FSUtil and Quotas

There is more than a little confusion about the use of FSUtil with quotas. For one thing, precisely why would someone use the FSUtil Quota Track command when it doesn’t enforce the quotas you set? I’m sure Microsoft has some scenario in mind for just tracking and not enforcing the quotas. I did talk with one of my administrator friends. She uses just the tracking option at her company. The reasoning is that she can then talk with the user when the user goes over a limit. In this particular organization, it’s bad form to limit the user’s access to the hard drive when in the midst of an important procedure (as it might have dire consequences). She says that she does see the event log entries when someone goes over their quota. So, that’s one potential scenario—you have an administrator that has to work with the users to maintain the hard drive but isn’t allowed to enforce those limits directly because doing so could impede work.

Of course, one of the problems with the tracking feature is that it doesn’t automatically set logging. In order to configure drive C on your system to track user activities and log them in the event, you must initially configure the drive using these three commands.

  1. FSUtil Quota Track C:
  2. WMIC QuotaSetting Where Caption=”C:” Set ExceededNotification=True
  3. WMIC QuotaSetting Where Caption=”C:” Set WarningExceededNotification=True

The two WMIC commands set the two logging options for you. What these commands do is set the quota exceeded and quota warning flags for drive C. After you issue these three commands, the Quota Settings dialog box will look like this:

Quota1

You can now add quotas using the FSUtil Quota Modify command as described in page 89 of my book, “Windows Command Line Administration: Instant Reference.” Generally speaking, you can add an overall quota for the entire drive or individual quotas for each person. The overall quota affects everyone who doesn’t have a specific individual quota.

OK, now you’ve configured the C drive to provide quota information in the form of event log entries. So, you create a test case to make sure everything works and that’s when you figure out that you can’t see any entries in the event log. In addition, it appears that the FSUtil Quota Violations command doesn’t work either. Well, that’s a little disappointing.

The problem is a lot simpler to correct than you might initially think. Microsoft hides the information you need in the Knowledge Base article at http://support.microsoft.com/kb/228812. The short story is that NTFS only scans the drive once an hour for violations, so you’ll have to wait a while to see any test violations. Of course, you might not have all day to wait around for NTFS to get around to scanning the drive. So, you can use the FSUtil Behavior Set QuotaNotify 60 command to set NTFS to scan the drive once a minute. In order to get this command to work, however, you must reboot the system. It seems that NTFS also loads its settings once during each boot cycle and then ignores the registry settings thereafter.

Once NTFS starts scanning the drive at a reasonable interval, you’ll begin seeing entries in the System event log. In addition, you can use the FSUtil Quota Violations command to look for violations as shown here:

Quota2

At this point, you’re ready to go. Your system is setup to monitor quotas in a critical environment, but not to enforce the quotas (thus preventing people from completing tasks). I’ve had at least one person tell me that the FSUtil Quota Violations command tends not to work if the System event log gets too full; I’d like to find out whether other people are having the same problem. Let me know how you use quotas on your system at [email protected].