\[Editor's Note: Do you have a security-related question about Windows NT? Send it to [email protected], and you might see the answer in this column!\]
I'm looking for a tool that can help me monitor the size of my users' home directories. My goal is to detect sudden big folder-size changes that might show that an intruder is filling up disk space in a Denial of Service (DoS) attack. We haven't implemented a quota-monitoring software program and aren't planning to do so any time soon. Because I want to use the tool in batch maintenance scripts, it must run from the command prompt. Any ideas?
The Microsoft Windows NT Server 4.0 Resource Kit contains a tool called diruse.exe that you can use from the command prompt to report on directory disk usage. Diruse lets you specify a maximum folder size; if a folder exceeds this size, Diruse marks the folder in its output. For example, Figure 1 shows a sample Diruse command that outputs the size of all the directories on the C drive and marks with an exclamation point those whose size is greater than 200MB. In this command, the -m switch tells the tool to display disk usage in megabytes, the -q switch tells the tool to mark files 200MB or larger, the -l switch tells the tool to write the output to a log file (called diruse.log), and the -* switch tells the tool to report only on the C drive's top-level folders.