Menu
From articles I have found online there appears to be two forms of unique identifiers for files on NTFS:
Using Windows API GetFileInformationByHandle(), we can get access to the struct BY_HANDLE_FILE_INFORMATION, which contains a volume serial number and a low/high file index. http://msdn.microsoft.com/en-us/library/aa363788(VS.85).aspx
$Object_ID - The article http://blogs.technet.com/b/askcore/archive/2010/08/25/ntfs-file-attributes.aspx states:
$OBJECT_ID – This is an attribute that holds an ID. This ID is used by the Distributed Link Tracking Service. An example of how it is used would be found in shortcuts. Make a shortcut on your desktop that points to a file. Then move that file. The shortcut will still function because it is using a way to tack the source file other than just the path and file name.
Not all files will have an $OBJECT_ID attribute. In fact, it isn’t until an actual ID is to be assigned that the attribute is added to the file.
I am trying to understand when the Object ID is set. Here are a few questions:
When does the Object ID get assigned? It would appear based on the above article that in one scenario this occurs when a shortcut to a file is created.
Does the Object ID get assigned automatically when a file references another file, e.g. a Word document, which embeds a Visio diagram?
Do Object IDs only get assigned when Distributed Link Tracking is enabled/running or do they exist regardless of Distributed Link Tracking?
If I wanted to track a unique identifier for a file, would there be any advantage for me to use the Object ID (64 bytes) over the combined volume serial number and file index (low/high), which are 12 bytes combined.
Thanks, Elan
565
A Unique Identifier (UID) uniquely identifies a resource. This means that the identifier may change for the particular embodiment of the resource and each copy of the resource has its own ID. It consequently means that the UID are URL's.
File ID is a unique file identifier used on windows to identify a unique file on a Volume. File Id works similar in spirit to a inode number found in *nix Distributions.
It All Depends On What You're Trying To Do. :)
The file index number, like the documentation says, is really only a good identifier for the file in NTFS (as opposed to FAT), but even then it can change if the file is deleted and recreated (think backup/restore), though you might actually consider that a bonus if you were looking to distinguish those.
It's probably best not to worry about the link tracking service with regard to object IDs, and instead think of them as something you can create/set/read, though again only in NTFS.
Object IDs have some overhead, whereas file IDs do not. For most applications, I would probably end up picking file reference numbers (even though they are potentially fragile).
198
Figured I would put this here for others like me researching FRN and OBJECTIDs. These IDs might be stable for directories (other than file restore) on a single file system, but both the FRN and the ObjectID will change as soon as you save and close a file with many different applications.
For example, if you open a Word file with FRN#: 1000 and you have assigned OBJECTID: 8675309, when you make a change, save, and close it. The FRN# will be a new number and there will be no ObjectID.
In the following I did a simple open, make a change to text in a paragraph, save and close of a word file. There are more than 52 events, in my program, I have filtered out all the ~WRL*tmp files, etc that are involved. But even on the same file system with the same files, FRN is not a constant thing. I do not have ObjectID showing at the moment but trust me when you assign one, open this file and save it, it is essentially a new file.
Sample USN Journal output with the first number is the file reference number, the second is the Parent File Reference# (the FRN for the directory which is steady)
viewchanges
562949953421470 | 2251799813685402 | FILE | 7/10/2014 8:12:13 PM | \MyDemo\WordFileDemo.docx
OBJECT ID CHANGE
----------------------------------------------------------------------------------------------------
562949953421470 | 2251799813685402 | FILE | 7/10/2014 8:12:13 PM | \MyDemo\WordFileDemo.docx
OBJECT ID CHANGE
CLOSE
----------------------------------------------------------------------------------------------------
562949953421470 | 2251799813685402 | FILE | 7/10/2014 8:12:19 PM | \MyDemo\WordFileDemo.docx
RENAME OLD NAME
----------------------------------------------------------------------------------------------------
1125899906842780 | 2251799813685402 | FILE | 7/10/2014 8:12:19 PM | \MyDemo\WordFileDemo.docx
SECURITY CHANGE
RENAME NEW NAME
BASIC INFO CHANGE
OBJECT ID CHANGE
----------------------------------------------------------------------------------------------------
1125899906842780 | 2251799813685402 | FILE | 7/10/2014 8:12:19 PM | \MyDemo\WordFileDemo.docx
SECURITY CHANGE
RENAME NEW NAME
BASIC INFO CHANGE
OBJECT ID CHANGE
CLOSE
----------------------------------------------------------------------------------------------------
1125899906842780 | 2251799813685402 | FILE | 7/10/2014 8:12:19 PM | \MyDemo\WordFileDemo.docx
SECURITY CHANGE
----------------------------------------------------------------------------------------------------
1125899906842780 | 2251799813685402 | FILE | 7/10/2014 8:12:19 PM | \MyDemo\WordFileDemo.docx
SECURITY CHANGE
CLOSE
----------------------------------------------------------------------------------------------------
1125899906842780 | 2251799813685402 | FILE | 7/10/2014 8:12:19 PM | \MyDemo\WordFileDemo.docx
OBJECT ID CHANGE
----------------------------------------------------------------------------------------------------
1125899906842780 | 2251799813685402 | FILE | 7/10/2014 8:12:19 PM | \MyDemo\WordFileDemo.docx
OBJECT ID CHANGE
CLOSE
----------------------------------------------------------------------------------------------------
1125899906842780 | 2251799813685402 | FILE | 7/10/2014 8:12:19 PM | \MyDemo\WordFileDemo.docx
RENAME OLD NAME
----------------------------------------------------------------------------------------------------
1125899906842781 | 2251799813685402 | FILE | 7/10/2014 8:12:19 PM | \MyDemo\WordFileDemo.docx
SECURITY CHANGE
RENAME NEW NAME
BASIC INFO CHANGE
OBJECT ID CHANGE
----------------------------------------------------------------------------------------------------
1125899906842781 | 2251799813685402 | FILE | 7/10/2014 8:12:19 PM | \MyDemo\WordFileDemo.docx
SECURITY CHANGE
RENAME NEW NAME
BASIC INFO CHANGE
OBJECT ID CHANGE
CLOSE
----------------------------------------------------------------------------------------------------
1125899906842781 | 2251799813685402 | FILE | 7/10/2014 8:12:19 PM | \MyDemo\WordFileDemo.docx
SECURITY CHANGE
----------------------------------------------------------------------------------------------------
1125899906842781 | 2251799813685402 | FILE | 7/10/2014 8:12:19 PM | \MyDemo\WordFileDemo.docx
SECURITY CHANGE
CLOSE
----------------------------------------------------------------------------------------------------
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With