If you manage one or several file servers in your infrastructure, you may have the will to customize the Access Denied error message displayed to users. This feature can be used since Windows 8 and Windows Server 2012. It is called Access-Denied Assistance.
Access-Denied Assistance can be useful if you want to simplify the process to grant folder permissions to users. Sometime, the user does not know the full path, neither rights needed.
With Access-Denied Assistance, shared folder administrator will receive an email with all information required. No more call for user access.
Let’s see how to do that with Server 2012 R2.
Role Installation
File Server Resource Manager is a role included under the File and Storage Services.
- To install FSRM, go to Server Manager and check File Server Resource Manager:
- Confirm Role installation and wait to finish:
- After the installation, you will get the File Server Resource Manager console.
Configuring Server Options
We need to enable file server to send email for each request assistance. To do this, we need to configure Server Options:
- Right click on File Server Resource Manager (Local) and select Configure Options.
- On the Email notification tab, set your email server and an email address. You can set your security team distribution list for example.
Default Access Denied message
When we enable the Access-denied Assistance, Microsoft suggests an error message. You can adapt it according your language or your strategy. It will be displayed for all shared folder.
- Right click on File Server Resource Manager (Local) and select Configure Options.
- On the Access-Denied tab, check the Enable access-denied assistance.
- Now, when unauthorized user tries to access shared folder, he gets this message:
Message for specific folder
It is also possible to set a specific custom access denied message for one folder.
- Under Classification Management, Right clic on Classification Properties and select Set Folder Management Properties.
- Add a Path/value property:
- Set Folder path and your custom message:
- User will get the specifc message:
Request Assistance
In order to allow user to get the Request Assistance action, we need to configure Email Requests options.
- On the Access-Denied Assistance tab, under the server options, clic on Configure email requests:
- On the Access-Denied Assistance window, check Enable users to request assistance and set others information:
- For a access denied error, user will have the possibility to request Assistance.
- Administrator will get an email with all information required.
More
You can have more information about Access-Denied Assistance here.