Sorry I haven't responded to the posts, but on Saturday the server in
question was hacked and the perpetrators took it down and out for the count.
Local system policy was tampered with and all accounts locked out, shutting
down active directory and almost all services ( including backup tape
It appears the hackers had compromised the server some time ago through an
IIS loophole and managed to upload some hack tools to the server before
executing some scripts which allowed them to install some new services
including FTP, Telnet and a service disguised as MSSQLServer. Once this was
done they executed a script which mangled local system policy effectively
shutting everyone down ... hackers and us alike.
A couple bottles of ant-acid tablets and a sleepless night later ...
Regarding my original topic:
When I started looking at the server, there was only 100MB free space on the
boot/system partition. I did a major cleanup which involved removing a lot
of crud which had gathered over time including almost 500 MB bad mail left
behind from a previous Exchange installation.
Once I cleaned that up, a bunch of *.tmp files, and a bunch of other junk, I
increased my free space to over 700MB (After deleting the stuff installed by
the hackers, we now have more than 800MB).
Server has 19GB and 12GB disks
4GB allocated to boot/system (NTFS) - mirrored
8GB allocated to data (NTFS) - mirrored
2GB allocated to Swap (FAT) ??
5 GB allocated to Cache (NTFS) ??