Just curious ...

General discussion related to "Everything".
Post Reply
NotNull
Posts: 5517
Joined: Wed May 24, 2017 9:22 pm

Just curious ...

Post by NotNull »

Question for @void:

If Everything Service as well as Run as administrator is enabled, how does the Everything client access the MAster File Table and the USN journal?
void
Developer
Posts: 17157
Joined: Fri Oct 16, 2009 11:31 pm

Re: Just curious ...

Post by void »

Everything will attempt to access the NTFS Master File Table (MFT) as an administrator/standard user first.
If that fails, it will fall back to the Everything Service (if running).

Note: Everything can acquire low level read access to NTFS volumes as a standard user only if they are not marked as a system volume.

You can have Everything running as an administrator and the Everything service installed at the same time. However, only one of these options is required to index system NTFS volumes.
NotNull
Posts: 5517
Joined: Wed May 24, 2017 9:22 pm

Re: Just curious ...

Post by NotNull »

void wrote: Sun Aug 04, 2019 5:26 am Note: Everything can acquire low level read access to NTFS volumes as a standard user only if they are not marked as a system volume.
Didn't know that. Thank you!
NotNull
Posts: 5517
Joined: Wed May 24, 2017 9:22 pm

Re: Just curious ...

Post by NotNull »

void wrote: Sun Aug 04, 2019 5:26 am Note: Everything can acquire low level read access to NTFS volumes as a standard user only if they are not marked as a system volume.
What do you consider a system volume? The volume where Windows is installed (the boot volume)?

Microsoft:
The system volume refers to the disk volume that contains the hardware-specific files that are needed to start Windows, such as Ntldr, Boot.ini, and Ntdetect.com.
WMIC Output:

Code: Select all

T:\>wmic volume get BootVolume, DriveLetter, FileSystem, SystemVolume
BootVolume  DriveLetter  FileSystem  SystemVolume
FALSE                    NTFS        TRUE
FALSE       Q:           NTFS        FALSE
TRUE        C:           NTFS        FALSE
FALSE                    NTFS        FALSE
void
Developer
Posts: 17157
Joined: Fri Oct 16, 2009 11:31 pm

Re: Just curious ...

Post by void »

The volume where Windows is installed.
The volume where a page file is stored.
NotNull
Posts: 5517
Joined: Wed May 24, 2017 9:22 pm

Re: Just curious ...

Post by NotNull »

Got it. Thanks!
Post Reply