Another function of the File Server Resource Manager is the ability to create file screens. A file screen applied to a folder inspects the file to be stored and either allows or disallows a user from saving the file based on the file screen. A file screen blocks files from being stored within folder and all subfolders. As an example, an organization can allow the storage of all undefined documents and deny the storage of *.mp3 audio files and *.mpg video files by applying a file screen that contains these two file types to a particular folder or set of folders.
To create a file screen, perform the following steps:
1. Open the File Server Resource Manager and expand it.
2. Double-click File Screening Management.
3. Select the File Screens node. In the Actions pane, click Create File Screen.
4. In the Create File Screen window, specify the path for the file screen, such as
E:\UserShares.
5. In the File Screen Properties section of the window, select the Derive Properties from This File Screen Template option button, or choose Define Custom File Screen Properties depending on whether you want to apply a template or create a custom screen. For this example, choose the Derive Properties from This File Screen Template option button, and select Block Audio and Video Files from the drop-down menu. Click Create to create the new file screen.
Creating a File Screen Template
Windows Server 2008 R2 provides several functional file screen templates, but when customized file screens are required, administrators can create new file screen templates. A file screen template includes file groups, screening policies, and notification settings:
» File groups—The administrator can define the file types into groups, such as Office 2007 file groups containing *.docx Microsoft Word files and *.xlsx Microsoft Excel files.
» Active screening and passive screening—An active screen does not enable a user to save file types by design, whereas a passive screen allows the file type, but it is logged for monitoring and reporting functionality.
» Notifications—When a user attempts to save a file that matches the file screen designation, a notification can be generated. The notification can be the automatic generation of an email warning or event log, a script can be executed, and a report can be generated and sent out immediately.
To create a new file screen template, perform the following steps:
1. Open the File Server Resource Manager and expand it.
2. Double-click File Screening Management.
3. Select File Screen Templates. In the Actions pane, click Create File Screen Template.
4. In the Create File Screen Template window, enter a name for the template—for example, Company Standard File Screen Template.
5. Select the Active Screening option button.
6. In the File Group section, check the boxes next to the following file groups:
. Audio and Video Files
. Backup Files
. Executable Files
. System Files
7. Configure the notification settings on the E-mail, Event Log, Command, and Report tabs, as required.
8. On the Settings tab, review the configuration, and click OK to create the new file screen.
It is important to note that file screens are based on the filename or filename extensions defined within the file groups applied to the file screen. A savvy end user can simply rename a screened file to bypass the file screen, but Windows Server 2008 R2 has the ability to detect some files by their characteristics and not necessarily by the file extension name, so extended testing should be performed when very strict file screening enforcement is required to ensure the highest level of reliability.
File Screen Exceptions
In many cases, as with quotas, file screen standards can be created and applied to server storage, but certain file types might be required or certain users might require storage of blocked file types. In these cases, file screen exceptions can be created and applied to subfolders of a file-screened parent folder. For example, in the previous example, a template was created to block executables but a file screen exception could be created to allow executable files in a subfolder. Of course, the subfolder should be secured by NTFS permissions to limit who can save these types of files to the folder.
Source of Information : Sams - Windows Server 2008 R2 Unleashed (2010)
No comments:
Post a Comment