NTFS Flashcards
NTFS (New Technology File System) is a file system used by the Windows operating system to manage and organize files on storage devices.
Describe the history of NTFS
When was it developed?
What did in-use file systems lack?
release date for
1.0
1.1
1.2
3.0
New Technology File System, was developed beginning in the late 1980s and early 1990s. The Microsoft file systems in use, at that time, HPFS for OS/2 and FAT12/16, lacked networking capabilities.Version
1.0, was released in 1993 and was utilized by NT 3.1.
Version 1.1 was released in 1994 with the advent of NT 3.5.
Version 1.2 was an update that was available for NT 3.51 and NT 4.0 mid-1995 and mid-1996.
Windows 2000 and above are utilizing either version 3.0 or 3.1 in Windows XP and with small changes in Windows Vista and Windows 7 as their core file systems.
What are some features of NTFS?
alternate data streams, quotas, sparse files, re-parse points, volume mount points, directory junctions, hard links, hierarchical storage management, file encryption and compression, and high performance.
In NTFS (New Technology File System), a sparse file is a type of file that efficiently represents a large amount of data with mostly empty or sparse regions. Sparse files are used to optimize disk space usage and minimize the storage required for files that contain a lot of empty or zero-filled areas.
What is little endian?
Microprocessors are discerned by the position where they store the byte of lowest value within a data type. Intel places the byte of lowest value at the first position. Data types consisting of more than one byte (e.g. 32 bit integer) will be stored starting with the lowest value byte (“little end”) and ending with the byte of highest value.
Describe MBR partitioning?
The partition information is stored in the Master Boot Record (MBR). It stores the boot information at sector 0 and can hold up to four primary partitions, smaller or equal to 2 TB each under Windows. It contains the MBR Disk Signature, the master boot code and the partition table. The MBR Disk Signature is located in the MBR and it is a 4-byte value. It is written in the MBR at decimal offset 440
Where does the Windows registry store the MBR signature?
HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices
What does the mounted devices registry key store about the MBR signature?
It associates disk partitions and drive letters. This 4-byte value is written to the disk. If the disk does not have a MBR Disk Signature, windows will create one for it.We can see the value D7 E3 94 6D, however, there are 8 bytes of information that immediately follow it. Those bytes are the byte offset of the location of the beginning of the partition. To ascertain the sector address convert the 8 bytes to little endian, then a decimal value and divide by the sector size in bytes.
What is the other partitioning scheme apart from MBR?
GUID partition table (GPT) disks are similar to MBR disks, except they use primary and backup partition structures to provide redundancy. These structures are located at the beginning and the end of the disk.
Describe the GPT structure.
GPT identifies structures by their logical block address (LBA) rather than by their relative sectors. The GUID partition table (GPT) disk partitioning style supports volumes up to 18 Exabyte’s in size and up to 128 partitions per disk, compared to the master boot record (MBR) disk partitioning style, which supports volumes up to 2 terabytes in size and up to 4 primary partitions per disk (or three primary partitions, one extended partition, and unlimited logical drives).
What is the boot sector?
Bootable partition that stores information about the layout of the volume and the file system structures, as well as the boot code that loads Ntdlr.
NTLDR (short for NT Loader) is a component of the Windows NT operating system family, including Windows NT, Windows 2000, Windows XP, and Windows Server 2003. It is responsible for loading the operating system kernel and essential system files during the boot process.
What is the Master Boot Record?
Contains executable code that the system BIOS loads into memory. The code scans the MBR to find the partition table to determine which partition is the active, or bootable, partition.
What is a cluster?
A cluster (or allocation unit) is the smallest amount of disk space that can be allocated to hold a file. NTFS organizes hard disks based on cluster size, which is determined by the number of sectors (units of storage on a hard disk) that the cluster contains. For example, on a disk that uses 512-byte sectors, a 512-byte cluster contains one sector, whereas a 4-kilobyte (KB) cluster contains eight sectors.
