What does a DisableLastAccess value of 3 mean?

windows-10 command-line fsutil

In the command prompt type:

fsutil behavior set DisableLastAccess

Hit enter and you will get this output:

Values:

0 - User Managed, Last Access Updates Enabled

1 - User Managed, Last Access Updates Disabled

2 - System Managed, Last Access Updates Enabled

3 - System Managed, Last Access Updates Disabled


The outdated doc has the following information:

Fsutil behavior

The disablelastaccess parameter reduces the impact of logging updates to the LastAccessTime stamp on files and directories. Disabling the LastAccessTime feature improves the speed of file and directory access. This parameter updates the following registry key:

HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate

Notes:

File-based LastAccessTime queries are accurate even if all on-disk values are not current. NTFS returns the correct value on queries because the accurate value is stored in memory.

One hour is the maximum amount of time that NTFS defers updating LastAccessTime on disk. If NTFS updates other file attributes such as LastModifyTime, and a LastAccessTime update is pending, NTFS updates LastAccessTime with the other updates without additional performance impact.

The isablelastaccess parameter can affect programs such as Backup and Remote Storage that rely on this feature.

As for System Managed versus User Managed, basically System Managed mode means that the system treats the corresponding enable/disable state that you selected as advisory only. Basically, each time the system boots, it will decide whether to enable or disable LastAccessTime updating based on empirical factors, possibly overriding your suggestion.

From https://dfir.ru/2018/12/08/the-last-access-updates-are-almost-back/ (with cosmetic edits)...

In the System Managed mode, the NTFS driver can enable or disable LastAccessTime updating during the boot (in particular, when the system volume is mounted). LastAccessTime updates are enabled for NTFS volumes when the size of the system volume is 128 GiB or less. If the system volume is larger, then LastAccessTime updating is disabled.

The volume size threshold can be modified by writing an integer to:

HKLM\SYSTEM\CurrentControlSet\Control\FileSystemNtfsLastAccessUpdatePolicyVolumeSizeThreshold

The integer must specify the new threshold in GiB (not in bytes). The registry key doesn’t exist by default.

Use User Managed mode if you want to control the status of LastAccessTime updating and you don't want the system to override your choice during boot.

Related

Firefox freezing my whole desktop
Windows 7 : How to set default choice as "Yes" in UAC?
How do I move iTunes Library to a new drive without losing the 'Date added' field?
Wireless networking issue with Ubuntu
Is it possible to permanently disable internet access under Ubuntu?
How to prevent iTunes from launching on media key press
Fix NTFS partition
What manufacturers make linux based WiFi routers or ADSL modems? [closed]
How do I make Opera 10 start without any open tabs?
11GB Standby RAM File.. Low memory warning Battlefield 4. WIN 8.1
Touchpad freezing after Windows 10 update on ELAN input device
Making a bootable pendrive? [duplicate]