Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Microsoft Cluster Server Shares Randomly Changing Permissions

Status
Not open for further replies.

jgrote

Vendor
Aug 9, 2007
1
US
Greetings,

I'm consulting for a large hospital. They have a 6-year old Windows 2003 SP2
MSCS two-node cluster running on HP DL360G2's attached via a Brocade switch
to a Fibre Channel SAN. This SAN is primarily used for file and print
services.

On random occasion (apparently weekly or so) shares and subfolders will do
weird things like mark the read-only bit in such a way that it cannot be
undone by going to file -> properties. Shares will also disappear and
permissions will change randomly.

This hospital was the subject of a malware attack a few months ago so I also
suspect that it may be a client computer with admin rights causing the issue.

So my questions are three-fold:
1. Anyone ever seen this as a MSCS-related issue?
2. Are there any kind of access or permissions logs that I can go into or
turn on to see what user or service is changing the permissions?
3. (somewhat related) What are the best practices for applying Windows
Update patches in a safe, rolling fashion to an MSCS cluster? Preferably with
WSUS?
 
1. Not this one, but I could see a worm doing it.

2. Enable auditing on the server, and then check the security logs.

3. Apply to the passive node, test, then fail over and apply to the now passive node.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Some related regarding your problem:

How to enable and apply security auditing in Windows 2000

You cannot audit the security state of managed client computers

How to set up and manage operation-based auditing for Windows Server 2003, Enterprise Edition

No events are logged in the Security log for the root of the mounted volume when you configure auditing for a mount point folder in Windows Server 2003

Regards,
Cengiz Kuskaya
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top