Greetings,
I'm consulting for a large hospital. They have a 6-year old Windows 2003 SP2
MSCS two-node cluster running on HP DL360G2's attached via a Brocade switch
to a Fibre Channel SAN. This SAN is primarily used for file and print
services.
On random occasion (apparently weekly or so) shares and subfolders will do
weird things like mark the read-only bit in such a way that it cannot be
undone by going to file -> properties. Shares will also disappear and
permissions will change randomly.
This hospital was the subject of a malware attack a few months ago so I also
suspect that it may be a client computer with admin rights causing the issue.
So my questions are three-fold:
1. Anyone ever seen this as a MSCS-related issue?
2. Are there any kind of access or permissions logs that I can go into or
turn on to see what user or service is changing the permissions?
3. (somewhat related) What are the best practices for applying Windows
Update patches in a safe, rolling fashion to an MSCS cluster? Preferably with
WSUS?
I'm consulting for a large hospital. They have a 6-year old Windows 2003 SP2
MSCS two-node cluster running on HP DL360G2's attached via a Brocade switch
to a Fibre Channel SAN. This SAN is primarily used for file and print
services.
On random occasion (apparently weekly or so) shares and subfolders will do
weird things like mark the read-only bit in such a way that it cannot be
undone by going to file -> properties. Shares will also disappear and
permissions will change randomly.
This hospital was the subject of a malware attack a few months ago so I also
suspect that it may be a client computer with admin rights causing the issue.
So my questions are three-fold:
1. Anyone ever seen this as a MSCS-related issue?
2. Are there any kind of access or permissions logs that I can go into or
turn on to see what user or service is changing the permissions?
3. (somewhat related) What are the best practices for applying Windows
Update patches in a safe, rolling fashion to an MSCS cluster? Preferably with
WSUS?