Last week's discussion of mounted volumes and junction points resulted in quite a bit of email from readers interested in this Windows 2000 capability. One email I received was from Mark Russinovich, author of the Internals column in Windows 2000 Magazine. He pointed out that my description of junction points was technically inaccurate. I quote:
"What you talk about are actually 'mount points'. A junction is a directory symbolic link where c:\link can redirect to d:\target, for example. A mount point lets you redirect a directory to the root of an entire volume, so that c:\volume can redirect to volume d: (or a volume that has no drive letter assigned to it). Both junctions and mount points are based on a NTFS v5 feature called reparse points."
In my defense, the definition I provided in last week's column was based on the definition of junction points found in the Win2K help files. Mark's definition is the correct one, however. A free utility called Junction is available that lets you manually create junction points. You can find it here along with the source code. Lots of other useful utilities are there as well.
If you're looking for more information about Win2K NTFS file system features, Windows 2000 Magazine subscribers can find it in two articles that Mark wrote, which you can find here.
If you'd like information about reparse points, you'll find a brief tutorial on Microsoft's Web site.
This week's tip:
If you've been using Win2K's Encrypting File System (EFS) capabilities to secure data on your system, you need to backup the EFS private key. If you lose that key, you can't retrieve the data that has been encrypted on a standalone system. (In a Win2K domain, the Domain Administrator can designate EFS recovery agent accounts that recover the data even if you've lost the private key.) To backup the private key, perform the following steps:
- Log on as Local Administrator.
- Using the Run command, enter "secpol.msc," which launches the local security Microsoft Management Console (MMC) snap-in.
- Expand Public Key Policies and select Encrypted Data Recovery Agents.
- Right-click the certificate, and select All Tasks, Export. This step launches the Certificate Export Wizard.
- Follow the steps the wizard provides.
This method gives you a copy of the key that you can save in a secure location to allow access to the EFS encrypted files on that nondomain account machine.