Monitoring Disks and Volumes

If a server administrator can monitor only a handful of resources on a server, disks and volumes should be included. Using System Monitor in the Performance console, both physical disks and logical disks (volumes) can be monitored.

Managing Volume Usage with NTFS Quotas

On NTFS volumes only, quotas can be enabled to manage the amount of data a user can store on a single volume. This capability can be useful for volumes that contain user home directories and when space is limited. Quota usage is calculated by the amount of data a particular user created or owns on a volume. For example, if a user creates a new file or copies data to his home directory, he is configured as the owner of that data, and the size is added to the quota entry for that user. If the system or the administrator adds data to the home directory for a user, that data is added to the administrator's quota entry, which cannot be limited. This is usually where administrators get confused because a user's folder may be 700MB on a quota-managed volume, but the quota entry for that user reports only 500MB used. The key to a successful implementation of quotas on a volume is setting the correct file permissions for the entire volume and folders.

As explained in the earlier section titled "Leveraging the Capabilities of File Server Resource Manager," FSRM also provides the capability to set quotas on storage limits. The difference between FSRM quotas and NTFS quotas are shown in Table 30.1.

Table 30.1. FSRM and NTFS Quota Differences
Quota Capabilities	FSRM Quotas	NTFS Quotas
Quota tracking	By folder or by volume	Per user on a specific volume only
Calculation of storage usage	By actual disk space used	By the logical file size on the volume
Notification Method	By email, custom reports, reports, and event log entries	By event log only

Note

Prior to the release of FSRM, organizations used to depend on NTFS quotas for their quota storage management capabilities. However, FSRM has effectively replaced the use of NTFS quotas. The coverage of NTFS quotas in this section is merely to describe the process and use of NTFS quotas. Most organizations should consider using FSRM quotas in the Windows 2003 R2 update as the best practice method of creating and enforcing storage quotas.

To enable quotas for an NTFS volume, follow these steps:

1.	Log on to the desired server using an account with Local Administrator access.
2.	Click Start, My Computer.
3.	Locate the NTFS volume on which the quota will be enabled.
4.	Set the appropriate permission to ensure that users have the right to write data only where it is necessary and in no other location. For example, a user can write only to her home directory and cannot read or write to any other directory.
5.	Right-click the appropriate NTFS volume and select Properties.
6.	Select the Quota tab and check the Enable Quota Management box.
7.	Enter the appropriate quota limit and warning thresholds and decide whether users will be denied write access when the limit is reached, as shown in Figure 30.9. Figure 30.9. Configuring a quota limit.
8.	Click OK to complete the quota configuration for the NTFS volume.
9.	When prompted whether you want to enable the quota system, select Yes; otherwise, to cancel the configuration, click Cancel.
10.	After you configure quotas on all the desired NTFS volumes, close the My Computer window and log off the server.

To review quota entries or to generate quota reports, you can use the Quota Entries button on the Quota tab of the desired NTFS volume. Also, as a best practice, try to enable quotas on volumes before users begin storing data in their respective folders.

Using the Performance Console to Monitor Disks and Volumes

Using the Performance console from the Administrative Tools menu, a server administrator can monitor both physical disks for percent of read and write times as well as logical disks for read and write times, percent of free space, and more. Using performance logs and alerts, an administrator can configure a script to run or a network notification to be sent out when a logical disk nears a free space threshold.

Using the Fsutil.exe Command-Line Utility

The Fsutil.exe tool can be used to query local drives and volumes to extract configuration data such as the amount of free space on a volume, quota enforcement, and several other options. In many environments, this tool is not used much, but it can be useful when managing disks from a command-line interface if necessary. For example, Fsutil.exe may be a great tool for checking volume status when managing the server through a remote shell, remote command prompt window, or a Telnet window.

Auditing File and Folder Security

Auditing allows an administrator to configure the system to log specified events in the security event log. Auditing can be configured to monitor and record logon/logoff events, privileged use, object access, and other tasks. Before a folder can be audited, auditing must be enabled for the server.

Audit settings for a server can be configured using the Local Security Settings console, or in an Active Directory domain, the audit settings can be configured and applied to a server from a Group Policy. To enable file and folder auditing for a server, the administrator should enable the Audit Object Access setting using Group Policy or the local security policy, as shown in Figure 30.10.

Figure 30.10. Enabling auditing of object access to log successful and failed attempts.

Enabling Auditing for an NTFS Folder

When object access auditing is enabled for a server, the administrator can then configure the audit settings for a particular file or folder object. To enable auditing on a folder, follow these steps:

1.	Log on to the desired server using an account with Local Administrator access.
2.	Click Start, My Computer.
3.	Locate the NTFS volume that contains the folder to audit.
4.	Locate the folder, right-click it, and select Properties.
5.	Select the Security tab and click the Advanced button.
6.	Select the Auditing tab and click Add to create a new audit entry.
7.	Enter the name of the user or group for which you will audit events and click OK. For example, enter `Everyone` to audit object access for this folder for anyone belonging to the Everyone group.
8.	Select the object access to audit and whether to audit successful attempts, failed attempts, or both.
9.	Click OK when you're finished.
10.	Add any additional users or groups, and when you're finished, click OK to close the Advanced Security Settings page.
11.	Click OK to close the Folder Properties page.

Access settings commonly audited include failed read attempts and successful and failed deletion of files, folders, and subfolders.

Reading Audit Events Using the Event Viewer Security Event Log

The server administrator can use the security event log to review audit entries. When the administrator becomes familiar with the audit event IDs, event log filters can be created to make collecting audit data easier.

Reviewing NTFS Volume Quota Usage

When an NTFS volume has quotas enabled, the server administrator should periodically check the volume's quota usage statistics. This can be accomplished using the Quota Entries console, which is accessible through the Quota Entries button on the Quota tab of the volume's property page.

To review NTFS quotas, follow these steps:

1.	Log on to the desired server using an account with Local Administrator access.
2.	Click Start, My Computer.

3.	Locate the NTFS volume that quotas has been enabled on.
4.	Right-click the appropriate NTFS volume and select Properties.
5.	Select the Quota tab and click the Quota Entries button.
6.	In the Quota Entries window, review or modify a particular user's or group's quota settings as necessary.
7.	Close the Quota Entries window when you're finished.
8.	Close the volume's property page, close the My Computer window, and log off the server when you're finished reviewing quota information from the desired quota-enabled volumes.