is the NTFS change journal. The change journal is used to keep track of all changes made to files on an NTFS volume. For example, the journal tracks information about added, deleted, and modified files for each NTFS volume. Each of these actions triggers an update of the change journal. Because the change journal can become very large, it can be configured with a maximum allowable size. Much like other log files, when the change journal exceeds its maximum allowable size, the oldest records in the journal are removed to restore the log file to its maximum size, making room for new entries to be added.
In addition to providing robustness in the case of system failure, as discussed earlier, maintaining a change journal also allows applications that would otherwise need to scan the entire disk to detect file changes to simply check the journal for changes. This ability to reduce the overhead for applications that must track file changes (such as virus scanners, disk defragmenters, and Indexing Service) allows NTFS to perform efficiently, even on disks with large numbers of files.
NTFS Compression
With advances in disk storage technology and the dramatically lowered cost of data storage, file compression is not the burning issue it once was. But the overall amount of storage needed for computing continues to increase, even with the technological advances in storage technology. In the earlier days of computing with small and expensive hard disks using the FAT file system, compression was a hot feature and often a problematic one as well. With the FAT file system, most compression schemes resulted in a severe performance hit to any application needing to access files on a compressed volume. When compression didn’t make the data inaccessible or even corrupt, it did ensure molasses-speed performance, particularly if the user compressed directories accessed by frequently used applications. NTFS builds file compression into the file system rather than requiring additional programs to be installed on top of it. Because all applications will access the compressed data through NTFS, the applications don’t need to have any awareness of or support for disk compression.
In addition, add-on compression utilities required compressing entire volumes. Some of the compressed files, such as large files that could be compressed a great deal and
Chapter 13
383
4: Network Resources
13 Chapter
Part 4: Network Resources
were infrequently accessed, improved the computing experience. But along with those files, other compressed files included binary and operating system files that compressed very little and had to be frequently (even constantly) accessed and decompressed, slowing the computing experience. By building file compression into the file system, the user can choose to compress files on a per-folder or per-file basis.
Another noteworthy performance improvement over earlier forms of compression is that a file in active use only needs the part of the file being accessed to be decompressed. The decompressed portion remains uncompressed in memory so that subse-
quent access to it does not suffer a performance penalty. The file is recompressed only when the data is written back to disk. A handy though not performance enhancing feature allows the user to display the names of compressed files and folders in a different color to distinguish them from regular files. This clearly indicates which files are compressed without the user having to examine the properties of the file or folder.
Of course, as everyone knows, even the best laid plans are prone to failure every now and then. So what happens if a user compresses a volume that results in the inability of Windows XP to restart normally? With Windows XP, the user can use the Compact.exe command-line tool to either uncompress the files or force the compression to finish if it was interrupted and left the computer in an unstable state. This tool can also be used to enable disk compression via a batch file. Although it’s usually much simpler to compress files using the Windows XP graphical interface, command-line tools are worth their weight in gold when you need them.
note Enabling compression on a server that is accessed regularly is not a good idea. Every file read and written to the compressed folder or volume will have to be decompressed and recompressed, and (if there are lots of users) this can consume a considerable amount of CPU cycles and memory. If a server is being used to archive files, compression is often appropriate. Another good candidate for compression is the end-user workstation. With NTFS file compression, you can choose to compress folders containing infrequently accessed and highly compressible content, and still leave frequently accessed application and system folders uncompressed.
File Encryption
In its latest version, NTFS also makes use of robust encryption technology. The Encrypting File System (EFS) uses a public-private key pair and a per-file encryption key to protect resources on an NTFS volume. The use of encryption ensures that only the proper individuals and recovery systems can access the protected data.
When an authorized user accesses an encrypted file, the system decrypts the file. The user can then work with the file. When the user saves the modified file back to the hard disk, the system encrypts the file again. This whole process is entirely transparent to a user
384
4: Network Resources
Chapter 13: Selecting a File System
who has the proper credentials to access the file. Any unauthorized user attempting to access the file will receive an “Access Denied” error message; however, unlike with NTFS file permissions, where simply being granted permission to the file will allow a user to open it, encrypted files are completely inaccessible to even users with sufficient file system rights. This allows extremely confidential data to be secured against access by individuals who have file system permissions (such as administrators) but who should not be granted the ability to view that data. Encryption also prevents individuals who manage to bypass NTFS security altogether from viewing the confidential data.
Keep in mind, however, that EFS is not available with Windows XP Home Edition.
note You cannot simultaneously encrypt and compress a folder or a volume. Folders and volumes in Windows XP Professional can be compressed or encrypted, but not both.
File and Folder Access Control List
NTFS offers the capability to configure security settings on files and folders. The security settings are stored in what is known as the access control list (ACL). Every file on an NTFS volume has an ACL component. The ACL is not supported by any of the FAT file systems, and if any file with an ACL is relocated to a FAT volume, the ACL will be dropped. Most of the ACL security features are not routinely available in Windows XP Home Edition.
For a full description of security in Windows XP including ACLs and file sharing security, see Chapter 14, “Understanding Resource Sharing and NTFS Security.”
