Tuesday, January 25, 2011

NTFS "Secrets"?

A few weeks ago I was reading through the Wikipedia entry on NTFS, and noticed that it was possible to use Symbolic Links amongst a number of other features that aren't readily apparent in Windows Explorer.

What other useful features exist that may not be documented on Wikipedia, and how does one get access to these features? Is there a 3rd party program, registry settings, hidden configuration windows, cli, etc. used to manipulate/create/use these features?

Update: Turning this into a community wiki.

From serverfault Jordan S. Jones

  • Microsoft distributes at least two Sysinternals tools for this.

    1. Junction lets you manipulate junction points (symbolic links).
    2. Streams will show you alternate data streams. That page also shows you the :stream syntax to manipulate them from command-line.
    Oskar Duveborn : linkd can be used for junction points and is distributed with the windows 2000 resource kit... not that it's much use if you can download junction though, just thought it was an interesting side-note :)
    From Stephen Jennings

  • Alternate Data Streams - you can use the LADS tool to enumerate them.

    You can create them for example by doing:

    notepad test.txt:adsname1
    notepad test.txt:adsname2
    notepad test.txt

    All 3 will be shown in explorer as 1 file but they are all different streams attached to that same filename.

    From Brian R. Bondy

  • Sorry this doesn't address the question, but the fact that Microsoft make this feature obscure decreases my comfort in using it, as opposed to using ln in *nix, which is a well-known, well-supported program.

    From Andrew H

  • NTFS supports file names that the Win32 API doesn't. For example the POSIX subsystem allows the following names (from the Windows Internals book):

    "TrailingDots..." 
"SameNameDifferentCase"
"samenamedifferentcase"
"TrailingSpaces    "

    Apparently you can still see them all by using 'dir /x'

    Its also possible to create files with really long file paths (up to 32,000 characters). You can still see them in explorer but you can't delete them easily.

    From Luke Quinane

  • Windows Internals has a chapter on NTFS and what it does and doesn't support.

    From dmoisan

  • NTFS supports “symbolic links”:

    • for directories (MS term: “junctions”) in all versions of NTFS
    • for files (using CreateSymbolicLink since Vista and Server 2008)

    It also supports hard links for files, through the CreateHardLink function since Windows 2000.

    Check this page: Hard Links and Junctions.

    I've used CreateHardLink in Python scripts (through Python's ctypes module). I've even have a “deduper” script that finds duplicate files and, under some conditions, replaces them with hard links, that frees a lot of space in a typical Windows installation.

    From ΤΖΩΤΖΙΟΥ

  • The Windows fsutil command exposes most of NTFS's obscure features, if I'm not mistaken. Start -> Run -> cmd.exe -> fsutil /? for more info.

    From ultrasawblade
Posted by Ku XI at 1:24 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)