Blog: NTFS

I came across a problem in one of our automated Robocopy command scripts when copying files from NTFS to EMC Celerra file system.  The problem was that every time Robocopy was told to copy files to the EMC Celerra over the VPN, the files were always detected as “newer” on from the originating source.  This caused Robocopy to copy every single file from our network to the remote network each and every time. 

I came across a command line switch for Robocopy: /FFT : Assume FAT File Times (2-second date/time granularity).  So what this does is force Robocopy to use FAT style time stamps which are 2-second granularity.  It allows enough flexibility to account for the way the time is recorded when doing a file copy from NTFS to another file system. This is needed when going between and NTFS and Linux/Unix/FAT or emulated file system.


 

I needed to turn on NTFS file system auditing for two specific application EXE files on 30+ servers.  I didn’t want to have to touch each server individually, so I decided to look into applying the audit settings centrally using group policy.  Using the Security Templates snap-in for MMC on one of the systems I wanted to set up auditing for, I was able to configure a custom file system security policy.

 Security Templates Snap-in:

Within the Security Templates MMC: [more]

  1. Define a new, empty security template
  2. Expand the new Template
  3. Right click on the File System section
  4. Select "Ad File..."
  5. Browse to the file you want to ad a group policy enforced ACL to
  6. Configure your desired access controls/audit settings
  7. Set appropriate inheritance options
  8. Once the policy settings you want are complete, right click the security template name
  9. Select "Save As..."
  10. Save the INF file somewhere
  11. Delete the security template

In my case, I only wanted to apply the audit policy portion of the ACL (not the file system permissions), so I opened the INF file and removed the permission settings that started with “D:PAR” and just left the “S:AR” settings.

Then, using the Group Policy Management console, I was able to create a new group policy object and import my file system auditing settings from the INF.  I then applied the group policy to the proper OUs and waited for the new settings to get applied.  Everything worked like a charm.  The completed policy looks like this (in the Group Policy Management HTM view):


 

NTFS Undelete is a free software utility that recovers deleted files that are no longer in the recycle bin.  Of course, you're hoping something hasn't overwritten any of the deleted file.  An ISO image is also provided if you want to run NTFSUndelete from a CD rather than installing the program after deleting a file.  (The ISO image is not bootable, just used to run NTFSUndelete from the CD.) [more]

http://ntfsundelete.com

The user interface is easy to understand and there are some helpful advanced search options (date, size filters as well as file names, etc.)