Directory utility windows

For files with a time more than six months old or in the future, the timestamp contains the year instead of the time of day. If the timestamp contains today's date with the year rather than a time of day, the file's time is in the future, which means you probably have clock skew problems.

For each directory that is listed, the list of files is prefaced with a line that summarizes the count of blocks , where blocks is the total disk allocation for all files in that directory. The block size defaults to bytes, but this can be overridden see Block size. The ACL permissions in the mode string e. File Attributes: In addition to the standard Unix-style mode string, the Windows version of ls also shows file attributes.

To show file attributes Windows ls replaces the three character positions used in Unix to indicate execute permission x--x--x since NTFS does not support execute-only files. If a file has the Read-Only attribute set this is indicated with a capital R instead of the normal r.

Thus a file with all four attributes set Read-Only, System, Hidden, and Archive will have a mode string of -R-s--ha. To view the names of the hidden streams , use --streams.

Since the Windows version of ls enables -G by default, this option is equivalent to -l. Display the object tracking identifier for the file if any. For more information see Object Tracking Identifiers. Normally the disk allocation is printed in units of bytes, but this can be overridden see Block size. For example, instead of showing the file name Information. Highlight files that contain one or more embedded hidden streams. For more information see Hidden Streams in Files: --streams. If --color is specified, the file is shown with a distinctive color.

Show your process token. This can be used to determine your elevation status on Windows Vista or Windows 7. See Viewing Your Process Token.

Report the file permissions from the viewpoint of the user name. The mode string will be altered to show the effective file permissions from the viewpoint of the named user. This will pop up the standard Windows dialog to show very detailed information on the file's ACL. The information includes special permission flags, auditing, ownership, and effective permissions. To view effective permissions from the viewpoint of another user, press the button "Advanced", then click on on the tab "Effective Permissions".

Type in or click on the name of the user whose effective permissions you want to view. Hidden Streams in Files: --streams Normally the data in a file consists of a single stream of bytes. It is possible under the NTFS file system to add one or more secondary streams of bytes to a file.

These are called hidden streams. To create or view a hidden stream, append : name to the end of the file name. Use the --streams option to detect the existence of the hidden stream. Note that the size of the hidden data does not show up in the size of the file. To view the name s of the hidden stream s , use a wildcard. If you view a directory with --streams , ls will search every file in the directory and show the names of every hidden stream.

Each hidden stream has a type suffix. Other type suffixes can be created with undocumented APIs. By default ls will search for streams only on the local hard disk.

Searching for streams over a network is a very slow operation. To view streams on network folders add the --slow option. Hidden streams were originally an attempt by Microsoft to create an object-oriented file system.

This was part of the long delayed and since abandoned Microsoft project code-named "Cairo," to create a new operating system based on object-oriented design principles. Use of hidden streams is rare in Microsoft Windows. SP2 uses a hidden stream to taint downloaded files with a "Security Zone" marker.

The taint prevents execution by the Windows Shell. In the opinion of the author, hidden streams are a very bad and harmful mis-feature of NTFS, and he believes their use should be avoided. This is because files with hidden streams cannot be copied or backed up without special handling. And they are a hiding place for viruses and malware. Requesting permission is called elevating the task. For example, if you open a command console CMD.

EXE without elevation, it will run with restricted permissions. To view your permissions ls can display your process token. The process token contains all of your security credentials for accessing protected files and registry keys.

To get an elevated command console click on Start lower-left corner. In the Vista or Windows 7 search box type cmd. While holding down the Shift and Control keys press the Enter key. This will open a command console in elevated mode. When using UAC ls will show the current running token and also the associated linked non-elevated token.

To view the names of users who possess an encryption key for the file, use the option --encryption-users. The second example above uses the abbreviation --en and drops the -l because it is implied. In this example the users Alan and Ginger possess encryption keys for the file. The user Administrator is designated as a recovery agent.

A recovery agent can recover the contents of the file if the original user forgets his password. Upon recovery all encryption keys are erased. You can detect that the administrator recovered your file if --enc shows that your encryption key is no longer listed. This is because nobody has access to your encryption key except yourself, not even system administrators.

If you no longer see your name or group listed, it means that someone with a Recovery Agent password has forced recovered access to your private encrypted file. They are invisible to most applications. To view the object tracking identifier on a file or folder, use the option --object-id. The example above uses the abbreviation --obj and drops the -l because it is implied.

In the example the file named File2. The object tracking information is always exactly 48 bytes long. The data can be interpreted in any way by the application. Object IDs are typically used by the Windows Shell to track the movement of the target of a file shortcut. The Distributed Link Tracking Service on a file server maintains a database of object IDs to permit tracking of orphan.

LNK targets across the network. Performance: --slow vs --fast Some types of extended information will cause ls to run slowly if they are used on slow media such as network folders, diskettes, or CD-ROMs. The --fast option limits the reporting of extended information on slow media. If neither --slow nor --fast are specified, the --fast option is implied by default unless you include one one of the slow options listed above --acls , --sids , etc.

If you explicitly add --fast on the command line, it disables all slow options when used on slow media, regardless of the inclusion any slow options on the command line. If you explicitly add the --slow option on the command line, it will report all extended information regardless of the type of media. See customizing ls. Options: Which files are listed? These options determine which files ls lists information for.

By default, all files and the contents of all directories listed on the command line are shown. When showing the contents of directories, files beginning with. List just the names of directories, as with other types of files, rather than listing their contents. The first option ignores names of length 3 or more that start with. On Windows Vista or Windows 7 show the virtual view of files and registry keys. This option has no effect on older operating systems.

See Vista File and Registry Virtualization. Download AdExplorer 1. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object's schema, and execute sophisticated searches that you can save and re-execute.

AD Explorer also includes the ability to save snapshots of an AD database for off-line viewing and comparisons. When you load a saved snapshot, you can navigate and explore it as you would a live database. If you have two snapshots of an AD database you can use AD Explorer's comparison functionality to see what objects, attributes and security permissions changed between them. Disk2vhd Disk2vhd simplifies the migration of physical systems into virtual machines p2v. DiskMon This utility captures all hard disk activity or acts like a software disk activity light in your system tray.

DiskView Graphical disk sector utility. Disk Usage DU View disk usage by directory. EFSDump View information for encrypted files. FindLinks FindLinks reports the file index and any hard links alternate file paths on the same volume that exist for the specified file. A file's data remains allocated so long as at it has at least one file name referencing it.

MoveFile Schedule file rename and delete commands for the next reboot. This can be useful for cleaning stubborn or in-use malware files. PendMoves See what files are scheduled for delete or rename the next time the system boots.