NTFS and the Registry in Vista packaged up

The Registry and NTFS functions in Windows Vista are now packaged up, or transaction based, and transaction failure is no longer a problem. See an example of this new feature in this book excerpt by Mark Minasi.

Windows Vista's little surprises
By Mark Minasi

Have a look inside Windows security guru Mark Minasi's latest book, Administering Windows Vista Security: The Big Surprises, with this excerpt from Chapter 1, "Administering Vista Security: The Little Surprises."

@35229 This falls in the category of a good surprise, in fact a really nice one: Both the file system and the Registry are now transaction based in Vista. This surprised me because it was supposed to appear in Server 2007 but it's in Vista. "Transaction based" means that you can take a number of separate files, copy, move or whatever operations you need, and essentially package them up so that they're all or nothing. If one of the operations fails, then you just "roll back" and everything done so far is undone.

Here's an actual example run:

Microsoft Windows [Version 6.0.5456]
(C) Copyright 1985-2005 Microsoft Corp.
C:Usersmark>transaction /start
A transaction has been successfully started.
Transaction ID: {1288b5a4-4b58-4006-88d8-6bc86f4b8ad3}
C:Usersmark>md newfiles
C:Usersmark>copy con newfilestest
hi there
1 file(s) copied.
C:Usersmark>dir newfiles
Volume in drive C has no label.
Volume Serial Number is 4834-858C
Directory of C:Usersmarknewfiles
07/17/2006 06:48 PM {DIR} .
07/17/2006 06:48 PM {DIR} ..
07/17/2006 06:48 PM 10 test
1 File(s) 10 bytes
2 Dir(s) 15,731,507,200 bytes free
C:Usersmark>transaction /rollback
The current transaction has been rolled back.
C:Usersmark>dir newfiles
Volume in drive C has no label.
Volume Serial Number is 4834-858C
Directory of C:Usersmark
File Not Found
Here, I start a transaction, then create a new folder and put a file in that folder. But then I cancel the transaction, and it's all undone; asking for a directory listing of the new folder yields "File Not Found." In contrast, typing transaction /commit would have said "transaction's over, make it all permanent."

Where will this be useful? Well, File and Registry-based transactions will be pretty useful for applying patches. Heck, you could actually install and test a piece of software, and then uninstall it via a transaction rollback. But that'd only work if the software didn't require a reboot; any reboots act as a transaction /rollback. I suspect we'll find plenty of pretty valuable uses for this. (I've got to say it again: The word "patches" keeps coming to mind.)

Important warning
Unfortunately around RC1, Microsoft took the transaction command out of Vista. Apparently the under-the-hood support for transaction-based NTFS and Registry is still there, but the command itself posed some theoretical problems and so Microsoft decided that letting regular users like you and me set up transactions would be a bad idea. So unless they change their minds, then transactions will be something that only programmers can set up. (Which might make sense; it's just a shame.)

SearchWindowsSecurity.com also features excerpts from chapter eight, "Locking Up the Ports: Windows Firewall", of Mark Minasi's book, "Mastering Windows Server 2003 Upgrade Edition for SP1 and R2."

Mark Minasi is a best-selling author, commentator and all-around alpha geek. Mark is best known for his books in the Mastering Windows series. What separates him from others is that he knows how to explain technical things to normal humans, and make them laugh while doing it. Mark's firm, MR&D, is based in Pungo, a town in Virginia's Tidewater area that is distinguished by having one -- and only one -- traffic light.
Copyright 2005 TechTarget

Read more on IT legislation and regulation