Re: Win2K/NTFS messes file creation time/date

[Ken Brown <k.brown () ccs bbk ac uk>]

Gerald Carter wrote:
> On Wed, 11 Jul 2001, Acryl wrote:
>
> > Again the 3 files were created, but the Creation time/date was set
> > wrong, namely it was set to the very first creation time ( before I
> > deleted them by hand ). Any following runs of the program produced the
> > same results.
>
> This is known behavior.  There is a window during which the "sticky"
> behavior will occur. In fact, certain MS apps (e.g. Word) rely upon this
> behavior.

Known to who? Is it documented anywhere? 

The only documentation the vast majority of users have on NTFS is the
online help that comes with windows. The obvious place that most people
would look for this is the context-specific help on the file properties
sheet accessed from Explorer, and all that says is "Displays the date
and time on which the file or folder was created". It does not say "time
on which the file, or another one with a similar name, was created".  If
it did then maybe we could call it "well-known" behaviour.

Anyone involved in technical support or trouble shooting is likely to
have the MS technet documentation. On my CD, chapter 17 of the "Windows
2000 Professional System Configuration and Management", on file systems,
has a section on NTFS file attributes, which look like  an obvious place
to start. Also a section on the Change log. But there is no indication
that "created" means anything different on NTFS than it did on FAT. I
haven't found it in 3 or 4 other likely looking documents.

As it is, all sorts of questions follow from it. What is the window?
Where does NTFS store the information while the old file doesn't exist?
(Is it the change journal? It isn't mentioned.) What happens to Word if
someone accidentally or deliberately breaks the mechanism?   

The behaviour is easy to replicate as described, and I can also make it
happen from the command line without bothering with all that mouse
clicking. It sure looks like a bug or a vulnerability to me.

Ken Brown