File Screening Management Scenarios

  • Article

Applies To: Windows Server 2008

File screens are used to block specific types of files from being saved on a volume or in a folder tree. To specify which files to screen, you assign one or more file groups to a file screen. The File Screening Management node of File Server Resource Manager includes all the necessary options to work with file screens.

There are three groups of scenarios for testing File Screening Management:

  • Testing File Groups

    • Scenario 1: Using a file group to block specific file names

  • Testing File Screens

    • Scenario 1: File screens on user folders

    • Scenario 2: File screen exceptions on specific user folders

  • Testing File Screen Templates

    • Scenario 1: A file screen to monitor executable and system files saved on a shared folder

    • Scenario 2: Using a file screen template to update file screens

Note

For more information about File Screening Management, the different tasks that are available in this node, and step-by-step procedures, see Screening Files earlier in this guide.

Testing File Groups

We recommend using the following scenario to familiarize yourself with some of the file group tasks in File Server Resource Manager.

Scenario 1: Using a file group to block specific file names

File Server Resource Manager includes several default file groups for screening, which include various common file types, based on their file name pattern. But you may want to block specific files that do not follow a specific pattern.

Test setup:

Under File Groups, click Create File Group in the Actions pane to create a new file group with the following properties:

  • File group name: Specific Files

  • Files to include: file_name1.exe, file_name2.dll, file_name3.txt

  • Files to exclude: (leave blank)

Verification:

  • Under File Groups, in the Results pane, verify that the new Specific Files file group is listed and includes the specific files.

Testing File Screens

We recommend using the following two scenarios to familiarize yourself with some of the file screen tasks in File Server Resource Manager.

Scenario 1: File screens on user folders

File screens can be used to block specific types of files from being saved on shared storage resources. When a file screen is applied on a specific folder, the screening properties apply to that folder and all of its subfolders.

Test setup:

If you have not already done so, perform the first scenario for testing auto apply quotas (see "Scenario 1: Auto apply quotas on user folders" in Quota Management Scenarios earlier in this guide).

When you have completed this scenario and have created all of the user folders, create a file screen on the parent Users folder, using the Block Executable Files template. For more information about how to create a file screen based on a file screen template, see "Creating a File Screen" in Screening Files earlier in this guide.

Verification:

  • Under File Screens, in the Results pane, verify that the new file screen for the Users folder is listed.

  • Verify that you cannot save a file in the parent Users folder with any of the extensions included in the Executable Files file group (for example, .exe, .cmd, .bat, and so on).

  • Verify that you cannot save the same type of files in any of the user folders (for example, in: D:\Users\User01).

  • Create a new subfolder inside a user folder (for example: D:\Users\User01\Temp) and verify that you cannot save the same type of files in the newly created subfolder.

Scenario 2: File screen exceptions on specific user folders

File screen exceptions expand the flexibility of the file screening capabilities in File Server Resource Manager by creating an exception to any screening rules derived from a parent folder.

Test setup:

If you have not already done so, perform the first scenario for testing file screens (see Scenario 1: File screens on user folders earlier in this guide).

When you have completed this scenario, apply a file screen exception on one of the user folders (for example: D:\Users\User02) by selecting the Executable Files file group to be excluded from screening. For more information about how to create a file screen exception, see "Creating a File Screen Exception" in Screening Files earlier in this guide.

Verification:

  • Under File Screens, in the Results pane, verify that the new file screen exception is listed for the specific user folder that you selected.

  • Verify that you can now save files in this folder with any of the extensions included in the Executable Files file group (for example, .exe, .cmd, .bat, and so on).

  • Verify that you still cannot save a file in the Users folder (the parent folder of the one you selected for the file screen exception) with any of the extensions included in the Executable Files file group.

Testing File Screen Templates

We recommend using the following two scenarios to familiarize yourself with some of the file screen template tasks in File Server Resource Manager.

Scenario 1: A file screen to monitor executable and system files saved on a shared folder

File screens can also be used to generate notifications when specific types of files are saved on a volume or on a folder, without blocking the user from saving them.

Test setup:

Using the Monitor Executable and System Files template*,* create a file screen on a shared folder on your server (for example, E:\Scratch). For more information about how to create a file screen based on a file screen template, see "Creating a File Screen" in Screening Files earlier in this guide.

Verification:

  • Copy or generate a file in the shared folder, with any of the extensions included in the Executable Files file group (for example, .exe, .cmd, .bat, and so on) and then verify that the selected notifications have been created and received.

  • Copy or generate a file in the shared folder, with any of the extensions included in the System Files file group (for example, .dll, .sys, .vxd, and so on) and then verify that the selected notifications have been created and received.

Scenario 2: Using a file screen template to update file screens

As with quota templates, if you base your file screens on file screen templates, you can automatically update all file screens that are based on a specific template simply by editing that template.

Test setup:

If you have not already done so, perform the first scenario for testing file screens (see Scenario 1: A file screen to monitor executable and system files saved on a shared folder earlier in this guide).

When you have completed this scenario, under File Screen Templates, edit the Block Executable Files template and select to also block files in the Backup Files file group. When prompted, select to apply the template changes to all derived file screens.

Verification:

  • Under File Screens, in the Results pane, verify that the file screen for the Users folder now includes Backup Files in the list of file groups to block.

  • Verify that you cannot save a file in the Users folder or in its subfolders with any of the extensions included in the Backup Files file group (for example, .old, .bak, .bck).

  • Under File Groups, select to edit the Backup Files group and add the following parameter in Files to exclude: test_file.bak

  • Finally, verify that you can now save a file called test_file.bak in the Users folder and in any of its subfolders.