An essential guide to NTFS. Understanding the fundamental concepts of the file system, its benefits, and how to navigate through its structure
Book a Demo of SuperOps.aiThe New Technology File System or NT File System (NTFS) is an alternative to the File Allocation Table (FAT) of early Microsoft Operating systems. It provides the ability to name, store and retrieve files and folders from storage devices or disks. Microsoft updated the original DOS and Windows FAT with NTFS in 1993, with the introduction of Windows 3.1 due to limitations in their original solution that needed to be addressed as disk and file sizes increased and server usage continued to grow to enterprise-wide levels.
As disk sizes increased, one of the limitations addressed with NTFS is support for larger drives and file partitions. NTFS supports volumes up to 8 petabytes, broken into manageable clusters. Individual file sizes can grow up to 256 Terabytes.
NTFS offers several features which are beneficial to administrators and end-users:
Security: NTFS offers more flexibility for file security. Encryption is available at the folder and file level rather than the drive level only, and similar file and folder-level security enables granular access management. File system journalizing also provides audit trails for file modification, deletion, or additions.
Improved disk utilization: Automatic file compressions and disk quotas provide the ability to manage disk usage in large enterprises. With automated file compression that’s transparent to users and applications, data can be stored more effectively without any changes at the application level. Disk quotas are also available, enabling administrators to manage drive usage at the user level where needed.
Better reliability: Power outages and system losses no longer impact the file structure, and data are restored more quickly with NTFS. This is done through the use of journaling by NTFS, which means changes to file attributes and data are entered into the journal before saving the file and enables the system to revert to the last working version of a file after a system interruption, reducing file corruption. Additionally, with Volume Shadow Copy, an NTFS feature, online backup tools can access and back up files that are in use, improving backup technology and effectiveness.
The computer’s operating system creates and manages the file system used to manage files on storage devices by organizing them into folders. It must be able to store the initial file, manage access permissions and retrieve it when needed. It controls naming conventions and other information stored with the files, as well as ownership and permissions. NTFS is the type of file system that does this in currently supported Windows operating systems for personal computers, servers, and storage devices connected to Windows environments. The NTFS file system is also now supported for Linux and BSD, an open-source Unix OS. macOS can provide read-only support for NTFS. Once established, the NTFS system will divide drives into clusters. Cluster size affects performance, so establishing cluster size requires balancing the number of disk accesses needed to retrieve a file.
Once the drive is set up during the formatting process, NTFS creates a record for each file created so the file can be easily retrieved across clusters, which may become scattered across a drive during initial storage or subsequent use. The metadata, permissions, activities performed with the file (creation, modification, and deletion), and other information are also stored in NTFS.
To summarize, several activities take place within the operation of NTFS as files are created and used:
A disk is formatted using NTFS
Partitions are created on the disk
As files are created or used, they are divided and stored across partitions and clusters
The OS and NTFS track the file and its attributes during usage
The type of file system used in NTFS is far more advanced than earlier file system types. NTFS offers a complete set of features that administrators can use to operate their environments more effectively.
Attributes | Attribute-tracking and types are expanded in NTFS, providing the ability to track more information about the file beyond the name and date created and edited. Changes to the way file attributes are stored make this possible. |
Access Management | NTFS is a file system type that uses access control lists (ACLs) to enable administrators to effectively manage file and folder permissions, including their access and privileges. Groups may be established, and granular access assigned at either the file or folder level. For example, access privileges can include creating, modifying, reading, and deleting files or folders. By controlling this at the group level, NTFS enables administrators to establish rights at the group level and add or remove individual users to/from these groups, making access management more effective. |
Encryption | NTFS uses the Encrypting File System to provide automated compression at the file or folder level. Files are automatically encrypted when they are saved and decrypted to allow use. This level of encryption increases data security by requiring authorization for data to be visible, even at the drive level. This enables data protection if a drive is physically lost or stolen. One advantage of this level of NTFS encryption is that it is transparent to users and available for use in protecting application data. Once a file or folder is encrypted, it is automatically available to users with authorization to access the file, folder, or via the application |
Fault Tolerance | The design of NTFS provides a tremendous advantage in preventing file and folder corruption. It uses journaling to capture information about the file and then stores it on the disk. This enables files to be restored to their last known working version in case of a crash or power loss. This fault tolerance level is a critical advantage to NTFS, as it helps applications run more effectively. |
File Attributes | File attributes are data about each file and folder within the NTFS. The NTFS file types are far more extensive than earlier file systems, adding to the robust nature of the file system. See NTFS File Types. |
File Compression | NTFS automatically compresses files during storage, uncompressing them for use when accessed. This enables files and folders to occupy less disk space, providing more efficiency than earlier file systems. The advantage of NTFS file compression is that applications accessing compressed data do not have to decompress it, as NTFS performs this. Files up to 4KB can be automatically compressed. |
File Size | NTFS can support huge volumes, as large as 8 petabytes for servers, far larger than earlier file allocation systems. Files are broken down into 4K clusters for improved performance. |
Long File Names | Unlike earlier directory structures that limited file names to 8 characters, NTF file names can be up to 255 characters, allowing natural language file names to be used. This is commonplace today, but NTFS has been available since 1993. |
Performance/Efficiency | The file storage structure across small clusters within larger volumes enables NTFS to operate efficiently, offering fast access to data even within large, compressed files. |
Shadow Backup | Another beneficial feature of NTFS is its ability to back up open files, called Shadow Backup. This means backup software can operate effectively, even if files are left open, and prevents data loss. |
New Technology or NT File System | File Allocation Table |
Stores up to 16 TB | Stores up to 4 TB |
Encrypting File System enables file or folder-level encryption | No encryption |
Fault tolerance due to the use of log files | No fault tolerance |
Automated compression | No compression available |
User quotas can be set | No support for user quotas |
Open file backup | Files must be closed for backup |
Natural language file names due to longer length | Short file names |
File attributes store information about each file and folder within the file system, for example, its name, owner, and timestamp. While other file systems store the file name and date created, NTFS file type attributes offer crucial additional information or metadata, each identified by an attribute type code or name and stored in the Master File Table (MFT) record.
