Limiting client access to cluster resources
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Limiting client access to cluster resources
The following table lists the Windows Server 2003 family security features you can use to control client access to cluster resources.
Important
- In general, grant permissions to the individual applications and services as you would normally. However, always use Cluster Administrator to set File Share resource security policies. File Share security policies configured using Windows Explorer are lost when the File Share resource fails over.
| Resource type | Windows Server 2003 family security |
|---|---|
Dynamic Host Configuration Protocol (DHCP) Service |
Windows Server 2003 family DHCP security. |
File Share |
NTFS or share-level security configured with a cluster management application. NTFS file permissions strongly preferred. Only NTFS file permissions for subfolder shares. For information about administering DFS shares, see the DFS documentation. |
Generic Application |
Windows Server 2003 family network authentication and NTFS security applied to the shared file system. Note that when using Cluster Administrator to configure the parameters for a Generic Application resource, we recommend that you avoid selecting Allow application to interact with desktop unless it is necessary. |
Generic Service |
Determined by Windows Server 2003 family service configuration. |
Generic Script |
NTFS file-level security for execute permissions on files and permissions for APIs called in the script. |
IP Address |
N/A |
Distributed Transaction Coordinator |
Controlled by Microsoft Distributed Transaction Coordinator (MS DTC). |
Message Queue Service |
Controlled by Message Queue Service. |
Network Name |
N/A |
Physical Disk/Local Quorum |
NTFS file-level security. |
Print Spooler |
Windows Server 2003 family network and print-level permissions. |
WINS Service |
Windows Server 2003 family WINS security. |