Screening Files

  • Article

Applies To: Windows Server 2003 R2

Create file screens to block certain files from being saved on a volume or in a folder tree. A file screen affects all folders in the designated path. For example, you might create a file screen to prevent users from storing audio and video files in their personal folders on the server.

To specify which files to screen, you assign one or more file groups to the file screen. For information about file groups, including a list of the default file groups that are provided with File Server Resource Manager, see “Working with File Groups” earlier in this guide.

To simplify the management of file screens, we recommend that you base your file screens on file screen templates. File Server Resource Manager provides several default file screen templates, which you can use to block audio and video files, executable files, image files, e-mail files, and meet some other common administrative needs. Templates set up active or passive screening, and provide default notification text. To view the default templates, select the File Screen Templates node in the File Server Resource Manager console tree.

Creating a File Screen

In the following procedure, you will create a new file screen, and in the process save a file screen template based on the custom file screen properties that you defined. The new template will be applied to the file screen so that a link is maintained between the file screen and the template. You can use the same method for creating a quota template.

To create a file screen

  1. In the console tree, under File Screening Management, right-click File Screens, and then click Create file screen. This opens the Create File Screen dialog box.

  2. Under File screen path, type or browse to the folder to which the file screen will apply. The file screen will also apply to all subfolders of the selected folder.

  3. Under How do you want to configure file screen properties, click the Define custom file screen properties , and then click Custom Properties. This opens the File Screen Properties dialog box.

  4. If you want to copy properties from an existing template, select the template that you want to use, and click Copy. You can edit the properties for the new file screen.

  5. Under Screening type, select the type of screening to apply:

    • Active screening prevents users from saving files that are members of blocked file groups, and generates notifications when users try to save blocked files. (The file screen does not prevent users and applications from accessing files that were saved to the path before the file screen was created, regardless of whether the files are members of blocked file groups.)

    • Passive screening sends notifications, but does not prevent users from saving blocked files.

    To specify which files to screen, under File Groups, select each file group that you want to include.

    If you want to view the members and non-members of a file group, click the file group, and then click Edit. For instructions on creating a file group, see “Working with File Groups” earlier in this guide.

  6. To configure e-mail notifications for the file screen, set the following options on the E-mail Message tab:

    • To notify administrators when a user or application attempts to save an unauthorized file, select Send e-mail to the following administrators, and enter the administrative accounts that will receive notifications. Use the format account@domain; use semicolons to separate multiple accounts.

    • To send a notice to the user who attempted to save an unauthorized file, select Send e-mail to the user who attempted to save an unauthorized file.

    • Optionally, edit the default subject line and message body. The text that is in brackets inserts variable information about the file screen event that caused the notification. For example, the [Source Io Owner] variable inserts the user name of the user or application that attempted to write the file to disk. Use the Insert Variable button to insert additional variables in the text.

  7. If you want to log an error to the event log when a user tries to save a blocked file, on the Event Log tab, select the Send warning to event log check box, and, optionally, edit the default log entry.

    In addition, you can set options on the Command tab to run a command or script when a user attempts a file screen violation, and set options on the Report tab to specify one or more storage reports to be generated automatically.

  8. When all file screen properties are complete, click Create to save the file screen.

    You will be asked if you want to save a file screen template based on the custom file screen properties you just defined. If you plan to use the current settings in other file screens, we recommend that you save them as a template. The template will be applied to the new file screen. This will enable you to update the file screen automatically whenever you update the template.

  9. To save a template when you create the file screen, select Save the custom properties as a template, enter a name for the template, and click OK.

Creating a File Screen Exception

Occasionally, you will need to allow exceptions to file screening. For example, you might want to block video files from a file server but you need to allow your training group to save the video files for their computer-based training. To allow files that other file screens are blocking, create a file screen exception.

A file screen exception is a special type of file screen that overrides any file screening that would otherwise apply to a folder, and all its subfolders, in a designated exception path. That is, it creates an exception to any rules derived from a parent folder. To determine which files to include in the exception, file groups are assigned.

Note

You cannot create a file screen exception on a folder for which you already have a file screen. You should assign the exception to a subfolder or make changes to the existing file screen.

To create a file screen exception

  1. In the console tree, under File Screening Management, right-click File Screens, and then click Create file screen exception. This opens the Create File Screen Exception dialog box.

  2. Under Exception path, type or browse to the folder to which the exception will apply. The exception will also apply to all subfolders.

  3. To determine which files to exclude from file screening, in File groups, select each file group that you want to include in the file screen exception.

    If you want to view the members and non-members of a file group, select the file group, and then click Edit. For information about creating file groups, see “Working with File Groups” earlier in this guide.

  4. Click OK.

Monitoring File Screening

In addition to the information in your file screen notifications, you can monitor file screening by viewing file screens in the File Screening task area and by generating a File Screening Audit report.

Viewing file screening information

To view file screening information in the File Server Resource Manager console tree, click File Screening Management, and then click the node that you want to view (File Screens, File Screen Exceptions, or File Groups).

  • For each file screen, the results pane displays the following information: the path that the file screen was created for, the type of file screen (file screen or exception), the file groups included in the file screen, and the template on which the file screen is based.

  • For the selected file screen, the description area lists all file groups that are being blocked on the file screen path. This includes file groups that are blocked by the current file screen as well as file groups blocked by file screens created higher in the file screen path.

File Screening Audit report

Use the File Screening Audit report to identify individuals or applications that violate file screening policy. For instructions on generating a File Screening Audit report, see “Generating Storage Reports” later in this guide.