Troubleshooting Windows NT File Systems

[August 1998]
Troubleshooting Windows NT File Systems
By: John Savill
Feature
InstantDoc #3675
From the August 1998 edition of Windows IT Pro

How do I view a user's file permissions from the command line?

The Microsoft Windows NT Server 4.0 Resource Kit perms.exe utility shows permissions on files and directories. Go to the command line and type

perms <domain>\<user> <file>

Table 1 shows file and directory permissions.

Add /s to show details of subfiles and subdirectories. To output the permissions to a file, add > filename.txt, using the name of the file you want to direct the output to. The perms.exe utility has a bug that keeps it from recognizing permissions given via a global group.

You can use NT's cacls.exe command to change a user's permissions from the command line. To give a user named John read access to a directory called files, go to the command line and type

cacls files /e /p john:r

The /e setting edits the access control list (ACL) instead of replacing it, so other file and directory permissions do not change. The /p setting sets the user's permissions. For more information about this command, go to the command line and type

cacls /?

Can I delete files beginning with $ at the root of my NTFS drive?

You cannot delete files beginning with $ because you cannot remove the hidden flags. Moreover, you do not want to delete the files because they hold your NTFS volume information. Table 2 lists NTFS files. If you want to view the files, go to the command line and type

dir /ah $mft

What cluster size do FAT and NTFS partitions use?

Table 3 lists the default cluster size for FAT partitions. In Inside the Windows NT File System, Microsoft does not recommend FAT volumes larger than 511MB because the cluster increases to more than 16KB and wastes space.

Table 4 lists the default cluster size for NTFS partitions. NTFS balances the tradeoff of disk defragmentation from small clusters and wasted space from large clusters.

When you format a drive, you can use the /a:size switch to change the cluster size. Go to the command line and type

format d: /a:1024 /fs:ntfs

What can I do if Windows NT becomes unresponsive during an NTFS disk operation (e.g., dir)?

When you perform a large NTFS disk operation such as dir/s *.* or ntbackup :\*.*, NT might become unresponsive. NT updates NTFS files with a last access stamp, and viewing thousands of files fills the NTFS log. NT locks up as it waits to flush the NTFS log file to the hard disk.

You can prevent NTFS from updating the last access stamp. Start regedit.exe, and go to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem key. Select New, DWORD Value from the Edit menu, enter the name NtfsDisableLastAccessUpdate, and click OK. Double-click the new value, change the value to 1, and click OK. Close the Registry editor, and reboot.

What are alternate data streams?

You can use alternate data streams to hide data from Explorer and the dir command in NTFS files. You must know the file's stream name to view the data. A stream is an entry point into a file. You can create multiple streams to an NTFS file in the form filename:stream name.

Start a console window (cmd.exe). At the prompt, type

notepad normal.txt

Enter some text, and save the file on an NTFS partition. Edit the file again, with a different stream (e.g., notepad normal.txt:hidden.txt). The system then prompts you to create a new file. Enter some text, and save the file. When you run the dir command, you see only the file normal.txt, with its original size.

Each file can have multiple streams. When you copy a file, the streams remain. Thus, if you copy the file normal.txt to the file john.txt, you get the hidden stream (i.e., john.txt:hidden). You cannot use streams from the command prompt because the command prompt does not recognize colons in filenames (except in drive letters).

Microsoft does not provide a method to detect or delete hidden streams. To detect streams, use March Information Systems' utility (http://streams.march.co.uk), or Frank Heyne's List Alternate Data Streams (LADS) command line tool (http://rcswww.urz.tu-dresden.de/~fh/nt/ntfs-ads). To delete a stream, copy the file to a FAT partition and then back to the NTFS partition. Type

- ren <file> temp.temp
- cat temp.temp > <file>
- del temp.temp

End of Article

Prev. page 1 2 [3] next page -->

You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

There are times when you DO want NT to create the 8.3 names. For example, the Microsoft Data Engine install package is unbelievably written to require the 8.3 naming convention and will not install on an NTFS partition w/o that enabled!

mikelmoore- January 29, 2001

ADS BY GOOGLE

SQL JOB OPENINGSSPONSORED LINKS

Free SQL Server Performance Dashboard: Fast, easy real-time performance monitoring.

FEATURED LINKS

Coming in December –SQL Live Event Series: Join independent experts to discover about if or when you should make the critical upgrade decision about SQL Server 2008

	SQL Server Magazine Register Subscribe FAQ for Windows WinInfoNews
	Contact Us / Customer Service Editorial Calendar Media Kit Affiliates / Licensing Technology Resource Directory
	Windows IT Pro Office & SharePoint Pro Windows Dev Pro IT Library Connected Home Windows Excavator SuperSite IT Job Hound ITTV

	Copyright © 2008 Penton Media, Inc. All rights reserved. Terms and Use Privacy Statement Reprints and Licensing

SQL Server Magazine

Search

Reader Comments

Related Events

Related Resources

SQL JOB OPENINGSSPONSORED LINKS

Free SQL Server Performance Dashboard

FEATURED LINKS

Coming in December –SQL Live Event Series