Link types
NTFS features three link types:
- Hard links
- Symbolic links
- Junctions (aka soft link)
It might be argued that .lnk
and .url
files are also a kind of links.
Hard link
The same file is referenced by more than one path.
Hard links are only possible within the same drive.
After modifying a hard linked file, its size information and attribute information is only updated for for the path that was used to modify the file.
Symbolic links
A symbolic link (aka symlink) is essentially a pointer to a file or a directory
Administrator rights are required to create a symbolic link unless Windows is put into
developer mode.
Junctions
Junctions are similar to hard links, but operate on directories. Unlike hard links, Junctions can cross volume boundaries (but not to remote shares).
Encrypting File System (EFS)
Encryption can be enabled by users on a per-file, per-directory, or per-drive basis.
Some EFS settings can also be mandated via Group Policy in Windows domain environments
Directories that are enabled for encryption have an according encryption attribute set.
Files might be decrypted without the user realising this in situations like
- When copying files to other files systems (such as FAT32)
- Whe sending files using the SMB/CIFS protocol
File Encryption Key
EFS uses a symmetric key (aka the File Encryption Key (FEK)) to encrypt data.
The FEK itself is encrypted with the user's public key and stored in the encrypted file's alternative data stream $EFS
.