I work at a military headquarters base as a level 2 technician. My responsibilities are broad and diverse, but one of the aspects of my job involves deploying workstations to the users. We use a dual-partition system where the Windows 2000 system files and user profiles are kept on the C: partition and D: is open for data. Approximately 70% of the hard drive is taken up by the D: drive. It’s been that way for so long that no one knows why. Ironically, they did the same thing at my old job, but there, the question was never asked.

On the surface, the idea of a larger empty partition for data seems like a good idea. Data is kept away from Windows so, in the event of a Windows corruption, Windows could be reinstalled. Let’s be realistic, though. If Windows is corrupt, I’m going to take 20 minutes and re-image the machine, rather than sit there and try to reinstall Windows through a typical 50 minute installation plus an additional 30 to 40 minutes to set up Windows to a standard configuration. It’s not efficient and opens the network up for problems. That’s why we use an imaging process!

In reality, however, going dual-partition makes an end-run around the security features inherent in a multi-user environment. In Windows 2000, user data is kept in a profile folder. This folder is accessible only to the user, the local administrators, and the domain administrators. If another user signs on to the machine at a later date, he cannot access the data owned by the original user. This is the way things should be.

When a second partition is in place for data storage, all data within that drive is accessible by everyone, by default. Obviously, this is not a good thing. In our situation, classified information is not kept on unclassified workstations, but other data is often passed between users legitimately and saved to hard drives. By encouraging users to utilize a second partition accessible by all, instead of a built in profile folder, enterprise managers are encouraging users to access possibly sensitive data. This should be a concern.

There’s history behind the dual-partition method, however. In the context of this history, the method makes sense. But in the context of today’s technology, it doesn’t. Back in the days of Windows NT4 and 8 gigabyte hard drives, system partitions were limited to a maximum of 4 gigs. In those days, if the drive in question was 10gb, the only option was to install a 4gb C: partition and fill the rest with D:. This was due to the NT setup engine formatting a new NTFS partition first as FAT16 which was limited to 4gb, and then converting to NTFS. However, with Windows 2000, this problem does not exist and NTFS partitions can be easily created on the fly. This eliminates the need for two partitions.

Unfortunately, as time goes on and a system is in place longer, the more difficult it is to change the established rules. Fortunately, our Lieutenant has approved the conversion back to a single partition that preserves the data integrity inherent in a user-specific profile folder. I’ll be implementing these changes gradually, but they will definitely be implemented!

(As a side note, creating and maintaining a small partition can be useful for speeding up virtual memory and cache and can be used for such a purpose.)