The article
Windows File System Tunneling in Digital Forensics
explains the concepts and lists the two registry items that are
important for Tunneling.
Both are under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
as follows:
MaximumTunnelEntries
: Number of values can exist in the cache simultaneously, 0
disables tunneling.
MaximumTunnelEntryAgeInSeconds
: The lifetime of entries
in the cache, default value is 15 seconds, maximum is 71 seconds.
First action : You should use regedit to verify these registry items
on your computer. The number of values might be too low or the lifetime
is too short for a long file-operation.
In the article
I'll be back in 15 seconds. Or, maybe not. File system tunneling,
the author has done very many tests of Tunneling, and has found this:
Of the cases mentioned above, the only exception where the tunnel effect will not be generated is in the case of combining a long file name with its short name equivalent.
This means that referring to a file by both its long name and by its
short name (8.3) does not work. If the editing program you're using
does this inconsistent handling, then Tunneling will not work.
The author has also found this :
Disabling the creation of short file names, (8.3), also disables the tunnelling of the file system, since tunnelling is based on such names.
Short file-names are discussed in the Microsoft article
fsutil 8dot3name.
Second action : Run an elevated Command Prompt (CMD) and check
if short file names are enabled on the volume X: with the command:
fsutil 8dot3name query X: