3.1.1.3 Cluster Security Descriptor

A server that is an active node in a failover cluster also has access to the cluster security descriptor. The cluster security descriptor is used to determine whether a particular client is permitted to call methods in the RPC interface. Methods in the RPC interface require either "Read" or "All" access. A client granted "All" access is also granted "Read" access. The cluster security descriptor indicates the level of access that a client can obtain.

The format and storage mechanism for the cluster security descriptor is implementation-specific. It is set and typically permits "All" access to clients that are members of the server's local Administrators group.