{
	"id": "51d38833-56ad-4b3e-8c1c-59519190639d",
	"created_at": "2026-04-06T02:11:49.440484Z",
	"updated_at": "2026-04-10T03:20:04.625935Z",
	"deleted_at": null,
	"sha1_hash": "f2c40aeb181b2d1765869b98fb4c4ad53d9cb923",
	"title": "When to Use Transactional NTFS - Win32 apps",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 33883,
	"plain_text": "When to Use Transactional NTFS - Win32 apps\r\nBy jwmsft\r\nArchived: 2026-04-06 02:05:48 UTC\r\nAn application can use Transactional NTFS (TxF) to preserve the integrity of data on disk during unexpected error\r\nconditions. In general, an application should consider using TxF if the application is flushing files and using other\r\ntechniques to maintain data integrity. TxF can perform better and simplify the application's error handling code\r\nwhile improving error recovery and reliability. The following sections in this topic provide examples of scenarios\r\nfor you to use TxF.\r\nThe updating of a file is a common and typically simple operation. However, if the system or application fails\r\nwhile an application is updating information on a disk, the result can be catastrophic, because the user data can be\r\ncorrupted by a file update operation that is partially completed. Robust applications often perform complex\r\nsequences of file copies and file renames to ensure that data is not corrupted if a system fails.\r\nTxF makes it simple for an application to protect file update operations from system or application failure. To\r\nupdate a file safely, the application opens the file in transacted mode, makes the necessary updates, and then\r\ncommits the transaction. If the system or application fails during the file update, then TxF automatically restores\r\nthe file to the state that it had before the file update began, which avoids file corruption.\r\nTxF is even more important when a single logical operation affects multiple files. For example, if you want to use\r\na tool to rename one of the HTML or ASP pages on a website, a well-designed tool would also fix all links to use\r\nthe new file name. However, a failure during this operation leaves the website in an inconsistent state, with some\r\nof the links still referring to the old file name. By making the file rename operation and the link fixing operation a\r\nsingle transaction, TxF ensures that the file rename and link fix succeed or fail as a single operation.\r\nTxF isolates concurrent transactions. If an application opens a file for a transactional read while another\r\napplication has the same file open for a transactional update, TxF isolates the effects of the two transactions from\r\none another. In other words, the transactional reader always views a single, consistent version of the file, even\r\nwhile that file is in the process of being updated by another transaction.\r\nAn application can use this functionality to allow customers to view files while other customers make updates. For\r\nexample, a transactional web server can provide a single, consistent view of files while another tool concurrently\r\nupdates those files.\r\nNote\r\nTxF does not support concurrent updates by multiple writers in different transactions. TxF supports only a single\r\nwriter with multiple concurrent and consistent readers.\r\nTransactions used with transacted file systems may also be used with the transacted registry. Updates to the file\r\nand the registry are coordinated with a single transaction.\r\nhttps://msdn.microsoft.com/library/windows/desktop/aa365738.aspx\r\nPage 1 of 2\n\nBy using Distributed Transaction Coordinator (DTC) transactions or System.Transactions, updates made to SQL,\r\nMSMQ, and other transactional resources can be coordinated with transacted file updates. For more information,\r\nsee DTC's IKernelTransaction.\r\nTxF does not support the following transaction scenarios:\r\nTransactions on network volumes, for example on file shares. TxF is not supported by the CIFS/SMB\r\nprotocols.\r\nTransactions on any file system other than NTFS.\r\nTransacted operations against files cached by client-side caching.\r\nFile access using object IDs.\r\nAny shared writer scenario.\r\nAny situation where a file is opened for an extended period of time (days or weeks).\r\nSource: https://msdn.microsoft.com/library/windows/desktop/aa365738.aspx\r\nhttps://msdn.microsoft.com/library/windows/desktop/aa365738.aspx\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://msdn.microsoft.com/library/windows/desktop/aa365738.aspx"
	],
	"report_names": [
		"aa365738.aspx"
	],
	"threat_actors": [],
	"ts_created_at": 1775441509,
	"ts_updated_at": 1775791204,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f2c40aeb181b2d1765869b98fb4c4ad53d9cb923.pdf",
		"text": "https://archive.orkl.eu/f2c40aeb181b2d1765869b98fb4c4ad53d9cb923.txt",
		"img": "https://archive.orkl.eu/f2c40aeb181b2d1765869b98fb4c4ad53d9cb923.jpg"
	}
}