File Services Resource Manager Back to Page 1
We want to restrict the kind of files that can be stored in a folder. Specifically, we don’t want users to save audio or video files there, since these take up too much space. For this purpose, we will deploy File Services Resource Manager, an Active Directory tool.
The first step is to install File Services Resource Manager
Launch Server Manager
Click Add Roles and Features.
(“Before you begin” screen may display).
NOTE: Manage menu brings up different services. After you load the service, you’ll find it in the Tools menu.
(“Select Installation type” screen displays)
(“Select destination server” screen displays.)
(Your target server should already be selected.)
(“Select server roles” screen displays).
Expand File and Storage Services (2 of 12 installed).
Expand File and Storage Services (2 of 12 installed)/ File and iSCSI Services (1 of 11 installed).
(“File Server Resource Manager” displays).
Check File Server Resource Manager.
(“Add Roles and Features Wizard” dialog box displays)
Click Add Features.
(“Select server roles” screen re-displays)
(“Confirm installation selections” screen displays).
Review settings and click Install.
(Service is installed).
The next step is to configure File Server Resource Manager.
Open Service Manager.
Click File Server Resource Manager.
(“File Server Resource Manager” screen displays).
Expand File Screening Management
Select File Screens.
(Nothing is set up yet, so the screen is blank)
Click Create File Screen.
(“Create File Screen” dialog box displays).
Click Browse and navigate to the folder you want to set up a screen for.
(In this case, we go to C:/Share2/GroupA. “Group A” is the folder.)
(“File screen path” has been defined).
Notice that Derive properties from this file screen template (recommended)/ “Block Audio and Video Files” is selected.
NOTE: Define custom file screen properties that would allow us to select particular file types (e.g., MP4) to block.
(A rule prohibiting saving audio or video files to the select folder has been created).
If the user tries to save an audio or video file to the “Group A” folder, a prompt displayed, as per below.
Notice that More details are grayed out.
If you were troubleshooting why the file saves is being blocked, open Event Viewer.
Expand Windows Logs.
“Application” and “System” would be the folders most likely to show an ERROR (in red font) explaining what happened).
In the screencap below, in the left panel, notice the “container” items (e.g., “Built-in,” “Computers,” etc.) underneath the domain. An “OU” is a special kind of “container”. A group policy can be applied to an OU, but not to a regular container. When a group policy is applied to an OU, this policy can apply to all the devices within it.
Right-click on the domain.
(In this case, the domain is “dcjk.jobskillshare.org”).
Click New/Organizational Unit.
(“New Object – Organizational Unit” dialog box displays)
Enter the name of the OU, for example, “desktop”.
(Organizational Unit is created).
Notice the containers “Computers” and “desktop”. We can apply a group policy to “desktop” but not to “Computers”.
Let’s create another Organizational Unit.
Highlight the domain “dcjk.jobskillshare.org”.
Click the “Create a new organizational unit in the current container” button.
(“New Object – Organizational Unit” dialog box displays).
Enter a Name (e.g., “Staff members”).
(“Staff Members” OU is created).
The sysadmin can now apply a group policy to this OU. This policy could, for example, give access to a server that stores sensitive accounting information. The sysadmin could add a user to the “Staff Members” OU. The user would then have access rights to the accounting server.