Friday, April 12, 2013

File screening in Windows Server 2008

File screening is quite an useful tool. It allows us to prevent users from storing certain type of data on the file shares, advises us if they store certain files and let us know who access certain folder, between other functions.

In order to use it, first we need to have the File Services role together with the FSRM (File Server Resource Manager). If you are already sharing files most likely you already have the File Services Role, if not you can enable this from the server manager, right click on Server Manager and click on Add Roles:



Then Select File Services and Next, up to the end. In the following picture you can see I already have it, but just to give an idea :)


Now, let's install the FSRM role service. Go to File Services, right click and select Add Role Services:


Select the FSRM, and click Next:


It will ask us to create reports at this point. We can omit as we can create them later. Click on Next:


Now we can click on Install. It will take a few minutes to install the feature.



After we have it installed, we go to Administrative tools -> File Server Resource Manager. Right click on File Screening Management and select Create File Screen. We will create a File Screen that will block storing executable files on public folders:


Select the path of our public share (D:\public for the example), select the template Block Executable Files and select create.


Now we will configure the email settings, so we will receive an email every time someone tries to store executable files on the selected folder. Select the file screen we just created, right click and select Edit File Screen Properties:






Select the Administrator's email address to be sent the notification, click the 
following square if you wish to notify the user as well (email must be stored on the AD domain), then click OK. At this point, if we have not configured our SMTP server a message will prompt. If so, accept it and go back to the main screen. Click on File Server Resources Manager (local), on the actions window click on Configure Options and introduce your smtp, default admin email and default sender options:


We are done. There's good bunch of benefits from this feature, for more information you can visit the Microsoft library page for this role service.


Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)