Cluster & AD permissions question

[summoner]

Our company will be commissioning 2 2650 dell servers and a 220s powervault disk array in a cluster configuration soon. OS will be win2k adv server on each box and cluster services. We have each server with a local c drive and then drives F: N: and Q: on the san box. F and N are our data stores where we will implement permissions on all the home folders, apps etc... No problem here.

The question is the Q drive which is our quorum logs for the cluster. Originally it was intended to lock out all users from the local C drives and the SAN Q drive, reason was they simply had no reason to be there. To the best of my knowledge, the everyone group was removed from both C and Q and some explicit assignments were made.

When we rebooted the servers, various services such as DHCP and Directory services failed upon startup...end story was that we needed to reformat the boxes to get them usuable again. Checking some sources we found at (the hard way) that some of the services are dependent upon access to the C and qurorum volumes and their repective permissions to certain files.

Does anybody have any recommendations on how to keep people (authenticated and unauthenticated users) from accessing the C and quorum volumes? Any documents that detail what services need access when and where? Thanks in advance.