If you manage one or several file servers in your infrastructure, you may have the will to prevent users to paste files with specific extensions. This behavior can be motivated because you don’t have enough storage for big files or for security reasons. Moreover, if you use DFSR to replicate shared folder to another site, you don’t want to block the bandwidth with a movie replication.
Microsoft Windows Server included a role which provide us the ability to manage files on shared folder: File Server Resource Manager (FSRM).
In order to block, deny some file extensions, we need to install and configure this role. Let’s see how to do that with Server 2012 R2.
File Server Resource Manager is a role included under the File and Storage Services.
- To install FSRM, go to Server Manager and check File Server Resource Manager:
- Confirm Role installation and wait to finish:
- After the installation, you will get the File Server Resource Manager console.
Configuring Server Options
In addition to deny the file, we can enable file server to send email for each file blocked, to administrator and the user itself. To do this, we need to configure Server Options:
- Right clic on File Server Resource Manager (Local) and select Configure Options.
- On the Email notification tab, set your email server and an email address. You can set your security team distribution list for example.
Microsoft provides us 11 File Groups which contain extension types. For example, the File Group Audio and Video Files blocks all movies and music extension, like .avi and .mp3.
Once, the file Group is created, we need to deploy the template on a folder.
- Right clic on File Screen under File Screening Management:
- Enter the path of your folder and select the template used.
- We want to change settings for this screen, like email notification. Right clic on your File Screen and select “Edit File Screen Properties“
- On the first tab, we can change if it is an Active or Passive screening. We can select one or several file groups to deny.
- On the Email Message, we enabled FSRM to send email at the user and another address when a file is blocked.
- By default, FSRM send a Warning information to the Event Logs. We can enable or disable this:
- It is possible to run a command line or script for each file blocked:
Henceforth, when a user tries to copy paste a file with a blocked extension, he will get an Access denied error:
At the same time, he will receive an email, just as the email set in Email message tab.
You can get more information about File Server Resource Manager here.
Pingback: WanaCry 2.0, el mayor ciberataque a empresas y administraciones públicas que ha colapsado a medio mundo | Wise