WindowsServer

Server 2012 – Customize Access Denied on shared folder

If you manage one or several file servers in your infrastructure, you may have the will to customize the Access Denied error message displayed to users. This feature can be used since Windows 8 and Windows Server 2012. It is called Access-Denied Assistance.

Access Denied Custom Message

Access Denied Custom Message

Access-Denied Assistance can be useful if you want to simplify the process to grant  folder permissions to users. Sometime, the user does not know the full path, neither rights needed.

With Access-Denied Assistance, shared folder administrator will receive an email with all information required. No more call for user access.

Let’s see how to do that with Server 2012 R2.

Role Installation

File Server Resource Manager is a role included under the File and Storage Services.

  • To install FSRM, go to Server Manager and check File Server Resource Manager:
FSRM Installation

FSRM Installation

  • Confirm Role installation and wait to finish:
Role Installation

Role Installation

Role Installation

Role Installation

  • After the installation, you will get the File Server Resource Manager console.
FSRM Console

FSRM Console

Configuring Server Options

We need to enable file server to send email for each request assistance. To do this, we need to configure Server Options:

  • Right click on File Server Resource Manager (Local) and select Configure Options.
FSRM Server Options

FSRM Server Options

  • On the Email notification tab, set your email server and an email address. You can set your security team distribution list for example.
FSRM Email notification

FSRM Email notification

Default Access Denied message

When we enable the Access-denied Assistance, Microsoft suggests an error message. You can adapt it according your language or your strategy. It will be displayed for all shared folder.

  • Right click on File Server Resource Manager (Local) and select Configure Options.
FSRM Server Options

FSRM Server Options

  • On the Access-Denied tab, check the Enable access-denied assistance.
Access-denied Enabled

Access-denied Enabled

  • Now, when unauthorized user tries to access shared folder, he gets this message:
Custom Access Denied Message

Custom Access Denied Message

Message for specific folder

It is also possible to set a specific custom access denied message for one folder.

  • Under Classification Management, Right clic on Classification Properties and select Set Folder Management Properties.
Folder Management Properties

Folder Management Properties

  • Add a Path/value property:
Set Folder Management Properties

Set Folder Management Properties

  • Set Folder path and your custom message:
Specific Message

Specific Message

  • User will get the specifc message:
Specific error message

Specific error message

Request Assistance

In order to allow user to get the Request Assistance action, we need to configure Email Requests options.

  • On the Access-Denied Assistance tab, under the server options, clic on Configure email requests:
Configure email request

Configure email request

  • On the Access-Denied Assistance window, check Enable users to request assistance and set others information:
Access-denied email request

Access-denied email request

  • For a access denied error, user will have the possibility to request Assistance.
Request Assistance

Request Assistance

Request Assistance

Request Assistance

  • Administrator will get an email with all information required.
Request Assistance Email

Request Assistance Email

More

You can have more information about Access-Denied Assistance here.

Leave a Reply

Your email address will not be published. Required fields are marked *