Indexing Service
Simply put, Indexing Service creates and maintains an index of your files and filerelated information, and enables you to search the index to quickly locate and retrieve the data you need. In the same way a book has an index revealing the location of various components, Indexing Service has information about the contents and location of certain types of files stored on your computer. The information collected by Indexing Service is used by the Windows XP Search feature, a Web browser, or a direct query of Indexing Service to locate files matching the description you provide. The individual indexes Indexing Service creates can be used in a variety of ways. For example, a Web site can be indexed (enable Indexing Service in IIS), allowing Web site clients to use the generated index to search the Web site. Indexing Service indexes a wide variety of file attributes. You can query Indexing Service based on any of these tracked parameters, such as finding all files created after a certain date that contain the text Microsoft Windows XP. Indexing Service also enables broad searches, such as finding all of the
Chapter 13
385
4: Network Resources
13 Chapter
Part 4: Network Resources
Microsoft Word documents on a hard disk. Although Indexing Service supports FAT file system disks, NTFS is its file system of choice because Indexing Service was specifically designed to offer robust interoperability with NTFS. The result is that Indexing Service takes advantage of the many file system features of NTFS to yield maximum performance.
One of the most critical advantages of using Indexing Service with NTFS volumes is its awareness of the security settings of files. The Indexing Service catalog tracks file-level permissions settings along with the other file information in its catalog. The net result is that if a user does not have access to a file, that file will not appear when the user searches for the file. In addition to respecting the file permissions, Indexing Service takes special care when dealing with encrypted files. Indexing Service does not index information about encrypted files because the information itself would not be encrypted. In fact, if Indexing Service discovers that one of the files included in its index has become an encrypted file, Indexing Service will flush the file from its catalog.
Sparse File Management
Another feature of NTFS available in Windows XP and Windows 2000 is sparse files. Sparse files save disk space in large files that include sizable segments of null data (data composed of binary zeros). This handling method uses rather creative logic to avoid storing large quantities of null data. Basically, the null data ranges of the file are represented in nonallocated space on the disk. When the contents of the file are recalled, the data sections are pulled from allocated (normal) disk locations, and the null portions are returned from the nonallocated areas as zeros. In fact, the application programming interface (API) for the sparse file attribute does not require an application to manually recover the null data—it is simply reconstructed automatically. Indexing Service is an example of an application that uses sparse files. The use of sparse files allows Indexing Service to use roughly half the storage space on an NTFS disk as it requires on a FAT disk.
Disk Quotas
Disk quotas allow you to restrict the amount of disk space a user’s files can occupy on a particular NTFS volume. This is particularly useful if disk space is in short supply. A variety of quota options exist and range from notifying you as an administrator that a user’s quota is about to be exceeded to denying a user the ability to save a file once the quota has been reached.
A quota can only be configured on an NTFS volume. The quota is set administratively and tracks the files owned by each user with a quota attached to each account. The user’s security identifier (SID) is used to uniquely identify the files that the user owns. Because the files are tracked by user and the quota is set per volume, the quota is bound by a folder. The quota tracks all of the files stored by a user across the entire volume.
386
4: Network Resources
Chapter 13: Selecting a File System
However, disk quotas do not prevent an administrator from allocating more disk space to users than is actually available. For example, on a 20 GB volume used by 25 users where the quota is set at 1 GB each, the users can still completely fill the volume. It’s up to the administrator to keep track of a volume’s total free space and allocate it accordingly.
tip Disk quotas can only be set up on a per-volume basis; you can’t configure Windows XP to restrict the amount of space users can use via network file shares or in individual folders.
Volume Mount Points
Mounted drives or volume mount points are volumes that are attached as a folder to another existing volume instead of having a drive letter. Among other benefits, this allows a computer to utilize more than 26 drive letters. Because one volume can accommodate multiple mounted drives, extra capacity can be added to network access points without having to change the physical traits of the host volume. Additionally, it allows you to mount other disk volumes at directories within an already existing volume, allowing users to transparently gain additional storage without the restrictions of trying to extend dynamic volumes.
Distributed Link Tracking
Distributed link tracking ensures that shell shortcuts and OLE document links continue to work in the event that a file is moved or renamed. Every shortcut to a file that is created on an NTFS volume has a unique object identifier implanted into the target file. Information about the object ID is also stored within the referring file, which is known as the link client. Distributed link tracking uses this object ID to locate the link source in the event that the source file is renamed or moved to a new location on the same computer, or if the source file is moved from one shared network folder to another in the same domain. The object ID can also locate files when the host computer is renamed or in the event that the hosting volume is moved from one computer to another within the same domain.
Multiple Data Streams
A data stream is a sequence of bytes. Applications store data in files composed of at least one main data stream by writing data to the stream in an orderly sequence that can later be accessed by the application to read data back from the data stream. Every file system supports files that have a main, unnamed data stream. However, NTFS supports the use of additional named data streams where each data stream uses an alternate sequence of bytes. This allows applications to create multiple streams. The
Chapter 13
387
4: Network Resources