How are clusters organised within a NTFS volume?
Clusters on an NTFS volume are numbered sequentially from the beginning of the partition into logical cluster numbers. On NTFS volumes, clusters start at sector zero; therefore, every cluster is aligned on the cluster boundary. Contiguous clusters for file storage allow for faster processing of a file.
What are the limitations of cluster sizes?
NTFS uses different cluster sizes depending on the size of the volume therefore, each file system has a maximum number of clusters it can support. The smaller the cluster size, the more efficiently a disk potentially stores information because unused space within a cluster cannot be used by other files. And the more clusters a file system supports, the larger the volumes you can create and format by using a particular file system.
What are the NTFS file limits?
Maximum file size Architecturally: 16 exabytes minus 1 KB (2^64 bytes minus 1 KB)
Implementation: 16 terabytes minus 64 KB (2^44 bytes minus 64 KB)
Files per volume 4,294,967,295 (2^32 minus 1 file)
What is NTFS?
Primary file system for Windows.
What are the features of NTFS?
Security descriptors encryption disk quotas rich metadata.
What is the use of Cluster Shared Volumes (CSV)? (NTFS can be used with it)
Provide continuously available volumes that can be accessed simultaneously from multiple nodes of a failover cluster.
What is the newer file system than NTFS?
Resilient File System (ReFS).
How does NTFS restore consistency after a system failure?
Uses log file and checkpoint information.
What happens after a bad-sector error?
NTFS dynamically remaps the cluster.
What is self-healing NTFS?
Continuously monitors and corrects transient corruption issues.
Transient corruption issues refer to temporary or intermittent errors or corruptions that occur in computer systems or data. These corruptions are typically short-lived and not persistent, meaning they do not permanently alter or damage the data or system.
When was self-healing NTFS introduced?
Windows Server 2008.
What is the Chkdsk utility?
Scans and analyzes the drive for larger corruption issues while the volume is online
Where can you use the Chkdsk utility ?
Windows Server 2012 and later.
What is the downtime required for Chkdsk utility when using NTFS with Cluster Shared Volumes?
When you use NTFS with Cluster Shared Volumes no downtime is required.
What is the benefit of using NTFS with Cluster Shared Volumes?
No downtime required.
Access Control List (ACL)-based security for files and folders: NTFS lets you
set permissions on a file or folder specify the groups and users whose access you want to restrict or allow and select access type.
What is the purpose of BitLocker Drive Encryption in NTFS? Module?
Protect data from unauthorized access. BitLocker provides support for device encryption on x86 and x64-based computers with a Trusted Platform Module (TPM) that supports connected stand-by (previously available only on Windows RT devices). Device encryption helps protect data on Windows-based computers
What is the purpose of disk quotas in NTFS?
Track and control the amount of disk space used by users.
What is the purpose of rich metadata in NTFS?
Store additional information about files and folders enhances the capabilities and functionality of the file system by enabling the storage of extended properties and descriptive data beyond the basic file attributes.
What is the feature of NTFS that marks the original cluster as bad?
Dynamic bad sector remapping.
What is the feature of NTFS that recovers data by replaying log files?
Restoring consistency after a server crash.
What is ACL-based security?
Setting permissions on files and folders.
What is BitLocker Drive Encryption?
Provides more security for critical system information and other data stored on NTFS volumes.
What is device encryption?
Helps protect data on Windows-based computers.
What is the maximum volume size supported by NTFS?
NTFS can support volumes as large as 8 petabytes on Windows Server 2019 and newer and Windows 10 version 1709 and newer (older versions support up to 256 TB)
What is the default cluster size for NTFS?
4 KB.
What is the largest volume and file size supported by NTFS with a cluster size of 4 KB?
16 TB.
What is the largest volume and file size supported by NTFS with a cluster size of 8 KB?
32 TB.
What is the largest volume and file size supported by NTFS with a cluster size of 16 KB?
64 TB.
What is the largest volume and file size supported by NTFS with a cluster size of 32 KB?
