NTFS

Why Microsoft moved to New

Technology File System?
Microsoft needed more supported file system to their operating
system in 1993 Windows NT. After this operating system they
wanted to make high capacity operating systems with large HDD to
done anything that customer needed in these days. So they wanted
to make new generation file system to achieve this purpose. Then
they moved to NTFS file system which is a great file system still
using.
Since Windows NT was targeting businesses and corporations, the
reliability of the data stored on the system became more of a
priority that speed as in the case of home computer users. In a
corporate environment, if a system fails and data is lost, speed
becomes irrelevant. To support recoverability, the new file system,
NTFS, provided file system recovery based upon a transactionprocessing model as well as an improved write-caching feature.

NTFS boot sector

When you format an NTFS volume, the format program allocates

the first 16 sectors for the $Boot metadata file. First sector, in fact,
is a boot sector with a "bootstrap" code and the following 15
sectors are the boot sector's IPL (initial program loader). To
increase file system reliability the very last sector an NTFS
partition contains a spare copy of the boot sector.

There are two different structures.

BIOS parameter block
Volume boot code

NTFS Master File Table (MFT)

Authentication
Is the person who she says she is?
If so, access is allowed
In Windows, authentication is
handled by a password-protected
user account.

Authorization
What an authenticated user can, and
can not, do on a system.
Authorization for Windows files and
folders is controlled by the NTFS file
system
NTFS assigns permissions to users,
groups or both

Principle of least privilege

Give a user only as much
permissions as are required for the
tasks they do and no more.
To much invites trouble

Local User Account

Each Windows computer keeps an
encrypted list of user names and
passwords
You dont get to use a computer unless
you know a valid user name and
password (even if it is blank)
User also belongs to a group
To create/manage users and groups you
need administrator privileges

Passwords
Ultimate key to protecting your computer
For a hacker, this is half the battle
Protect passwords; make them complex; no PostIt notes on the monitor
Make passwords strong: at least eight characters
including letters, numbers and punctuation
symbols
You should change passwords at regular intervals
Password reset disk had to be a floppy little
value; now can be USB stick in Windows 7; cant
use it if you are on a domain

Groups
Groups are collection(s) of accounts
with similar needs/permissions
Add a person/account to a group rather
than set permissions for the single
account
XP groups: Administrators, Power Users,
Users, Everyone and Guest
Home editions: Administrators, Users
and Guest

Managing Users in XP
User Accounts applet in Control Panel
Limited Users see only their account
in User Accounts; Admins see all
accounts

Vista Users
Three accounts when you set up
Vista: guest, administrator and a
local account thats a member of
Administrator group
User Accounts and Family Safety in
Home
User Accounts applet in Business,
Ultimate

Add a User - Vista

Open the User Accounts applet
Click Manage Another Account and
select Create a New Account
Click Create Account
At least one account must be
Administrator

Parental Controls
Administrator account can monitor
and limit the activities of any
standard user
Can be used for employees also
Web sites, applications, files
downloaded, amount of time logged
on, access to types of games and
specific applications

Users in 7
User Accounts Control Panel applet
Open User Accounts and select
Manage Another Account; Create a
New Account
Almost the same as Vista

Local Users and Groups

Control Panel | Administrative Tools |
Computer Management
Right-click Computer and select
Manage | Users and Groups
Can add Users, Groups or Computers
Can add group membership of a
users properties or add a user to a
groups properties

Authorization Through NTFS

After creating account, need to specify
permissions for files, folders applications,
etc.)
File or folder Properties window then Security
tab
Permissions can be assigned to both user
and groups; best practice: groups
Whoever creates file/folder has complete
control over it (ownership)
Administrators do not automatically have
control over every file and folder

Ownership
If you created it, you own it and have
full control over it
Can remove Administrator access

Take Ownership Permission

With this, you can take ownership of
any file or folder and then set
permissions as you want
Administrator accounts have Take
Ownership for all files and folders
Leaves a trail behind Administrator

Change Permission
Able to take away or give permission
to file or folder
Different from file permission

Folder Permissions
Full Control: do anything you want
Modify: Anything except delete, change
permissions and take ownership
Read and Execute: Allows you to see the
contents of folder and any subfolders
List Folder Contents: See contents of folder
and any subfolders
Read: enables you to view a folders
contents and open any file in the folder
Write: Write to files (and delete) and create
new files/folders

File Permissions
Full Control: do anything you want
Modify: Anything except Take
Ownership or Change Permissions
Read and Execute: Open folders and
run application(s)
Read: Open folders and files; not
applications
Write: Open and write to file

The Rule
Permissions are cumulative. The
highest permission is the rule. Except
Deny.
Full Control on folder means full
control on files in folder

Permission Propagation
Inheritance: Folder gets permissions
of parent folder; turned on by default
Deny trumps anything

Copy/Move
Copy within partition. Original retains
original; copy inherits new permissions
Moving within partition. Retains permissions
unchanged
Copying across partitions. Original retains
original; copy inherits new permissions
Move across partitions. Inherits permissions
from new location
Copying to FAT partition. New copy has no
permissions
Moving to FAT partition. No permissions
(FAT partitions are on flash drives)

Techs and Permissions

Major pain; have to have
Administrative permissions to do
most work
Try to get new admin account for
duration of work
Make sure admin deletes account
when you are done

Secure Sharing - XP
Each user has set of folders: My Documents
and folders within (My Pictures, etc.)
Shared Documents: folder all users can
access
Simple file sharing is enabled
XP Pro allows full NTFS permissions
Can make My Documents private to block
access; administrator can take ownership
Any folder in Shared Docs is also shared

Simple File Sharing

One option: put it in Shared
Documents
Over a network have to give
everyone full access
Pro allows turning off SFS: folder |
Tools | Folder Options |View tab. Last
option is SFS

Encryption
This is for the really paranoid
Home editions dont do it
XP uses Encrypting File System to
encrypt files
Vista/7 add encryption system that
can encrypt entire hard drive
Tied to password and system ID so if
you loose password, file(s) are gone

Advantages of NTFS file

system

Faster access speed This file system minimizes the number of accesses
required to find a file.

File and folder security In this NTFS you are allowed to use the files and
folders that you specify, or permissions and access levels you can gain access
to. Users in a shared folder on the computer and files stored in files, the NTFS
file and folder permissions on the files to a network for users to access and
apply. In addition, when you use the NTFS file and folder with a combination of
shared folder permissions manipulated.

Boot sector can be backed up

Disk quotas can be set

Can format volumes up to 2TB

NTFS file system is used also in Mac OS x and Linux operating systems.

Disadvantages of NTFS file

system
This file system is not applicable for
MS DOS, Windows 95, and Windows
98.
It is slow when using small disks.