August 2000
Intermediate to advanced
800 pages
21h 5m
English
Content preview from Microsoft® Windows® 2000 Security HandbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Reparse Points
Reparse points are a new feature of NTFS 5.0. The reparse attribute can contain up to 16KB of user-controlled data and a 32-bit reparse tag that indicates to the system which file system filter is to be notified when the reparse attribute is being accessed. The file system filter can then execute a piece of code to control accessing the directory or file. Because there can be up to 16KB stored in the attribute, the additional data can be passed to the filter as additional information.
Because file system filters (and obviously the ability to execute arbitrary code) have significant security risks, only administrators are allowed to install new file system filters. If, on accessing a reparse point, the requested filter can't be ...