Step 22 - Restrict Files to Full-Time Fabrikam Employees

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2

This step explains how to create a file management task to restrict access of high business impact files to full-time Fabrikam employees. This task will apply the Fabrikam FTE Confidential rights policy template to all of the documents that have been classified with a High property. The original owner of the file will retain full control of the AD RMS protection, unless the owner is not registered in Active Directory. In that case, the Administrator will gain full control of the AD RMS protection on the file. It will also send an e-mail to the owner of the document when the template is applied to the document.

To create the file management task to restrict files to full-time Fabrikam employees

  1. Log on to FCI.fabrikam.com as Administrator

  2. Copy the script from Appendix B into notepad and save it as c:\windows\system32\MarkHBIandProtect.ps1.

  3. Click Start, click Administrative Tools, and click File Server Resource Manager.

  4. In the File Server Resource Manager, on the left, right-click File Management Tasks, and select Create File Management Task. This will bring up the Create File Management Task window.

  5. Under Task name:, enter Restrict HBI files to full-time Fabrikam employees.

  6. Under Description, enter Apply Fabrikam FTE Confidential rights policy.

  7. Under Scope, click Add and browse to FabrikamDocuments. Click OK

  8. At the top, click the Action tab.

  9. Under Type, select Custom from the drop-down.

  10. Under Executable, select Browse and navigate to c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe.

  11. Under Arguments, enter -File c:\windows\system32\markHBIandprotect.ps1 [Source File Path].

  12. Under Run the command as:, select Local System.

  13. At the top, click the Condition tab.

  14. Click Add. This will bring up the Property Condition window.

  15. On the Property Condition window, make sure Property: is set to Business Impact, set the Operator: to Equals, and for the Value: select High from the drop-down. Click Ok.

  16. Click Add. This will bring up the Property Condition window.

  17. On the Property Condition window, make sure Property: is set to dateEncrypted, select not exist for the condition, and then click OK.

  18. At the top, click the Notification tab.

  19. Click Add. This will bring up the Add Notification window.

  20. Set the Number of days before the task is executed to send notification to 0.

  21. Check Send e-mail to the following administrators:

  22. In the box, enter administrator@fabrikam.com.

  23. Check Send e-mail to the user whose files are about toexpire.

  24. Change the text in the Subject and Message body boxes to indicate that the file was encrypted.

  25. Click OK.

  26. At the top, click the Schedule tab.

  27. On the Schedule tab, click Create. This will bring up the Schedule window.

  28. On the Schedule window, click New.

  29. Except the defaults and click Ok. This will close the Schedule window.

  30. Click OK. This will close the Create File Management Task window.