Tip

Use Group Policy Objects to manage disk quotas

James Michael Stewart, Contributor

While it might not seem obvious at first, maintaining control over the usage of drive space on your network is an important security measure. We've all heard of denial of service attacks. Well, they come in a variety of forms, including total consumption of storage space.

Whether users intend to take over an entire hard drive or it just occurs naturally or accidentally, you still need to protect your systems from it. A full hard drive can cause several problems, including system freezing, lost, damaged or corrupted files due to inadequate save space and a significant reduction in the performance of the system as a whole.

There are several products on the market that can be used to impose custom quota systems or set trigger alarms, but there is no need for third-party code with Windows 2000. Windows 2000 includes both a basic quota system and system alerts.

You can set system alerts through the Performance Logs and Alerts tool. Just create an alert to scan each drive every 15 minutes for remaining free space. If the free space available is less than five percent, the alarm should notify the system administrator. An alert will clue in the right person just before the denial of service sets in but there is an even better way to handle this and avert the crisis altogether -- namely, quotas.

Quotas limit the amount of hard drive space any user can consume with files stored on local hard drives of the network client. Quotas can be enabled and defined

    Requires Free Membership to View

on a domain container basis -- domain, site or OU -- through an Active Directory group policy object (GPO). The quota control settings are found in the Local Computer Policy, Administrative Templates, System, Disk Quotas section. When you implement quotas through GPO, they apply to the members of the container and only to the client systems. To enable quotas on servers, configure the quotas directly through the Quota tab of the drive's Properties dialog box.

When defining quotas via GPO, here are a few key issues to keep in mind:

  1. GPO quota settings apply only to users who have not yet stored any files on the hard drive. You have to add quota entries to include existing users.
  2. GPO quota settings are applied to all users within the container, no exceptions (just like any other GPO setting)
  3. GPO quota settings define the same quota limits for all hard drives within the client that the user has access to.

James Michael Stewart is a researcher and writer for Lanwrights, Inc.


This was first published in August 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.