Securing shared data in a cluster
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Securing shared data in a cluster
Securing data on cluster disks
You can control access to folders and files of File Share resources on a user or group basis. You must set access to File Share resources through Cluster Administrator. The account used to start the Cluster service must have appropriate access to the directories with File Share resources. At minimum, this account must have NTFS Read permissions.
By default, access to cluster file shares is disabled to anonymous users. To allow anonymous access to specific file shares you can either enable Kerberos authentication on the Network Name resource associated with the file share or change the local security policy setting. For more information on configuring these Kerberos properties, see Enable Kerberos authentication for virtual servers.
If you change file share permissions using Windows Explorer or My Computer instead of using Permissions on the Parameters tab in Cluster Administrator, the permissions are lost when the resource is taken offline.
When setting access permission on File Share resources, specify permissions based on, at minimum, a local Administrator group account; do not specify permissions based on local user or local group accounts. On member servers, local users and local groups have security context only on the local computer. The security context of these accounts and groups is meaningless when failed from one node to another. For this reason, you cannot give local users or local groups permissions to administer the cluster. The single exception to this rule is the local Administrators group. This is not a problem on domain controllers because the local accounts and groups have security context on all member servers in the domain.
The Cluster service must always have full access to the folder on the quorum disk containing the quorum log (the folder is named MSCS by default). (The quorum log file is used to write all cluster state and configuration changes that cannot be committed to the other nodes.)
Encrypting shared data
You can further secure the contents of the data on your cluster disks by using Encrypting File System (EFS). EFS prevents unauthorized users that may gain physical access to your cluster disks from reading the data on those disks. For more information, see Create a cluster-managed encrypted file share.
Auditing access to shared data
Use standard security features to audit access to files and folders that reside on drives on the cluster storage. Use either My Computer or Windows Explorer to set file or directory auditing. You cannot do this using Cluster Administrator. For more information on auditing, see Auditing Security Events.
Security events are written to the security log on the node that owns the File Share resource.
Audit settings are specific to a node. Therefore, if you enable auditing on one node but not on another, you only see security events when the node with auditing enabled owns the File Share resource. If you want to audit access to shared data, it is a best practice to enable auditing on all cluster nodes.
Taking ownership of files or folders
Use either My Computer or Windows Explorer to set file or directory ownership. You cannot do this using Cluster Administrator.