Disk resource security

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Disk resource security

There are two disk subsystems in a cluster environment: The first is the shared bus or buses, including the cluster disks, and the second is theWindows Server 2003 family operating system files. Keep these two systems separate. Do not put Windows Server 2003 family system files on the cluster disks. In addition, you can locate Windows Server 2003 family system files on either file allocation table (FAT) or NTFS drives, but you must locate the cluster disks on the shared bus only on NTFS-formatted drives.

Securing access to the cluster disks

Restrict access to the cluster disks to applications that are managed as a cluster resource. If there are other applications on a cluster node that are not managed by the cluster, install those applications either on the system disk or on a local disk. To help reduce the risk of unauthorized reads and writes to the quorum disk, it is recommended that you give access to the quorum disk only to the Cluster service account and members of the local Administrators group.

Securing disk resources on cluster disks

All standard Windows Server 2003 family file security options apply to the disk resources on the cluster disk. You can use Windows Explorer to set permissions on disk resources.