Windows Server 2008: Disk Quota Management & Security Audits

Classified in Computers

Written on in English with a size of 3.28 KB

Disk Quota Management in Windows Server 2008

Windows Server 2008 offers two distinct types of disk quotas to help manage storage utilization:

  • NTFS Disk Quotas

    Available in all versions of Windows Server 2008, NTFS Disk Quotas allow administrators to manage the disk space used by users. Quotas are set for each volume. While users receive warning messages when exceeding their quota, event logging is the primary communication channel for disk quota management.

  • File Server Resource Manager (FSRM)

    Windows Server 2008 supports File Server Resource Manager (FSRM) for advanced quota management. FSRM enables the management of space utilization for specific folders and volumes. Users approaching or exceeding their limits will automatically receive email notifications. This robust notification system can also be configured to:

    • Notify administrators via email
    • Report incidents
    • Execute custom commands
    • Record events

Auditing Resources in Windows Server 2008

Auditing is an essential method for monitoring activities within a Windows Server 2008 environment. It can collect vital information on resource usage, such as file system access, initiated sessions, or changes in system configuration. Whenever a configured share is accessed, the event is recorded in the system's security log for review. The security log is easily accessible through the Event Viewer.

Audit policies are crucial for ensuring system integrity. Virtually all systems on the network should be configured with appropriate security logging. Audit policies for individual computers are configured via Local Security Policy, while those for machines in an Active Directory domain are configured via Group Policy. Group Policy allows administrators to establish audit policies for an entire site, domain, or organizational unit.

Key Auditing Options

The following are the primary auditing options available:

  • Audit Account Logon Events: Monitors events related to the beginning and end of user sessions.
  • Audit Account Management: Monitors account administration by Users and Computers in Active Directory. Events are generated each time a user account, computer, or group is created, modified, or deleted.
  • Audit Directory Service Access: Monitors access to Active Directory. Events are generated each time a user or computer accesses the directory.
  • Audit Logon Events: Monitors events related to the startup and shutdown of local and remote connections to network systems.
  • Audit Object Access: Monitors the use of system resources such as files, directories, shares, printers, and Active Directory objects.
  • Audit Policy Change: Monitors changes in user rights, auditing policies, and trust relationships.
  • Audit Privilege Use: Monitors the use of permissions and user privileges.
  • Audit Process Tracking: Monitors system processes and the resources they use.
  • Audit System Events: Monitors system startup, shutdown, restart, and actions affecting system security or the security log.
Karma: -12%
Visits: 0

Related entries:

Tags:
File Server Resource Manager Active Directory Resource Management System Security Security Log Windows Server 2008 Event Viewer Disk Quotas User Monitoring Group Policy Auditing NTFS Quotas FSRM