Scribd
Upload
171 views

File Server Resource Manager

File Screening allows administrators to control what file types users can save to shared folders on a file server. There are active and passive file screens, with active screening blocking configured file types from being saved. File screens can be customized to block or allow certain file types and send notifications when blocked files are attempted. Exceptions can also be created to allow blocked file types in specific subfolders.

Uploaded by

Bùi Đình Nhu
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
171 views

File Server Resource Manager

File Screening allows administrators to control what file types users can save to shared folders on a file server. There are active and passive file screens, with active screening blocking configured file types from being saved. File screens can be customized to block or allow certain file types and send notifications when blocked files are attempted. Exceptions can also be created to allow blocked file types in specific subfolders.

Uploaded by

Bùi Đình Nhu
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

File Server Resource Manager (FSRM)

The File Server Resource Manager (FSRM) is a part of the File Services Role
in Windows Server that gives you greater control over the data stored on your
file servers. In this part, I’ll discuss controlling files that can be saved to your
file server using File Screening.
File Screening is one of my favorite features in FSRM. One of the biggest
challenges in running a file server is keeping certain kinds of files off your file
server. Typically those are things like mp3 (and other digital music) files, video
files, and executables just to name a few. With File Screening, you can control
what file types can be saved to folders on your file server. There are two types of
File Screens: active and passive. Active screening blocks configured file types
from being saved to the folder and sub-folders. Passive screening allows the
configured file types to be saved, but performs actions like logging or email
notifications and can be useful for monitoring.

Creating a File Screen ^

In the FSRM administrative tool, go to File Screening Management, File Screens,


and click on Create New File Screen.
Create File Screen
Like Quota Management, Microsoft recommends using templates for setting up
File Screens. In our example, we’ll block users from storing executable files in
their home directories. Set the file screen path and choose a template.
Click Create to create the file screen.

File screen path and template


Editing the File Screen Properties lets us go in and customize the file screen
further. With this particular template, the Screening type has been set
to Active meaning that users will not be able to copy any file classified as
executable into this path. (Note: this applies to everyone… even users with
Administrator rights. If you’re setting an Active file screen, be really sure that is
what you want to do.)

File Screen Properties


The E-mail Message tab lets you set a customized message that can be sent to the
user (and a server administrator if you desire) that is trying to copy the screened
file to the file server. Like Quotas, I highly recommend translating this into
something your end users will understand; the built-in messages don’t always
make sense to end users.

E-mail message tab


I also recommend leaving the e-mail notifications enabled instead of relying on the
built-in error messages that will be generated by Windows on their computers. End
users will receive a very basic “Destination Folder Access Denied” error that will
tell them “You need permission to perform this action.” If you’re a larger
organization, your help desk or frontline support is going to think they’re dealing
with a permissions problem unless you’ve provided them with adequate
troubleshooting steps and documentation.

Exceptions ^

You’re always going to have those times where the rule that applies to everyone
needs an exception. In those situations, File Screening has the ability to crea

Destination Folder Access Denied


te exceptions for sub-folders. In the FSRM administrative tool, highlight the file
screen you want to modify and then click Create File Screen Exception.
Create File Screen Exception
Choose your Exception path, choose the file group that should be excluded for
this sub-folder, and then click OK. That’s it!
File Screen Exception - Executable files

File Groups ^

The pre-defined File Groups that are built-in to FSRM are… lacking to say the
least. In my earlier example, I blocked executable files from user folders on the file
server. The problem is that this also blocked .ps1 (PowerShell scripts), .js
(JavaScript), and .vbs (VB scripts) from user folders. Oops, huh? If you have any
sysadmins or web developers using those folders, you’ve got a problem. Let’s take
another file group: Audio and Video Files. First off, why are these together and not
two separate groups? Second, there are several file types missing. The most glaring
are .m4a and .m4v files that are used by iTunes. Oops again.

Pre-defined File Groups in FSRM


Needless to say, you’ll probably want to edit the existing File Groups or even
create your own that fit your organization’s needs.

File Content ^

There’s one last gotcha you’ll want to know about File Screening. File Screening
only looks at the name of the file and not the content of the file. So, if you block
“Audio and Video Files,” File Screening won’t block .mp3 files that have their
extension changed to something else. Honestly, I’ve never encountered someone
that did this to circumvent File Screening, but it is still something you’ll want to be
aware of before you implement File Screening.

You might also like