Use RAM for NTFS security permission changes

  • Thread starter Thread starter John Peterson
  • Start date Start date
J

John Peterson

I want to suggest that you alter the way NTFS permission settings are applied
in Windows XP, Vista and 7 with the goal of minimizing the number of HDD
queries that are made when changing security settings for many files at a
time (for example for large directory or a drive with many files).

I think that you should be able to read the entire file table with security
settings for the directory (and subdirectories) in question in a few hard
drive queries and then makes the changes in RAM and then write it back in a
few hard drive queries. If there is at least 50 MB RAM avaliable the security
settings for at least one million files should fit in RAM. This method may be
up to a thousand times faster than the current method when changing
permissions for several hundred thousand files or more at a time.

From what I can see in File Monitor and Process Monitor it seems like
changing a security setting for one files require around five hard drive
queries per file with the current method, and therefore a total of five
million HDD queries for the entire task. It therefore takes between 15
minutes and 30 minutes to change the permissions for a million files. If RAM
was utilized the same task could possibly be done in a few seconds.

(It doesn't seem to make a difference a difference if most files and
directories inherit all permissions. Windows still feels it wants to make
queries for all files. If only non-inherited files and directories were
queried that could possibly reduce the number of HDD queries with 75% or more
for a normal directory. But if the security settings where in RAM that would
not make much of a difference since it would be up to thousand times faster
to alter the table than when the HDD is queried several times per file.)


Thanks for making a great OS

Best Regards
John Peterson

----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://www.microsoft.com/communitie...5a&dg=microsoft.public.windows.vista.security
 
So what happens, in your happy scenario, if:

1. A file changes, is deleted, or moved during the process?
2. A stack overflow allows a hacker to access or expose memory contents?
3. Power fails on the workstation during the process?

Frankly I expect that any such process that touches several hundred thousand
files will take a while and have no interest in shortcuts to try to speed it
up at the risk of failure.
 
Back
Top