Just curious ...

General discussion related to "Everything".
Post Reply
NotNull
Posts: 1595
Joined: Wed May 24, 2017 9:22 pm

Just curious ...

Post by NotNull » Thu Aug 01, 2019 7:05 pm

Question for @void:

If Everything Service as well as Run as administrator is enabled, how does the Everything client access the MAster File Table and the USN journal?

void
Site Admin
Posts: 4994
Joined: Fri Oct 16, 2009 11:31 pm

Re: Just curious ...

Post by void » Sun Aug 04, 2019 5:26 am

Everything will attempt to access the NTFS Master File Table (MFT) as an administrator/standard user first.
If that fails, it will fall back to the Everything Service (if running).

Note: Everything can acquire low level read access to NTFS volumes as a standard user only if they are not marked as a system volume.

You can have Everything running as an administrator and the Everything service installed at the same time. However, only one of these options is required to index system NTFS volumes.

NotNull
Posts: 1595
Joined: Wed May 24, 2017 9:22 pm

Re: Just curious ...

Post by NotNull » Sun Aug 04, 2019 9:07 am

void wrote:
Sun Aug 04, 2019 5:26 am
Note: Everything can acquire low level read access to NTFS volumes as a standard user only if they are not marked as a system volume.
Didn't know that. Thank you!

NotNull
Posts: 1595
Joined: Wed May 24, 2017 9:22 pm

Re: Just curious ...

Post by NotNull » Sun Nov 10, 2019 10:29 pm

void wrote:
Sun Aug 04, 2019 5:26 am
Note: Everything can acquire low level read access to NTFS volumes as a standard user only if they are not marked as a system volume.
What do you consider a system volume? The volume where Windows is installed (the boot volume)?

Microsoft:
The system volume refers to the disk volume that contains the hardware-specific files that are needed to start Windows, such as Ntldr, Boot.ini, and Ntdetect.com.
WMIC Output:

Code: Select all

T:\>wmic volume get BootVolume, DriveLetter, FileSystem, SystemVolume
BootVolume  DriveLetter  FileSystem  SystemVolume
FALSE                    NTFS        TRUE
FALSE       Q:           NTFS        FALSE
TRUE        C:           NTFS        FALSE
FALSE                    NTFS        FALSE

void
Site Admin
Posts: 4994
Joined: Fri Oct 16, 2009 11:31 pm

Re: Just curious ...

Post by void » Sun Nov 10, 2019 10:34 pm

The volume where Windows is installed.
The volume where a page file is stored.

NotNull
Posts: 1595
Joined: Wed May 24, 2017 9:22 pm

Re: Just curious ...

Post by NotNull » Sun Nov 10, 2019 10:37 pm

Got it. Thanks!

Post Reply