File Services Resource Manager Back to Page 1

Scenario

We want to restrict the kind of files that can be stored in a folder. Specifically, we don’t want users to save audio or video files there, since these take up too much space. For this purpose, we will deploy File Services Resource Manager, an Active Directory tool.

Practice-Labs Machines

• PLABDC01
• PLABWIN10

Installing FSRM

The first step is to install File Services Resource Manager

Launch Server Manager

Click Manage
(Menu displays)

Click Add Roles and Features.
(“Before you begin” screen may display).

NOTE: Manage menu brings up different services. After you load the service, you’ll find it in the Tools menu.

Click Next.
(“Select Installation type” screen displays)

Click Next.
(“Select destination server” screen displays.)

(Your target server should already be selected.)

Click Next.
(“Select server roles” screen displays).

Expand File and Storage Services (2 of 12 installed).
(sub-items display).

Expand File and Storage Services (2 of 12 installed)/ File and iSCSI Services (1 of 11 installed).
(“File Server Resource Manager” displays).

Check File Server Resource Manager.
(“Add Roles and Features Wizard” dialog box displays)

Click Add Features.
(“Select server roles” screen re-displays)

Click Next.
(“Confirm installation selections” screen displays).

Review settings and click Install.
(Service is installed).

Configuring FSRM

The next step is to configure File Server Resource Manager.

Open Service Manager.
(“Dashboard” displays)

Click Tools
(menu displays)

Click File Server Resource Manager.
(“File Server Resource Manager” screen displays).

Expand File Screening Management
(sub-items display)

Select File Screens.
(Nothing is set up yet, so the screen is blank)

Right-click
(menu displays)

Click Create File Screen.
(“Create File Screen” dialog box displays).

Click Browse and navigate to the folder you want to set up a screen for.
(In this case, we go to C:/Share2/GroupA. “Group A” is the folder.)

Click OK.
(“File screen path” has been defined).

Notice that Derive properties from this file screen template (recommended)/ “Block Audio and Video Files” is selected.

NOTE: Define custom file screen properties that would allow us to select particular file types (e.g., MP4) to block.

Click Create.
(A rule prohibiting saving audio or video files to the select folder has been created).

Diagnosing the issue with Event Viewer

If the user tries to save an audio or video file to the “Group A” folder, a prompt displayed, as per below.

Notice that More details are grayed out.

If you were troubleshooting why the file saves is being blocked, open Event Viewer.

Expand Windows Logs.
(sub-items display.
“Application” and “System” would be the folders most likely to show an ERROR (in red font) explaining what happened).

Organizational Units vs. Containers

In the screencap below, in the left panel, notice the “container” items (e.g., “Built-in,” “Computers,” etc.) underneath the domain. An “OU” is a special kind of “container”. A group policy can be applied to an OU, but not to a regular container. When a group policy is applied to an OU, this policy can apply to all the devices within it.

Creating an Organizational Unit (Example 1)

Right-click on the domain.
(In this case, the domain is “dcjk.jobskillshare.org”).
(menu displays)

Click New/Organizational Unit.
(“New Object – Organizational Unit” dialog box displays)

Enter the name of the OU, for example, “desktop”.

Click OK.
(Organizational Unit is created).

Notice the containers “Computers” and “desktop”. We can apply a group policy to “desktop” but not to “Computers”.

Creating an Organizational Unit (Example 2)

Let’s create another Organizational Unit.

Highlight the domain “dcjk.jobskillshare.org”.

Click the “Create a new organizational unit in the current container” button.
(“New Object – Organizational Unit” dialog box displays).

Enter a Name (e.g., “Staff members”).

Click OK.
(“Staff Members” OU is created).

The sysadmin can now apply a group policy to this OU. This policy could, for example, give access to a server that stores sensitive accounting information. The sysadmin could add a user to the “Staff Members” OU. The user would then have access rights to the accounting server.