KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q196655: How to Set Up File Auditing on Cluster Disk

Article: Q196655
Product(s): Microsoft Windows NT
Version(s): WinNT:4.0
Operating System(s): 
Keyword(s): 
Last Modified: 10-AUG-2001

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Windows NT Server, Enterprise Edition version 4.0 
- Microsoft Cluster Server 
-------------------------------------------------------------------------------

SUMMARY
=======

When using Microsoft Cluster Server version 1.0, NTFS file/directory auditing on
a shared disk resource will stop recording file system access after the disk
resource is failed over to the other node. If the disk resource fails back to
the original node where auditing was configured, it logs information correctly.

MORE INFORMATION
================

Auditing NTFS files and directories is set up both at the system level and the
file system level. The configuration set in Explorer resides on the volume in
question, but the system level configuration set in User Manager is stored in
the local system registry and is not replicated between the Cluster nodes.

To turn this feature on, follow these steps:

1. Go to each node in the cluster and run User Manager.

2. On the Policies menu, select Audit.

3. Click to select Audit These Events and then click to select one or both of
  the Success and Failure check boxes for File and Object Access.

Audit settings remain and are viewable from Explorer.exe, from either node,
providing that the node doing the viewing owns the drive and has it mounted
(online).

For additional information on auditing, please see the following article in the
Microsoft Knowledge Base:

  Q157238 How to Activate Security Event Logging in Windows NT 4.0

Additional query words: MSCS

======================================================================
Keywords          :  
Technology        : kbWinNTsearch kbWinNT400search kbWinNTSsearch kbWinNTSEntSearch kbWinNTSEnt400 kbWinNTS400search kbAudDeveloper kbClustServSearch
Version           : WinNT:4.0
Issue type        : kbhowto kbinfo

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.