The MFT is a table that stores information about each file on the NTFS volume. The first record within the Master File Table is a table descriptor, followed by a mirror record for fault tolerance.
The table below lists the file attributes (or metadata) defined in NTFS and their purpose, including the attribute code.
Attribute list ($attribute_list) | The attribute list contains placeholder information for all attributes that cannot fit in the Master File Table record. |
Bitmap ($bitmap) | NTFS uses bitmaps to track folder and index information to represent these items and keeps track of cluster usage (used and unused clusters) on the volume. |
File data ($data) | This attribute stores the data about the file itself, including one or more unnamed data attributes, each using a different syntax. |
File name ($file_name) | The file name in NTFS can include a short file name and the long file name used in NTFS up to 255 characters. |
Index allocation ($index_allocation) | Supports folder indexing. This attribute is the directory for the index, storing additional information about the data contained in the index root. |
Index root ($index_root) | Supports folder indexing, storing information about the volume and files. It also indicates whether an attribute is resident (or non-resident) to a cluster. |
Logged utility stream ($logged_utility_stream) | Also called the logged tool stream, EFS uses this to track file operations within the log file. |
Object ID ($object_id) | This is a unique identifier for the NTFS volume used by the NTFS-linked tracking service to help distinguish files from one another. |
Reparse point ($reparse_point) | NTFS uses this for mounting and dismounting drives; this information stores the volume mount points and is used by the Installable File System to mark files as unique to a driver. |
Security descriptor ($security_descriptor) | Maintains Access Control Lists needed to ensure file and folder permissions and privileges. |
Standard information ($standard_information) | It contains file time stamps and quota information for the file. |
Volume information ($volume_information) | Replaces $Volume_version, storing the version and state of the volume. |
Volume name ($volume_name) | The volume name is stored in the $Volume system file and contains the volume label. |
NTSF offers several capabilities for mitigating the risk of unauthorized access to data by preventing unauthorized users from gaining access to information. Encryption eliminates the possibility of accessing data directly from a drive, either physically or as a result of a network breach. In contrast, access controls prevent access to files without authorization.
The additional control offered by the security attributes in the NTFS file type has been a game-changer for creating robust data security programs in organizations. NTFS uses access control lists to grant users read, create, modify, move, and delete privileges based on these ACLs, which grant these privileges at the group or user level. This greater control available with NTFS provides better protection for servers in an Internet or cloud-based environment, improved control through access points, and better control over the traffic within an internal network. It also provides more granular control of user permissions.
There are several different types of access control lists:
Role-based access is granted based on job functions. Using NTFS ACLs with Identity Access Management systems integrated with HR management applications can ensure that only the right people have access to data by fully automating user group maintenance.
Attribute-based control uses policies that combine corporate attributes like business units, positions, and other information to grant or remove access from individuals. This can be combined with rule-based control, based on rules or policies set by administrators.
Discretionary access control allows users to grant access to others when they create data. For example, this is frequently used within file folder structures or social media platforms.
NTFS features are well-known and utilized, but there are several disadvantages to NTFS that should be considered:
Compatibility: While NTFS is a tremendous tool for compatible operating systems, one of its most significant drawbacks is its limited OS compatibility. Developed by Microsoft, the Windows environment was its primary target for use, but compatibility has expanded to other operating systems like Linux. Notably missing is macOS which only supports read-only use for NTFS volumes. NTFS has limited device support; it is incompatible with many smartphones (mainly the Android OS), DVD players, SmartTVs, and cameras.
Disk Overhead: While NTFS uses disk space effectively with compression, the system utilizes more disk space to store indexes and attributes. It is estimated that 4 MB per 100 MB partition is granted to NTFS for operations.
Naming Limitations: It may seem like 255 characters provide tremendous leeway when naming files, but several special characters are not recognized, and NTFS does not distinguish between capital and lowercase letters.
Network Performance: While NTFS can manage user and application quotas, it is limited in its ability to protect bandwidth utilization.
When choosing a file system, administrators can weigh the benefits of NTFS file types against these drawbacks. The biggest drawback is likely to be OS compatibility, but where compatibility is not an issue, NTFS offers strong capabilities.
Since the transition to NTFS, issues managing disk use and size limitations have been removed. Common problems addressed by NTFS include:
Inability to perform complete backups due to open files, leading to file corruption or data loss.
Limitations on database size due to file size limitations. Applications can run more effectively without these limitations.
User limitations on email box size due to file size limitations.
Inability to manage drive use by end users. With quotas, storage can be limited, or organizations can charge back the cost of higher disk use.
Naming files is more straightforward, with longer file names and more instinctive, enabling users to manage files more easily.
Improved security using ACLs and better file resiliency provide more confidence in data integrity.
Try the next-gen RMM software for modern MSPs
All tools. One place. Make RMM a breeze with SuperOps.ai