[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NT doesn't have the same NTFS support either -- WAS: There's aVirus on the list...

To: silug-discuss@silug.org
Subject: NT doesn't have the same NTFS support either -- WAS: There's aVirus on the list...
From: "Bryan J. Smith" <b.j.smith@ieee.org>
Date: Tue, 01 Jun 2004 22:03:04 -0400
Organization: personal
Organization: Southern Illinois Linux Users Group
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org

Steven Pritchard wrote:  
> For that matter, I wonder if it include NTFS support...

Just FYI, because I see this all the time.  Linux people should
understand something, it's not just a Linux issue.

Under Windows NT, 2000, XP or 2003, Microsoft does _not_ recommend you
_write_ to a NTFS filesystem with any other system than the one that
created it -- especially the boot/system volumes.  Why?

The NTFS filesystem has SIDs embedded in it.  These SIDs are tied to the
registry -- specifically the System Accounts Manager.  As such, you
should _never_ write to a NTFS volume _unless_ the SAM of the running
NT/2000/XP/2003 system has _all_ SIDs in it.

Microsoft gets around this in two ways.

1.  Domains (Network-wide SAM)

NT 4.0 and even ActiveDirectory makes the SAM "network-wide" (yes, AD
still use a very "legacy" style SAM).  These SIDs are in a central
databases.  Therefore, as long as you can guarantee that all the files
and meta-data have DOMAIN SIDs, and _no_ files/meta-data have "local
SIDs," then you're okay.

2.  LDM Disk Label (NT 5.x, 2000/XP/2003, only)

Unfortunately, because there _always_ seems to be at least a file or two
that has a "local SID" -- or people simply use local hard drives that
aren't shared on the network, then this is not an option.  That's why
for Windows 2000 onward (NT 5.0+), Microsoft came up with the Logical
Disk Manager (LDM) disk label aka the "dynamic disk."

LDM offers lots of features.  One is storing "local SID" outside the SAM
of the system registry, in a hidden area of the LDM disk label.  That
way another NT 5.x+ system can understand those "local SIDs" and safely
write to a NTFS filsystem it didn't create.

It also makes it more "abstract," putting that info in the disk label,
instead of forcing another NT version (or Linux-NTFS for that matter ;-)
to mount the system NTFS volume just to read the registry and read those
local SIDs.  Besides, you don't want another system to read the _whole_
registry (and SAM), you just want it to learn and know how to accomodate
the "local SID" references in the filesystem.


-- 
Bryan J. Smith, E.I. -- b.j.smith@ieee.org



-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Prev by Date: Re: Mandrake 10.0 hardware problems.
Next by Date: Inkscape SVG Editor
Prev by thread: Inkscape SVG Editor
Next by thread: There's a Virus on the list...
Index(es):
- Date
- Thread