Wednesday, June 10, 2009

NTFS A Journaling File System

If NTFS is a journaling file system (if you don't know what it is, I suggest you read it up first before continuing) then why do we have to perform such an extensive chkdsk (checkdisk or scandisk) every time the system does not shutdown cleanly (due to a power or system failure)?

A journaling file system should always have their file system in a consistent state. For example, the MFT (Master File Table) should never indicate a cluster as being occupied while it in fact isn't. But so often when we don't cleanly shut Windows (2k or XP for that matter) down, the checkdisk that runs when Windows boots up again will find the exact inconsistency as described above.

Q: So is NTFS a journaling file system?
A: Yes.

Q: Then why is NTFS inconsistent?
A: NTFS is ONLY inconsistent (or unsafe) when an unclean shutdown occurs if you are running Windows 2K or XP. Microsoft for some reason (most likely performance related) chose not to enable the journaling function for non-server version of Windows. Windows Vista, however, enables it by default (I'm assuming Windows 7 does as well).

Q: Should I enable NTFS journals then?
A: It's up to you really, but personally I have a higher preference for the safety of my data, and I can't tell the speed difference between having it enabled / disabled on my hard drives, so it's a definite Yes for me.

Q: How do I enable NTFS journals?
A: Go to command prompt and run the following command for each NTFS partition:
fsutil usn createjournal m=1000 a=100 C:

Q: How do I check if my NTFS partition has journals enabled?
A: Run the following command:
fsutil usn queryjournal C:

Q: Does that mean I don't have to run chkdsk any more?
A: Not really. Just that you don't have to do it every time you fail to shutdown your computer properly. You should still do it occasionally (like defrag).

Q: How do I disable chkdsk on start-up?
A: http://www.raymond.cc/blog/archives/2008/02/23/disable-or-stop-auto-chkdsk-during-windows-startup/
Posted by Zach Saw at 6:24 PM

1 comment:

Anonymous said...

Hi Zach,

you mixed up two things here: the USN journal and the NTFS log file.

The thing that's responsible for keeping the file-system intact across crashes, power-losses etc. is the NTFS log file. The NTFS log file is always present and cannot be disabled. The only thing you can do is change it's size, e.g. using chkdsk /L (within limits, IIRC the maximum size is 64MB).

The thing that isn't enabled on 2000/XP per default is the USN journal file. The USN journal records what files/directories were changed and in what way (but only the type of the modification, e.g. a record can contain a flag for "data written" but not the actual data itself). The USN journal is used by all kinds of applications that need to be able to determine what files have changed since the last time they ran, e.g. backup applications, Windows own indexing services etc.
The USN journal does however not give you any benefits in the area of data-safety/crash-resilience.

February 2, 2013 at 3:45 AM

Post a Comment

Subscribe to: Post Comments (Atom)