Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Microsoft Cluster Server Shares Randomly Changing Permissions

Status
Not open for further replies.
jgrote

jgrote

Vendor
Aug 9, 2007
1
US
Greetings,

I'm consulting for a large hospital. They have a 6-year old Windows 2003 SP2
MSCS two-node cluster running on HP DL360G2's attached via a Brocade switch
to a Fibre Channel SAN. This SAN is primarily used for file and print
services.

On random occasion (apparently weekly or so) shares and subfolders will do
weird things like mark the read-only bit in such a way that it cannot be
undone by going to file -> properties. Shares will also disappear and
permissions will change randomly.

This hospital was the subject of a malware attack a few months ago so I also
suspect that it may be a client computer with admin rights causing the issue.

So my questions are three-fold:
1. Anyone ever seen this as a MSCS-related issue?
2. Are there any kind of access or permissions logs that I can go into or
turn on to see what user or service is changing the permissions?
3. (somewhat related) What are the best practices for applying Windows
Update patches in a safe, rolling fashion to an MSCS cluster? Preferably with
WSUS?
 
Sort by date Sort by votes
1. Not this one, but I could see a worm doing it.

2. Enable auditing on the server, and then check the security logs.

3. Apply to the passive node, test, then fail over and apply to the now passive node.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Upvote 0 Downvote
Some related regarding your problem:

How to enable and apply security auditing in Windows 2000

You cannot audit the security state of managed client computers

How to set up and manage operation-based auditing for Windows Server 2003, Enterprise Edition

No events are logged in the Security log for the root of the mounted volume when you configure auditing for a mount point folder in Windows Server 2003

Regards,
Cengiz Kuskaya
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
210
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
259
Aquiles Vidal
Aquiles Vidal
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
394
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
383
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
307
suncit
suncit

Part and Inventory Search

Sponsor

Back
Top