128 TB.
What is the largest volume and file size supported by NTFS with a cluster size of 64 KB?
256 TB.
What is the largest volume and file size supported by NTFS with a cluster size of 128 KB?
512 TB.
What is the largest volume and file size supported by NTFS with a cluster size of 256 KB?
1 PB.
What is the largest volume and file size supported by NTFS with a cluster size of 512 KB?
2 PB.
What is the largest volume and file size supported by NTFS with a cluster size of 1024 KB?
4 PB.
What is the largest volume and file size supported by NTFS with a cluster size of 2048 KB?
8 PB. (MAX)
What is the largest volume and file size supported by NTFS with a cluster size of X KB?
4X PB
What happens if you try to mount a volume with a cluster size larger than the supported maximum of the Windows version you’re using?
You get the error STATUS_UNRECOGNIZED_VOLUME.
What is the volume size limit when using Previous Versions feature or backup app that makes use of Volume Shadow Copy Service (VSS) snapshots (and you’re not using a SAN or RAID enclosure)
64 TB
What is the recommended allocation unit size for formatting volumes with large files or with Data Deduplication?
such as VDHX files larger than 1 TB
AllocationUnitSize 64 KB use the Format-Volume cmdlet in Windows PowerShell
What parameter enables support for large file record segments?
UseLargeFRS
What is the limit for extents allowed per file on a volume with large FRS records?
(from 1.5 m to ) about 6 million extents
FRS stands for File Record Segment, which is a data structure used in the NTFS file system to represent and store information about files and directories. Each file or directory in an NTFS volume has a corresponding FRS record.
What cmdlet PowerShell command is used to format a volume with large FRS enabled and 64 KB allocation unit size?
format /L /A:64k
What is the maximum file name length supported by NTFS?
255 characters. This limit includes the entire file path including the file name itself and the directory path leading to the file.
What is the maximum path length supported by NTFS?
32 767 characters
What is the default allocation unit size for formatting volumes in Windows?
4 KB
What is the maximum number of files that can be stored in a folder in NTFS?
4 294 967 295 (2^32)-1
What is the maximum size of a file that can be copied to a FAT32 file system?
4 GB
What is the maximum size of a file that can be copied to an exFAT file system?
16 exabytes
What is the maximum volume size supported by FAT32?
2 TB
What is the maximum file size supported by exFAT?
16 exabytes (EB)
What is the purpose of storing an 8.3 alias on disk?
To provide compatibility with file systems that impose an 8.3 limit on file names and extensions.
Can you selectively disable 8.3 aliasing on individual NTFS volumes?
Yes in Windows Server 2008 R2 Windows 8 and more recent versions of the Windows operating system.
Are short names disabled by default when a volume is formatted using the operating system?
Yes in Windows Server 2008 R2 and later systems.
Are short names still enabled on the system volume?
Yes for application compatibility.
What is the maximum length of an extended-length path?
Approximately 32 767 characters. (2^15)-1
What is the MAX_PATH setting?
The 260-character path limit defined by Windows.
What protection offers Clustered storage in NTFS?
When used in failover clusters NTFS supports continuously available volumes that can be accessed by multiple cluster nodes simultaneously when used with the Cluster Shared Volumes (CSV) file system.
What is the purpose of disk quotas?
To track and control disk space usage on NTFS volumes for individual users.
What is the purpose of file system compression?
To maximize the amount of data that can be stored.
How can you increase the size of an NTFS volume?
By adding unallocated space from the same disk or from a different disk.
Can you mount a volume at any empty folder on a local NTFS volume?
Yes if you run out of drive letters or need to create extra space that is accessible from an existing folder.
After a server crash
NTFS can recover data by replaying its log files.
Drive letters are
alphabetic assignments given to storage devices such as hard drives solid-state drives (SSDs) optical drives and removable storage media in a Windows operating system. Each drive is identified by a unique letter which allows users to access and manage the storage devices easily.
