In Windows 2000 clustering, “dynamic shares” refers to the Cluster Service’s ability to automatically create shares beneath a parent directory. One of the best examples of how dynamic shares work is with user home directories, which also happens to be the most common use for the feature.
Say you create a share called Users, and under that you create subdirectories with all your users’ names. Normally you would have to configure each user directory to be shared. But the Cluster Service’s dynamic share feature allows all subdirectories off a share to be automatically shared. Additionally, you can choose to automatically append a “$” to the end of the shares so that they are hidden from the Windows network browse list. With this simple approach to creating and maintaining user home directories, you have only the one share to worry about.
Let’s take a closer look at the issues involved in setting up these types of dynamic shares.
This article assumes a basic familiarity with the Windows 2000 Cluster Service. If you are new to the Cluster Service, take a look at these articles:
- “Windows 2000 Cluster Service can reduce maintenance downtime”
- “Configuring the Windows 2000 Cluster Service”
- “Single-system Win2K clusters can cut headaches, licensing fees”
Dynamic share permissions
As far as security goes, you can set share permissions to Full Control For Everybody within the Cluster Service and then control access with NTFS permissions. Note that the Cluster Service itself needs the minimum NTFS permission of Read to these directories. You should specify your NTFS permissions at the top directory (in our example, Users) to include the account where the Cluster Service runs, as well as administrators and users. You can then let inheritance filter down, adding NTFS permissions for each subdirectory.
You use the Cluster Administrator, not Windows Explorer, to set the share permissions because if you were using two servers for fault tolerance, the share permissions would be lost if the resource failed over to the other server.
If you use shares with the Cluster Service on more than one server, you should assign NTFS permission to global groups, and not local groups as you would normally. A local group applies to only the local server, and should the share failover to the other server, the permission would be lost because the local group is no longer accessible. However, both servers can access the same global group. Similarly, if you’re using auditing on the folders and files within the share, you should configure this using Windows Explorer on both servers.
Setting up dynamic shares
Make sure the parent directory already exists on one of your external disks (e.g., F:\Users) with NTFS permissions set for your users, administrators, and the account that Cluster Service is using (again, Cluster Service needs at least Read access). Then, using the Cluster Administrator, shown in Figure A, right-click on an existing group of servers other than Cluster Group or create a new group that contains the physical disk you’re going to use for the shares.
Select New | Resource, type in an administrative name (e.g., Home Directories), and select File Share from the Resource Type drop-down box. Click on Next several times (accepting the defaults) until you get to the File Share Parameters dialog box. Here’s where you specify the share name (e.g., Users) and the full path to the parent directory (e.g., F:\Users).
Unfortunately you can’t browse for these resources, so you have to manually type them in. To avoid spelling mistakes on paths, I suggest you copy and paste from the directory’s properties sheet, especially if it’s a long path name. Also, make sure this directory exists before bringing this resource online.
You can also specify user limits and permissions here, as when creating a share with Windows Explorer. As mentioned above, I advise using Everybody With Full Control and following up with NTFS permissions and global groups to restrict access. The important new option here is the Advanced button, which accesses the options to share subdirectories (dynamic shares) and to hide subdirectories. With these options set, click Finish and then bring the cluster group online (if it isn’t already).
It’s interesting to note that file shares (unless they are Dfs root file shares) have no resource dependencies. But in most cases it’s a good idea to add the Physical Disk as a dependency resource, and also add the server’s associated Network Name and IP Address (with the Network Name resource depending on the IP Address resource).
Now when you create a new directory under Users, you should soon after be able to connect to it as a share without having to do any additional configuration. For example, create the subdirectory Anna in our scenario, and you should automatically be able to map Anna’s home directory at F:\Users\Anna.
One final point about creating shares with the Cluster Service: If they are not hidden, they will also appear in a browse list under all the other registered server names within the cluster, which will be very confusing and misleading. See the Microsoft article Q170762, “Cluster Shares Appear in Browse List under Other Names,” for more information about this issue.