It's quite common to find unauthorized file types stored on network servers. This not only can cause problems with your network, but it can also leave your company vulnerable to certain legal liabilities. Fortunately, Windows Server 2008 makes it easy to prohibit users from doing this. Let's take a look at how it's done.
Laying the groundwork
Before you get started, there are a few components that need to be installed on your server. The first of these is the File Services role. To install this, open Server Manager and select the Roles container. When you click the Add Roles link, Windows will then launch the wizard. Click Next to bypass the wizard's Welcome screen and you will be asked which roles you want to install. You must install the File Services role (unless it is already installed) along with the File Server Resource Manager (FSRM) role service. Click Next, and you will see a prompt asking which volumes you would like to monitor. Check the boxes corresponding to the volumes of interest, and click Next.
You will now see a screen asking where you want to save your reports. Just go with the defaults, and click Next (this screen also has an option to send the reports by email if you are interested). Finally, click Install, followed by Finish.
The next step is to open the Server Manager once again and select the Features container. Then click the Add Features link to launch the wizard's initial screen, which displays a tree view of all the features that are available. Navigate through the tree to Remote Server Administration Tools | Role Administration Tools | File Services Tools. Expand the File Services Tools container and select the File Server Resource Manager Tools check box. Click Next, followed by Install and Windows will install the necessary files. When the file copy process completes, click Finish.
Creating a file screen
Now that you've installed the necessary components, it's time to create a file screen. To do so, close and then reopen the Server Manager. Next, navigate through the console tree to Roles | File Services | Share and Storage Management | File Server Resource Manager | File Screening Management. The File Screening Management container contains three sub-containers, as shown in Figure A.
The first container you should look at is dubbed File Screen Templates. As you can see in Figure A, file screen templates are basically collections of file types related to a common function. For example, the Block Audio and Video template includes file types such as .MP3, .WMA and .MPG.
Figure B displays the File Groups container, which defines all of the file types that are included in a file group. For example, the Audio and Video file group is made up of .AAC, .AIF, .AIFF and .AIS files, along with a lot of other types not shown on the screen. If the default file groups don't get the job done for you, you can use the Create File Group link to create a new file group.
NOTE: The File Screen Templates container also contains a link that can be used to make custom file screen templates.
Creating the actual file screen is fairly easy. Right-click on the File Screens container and choose the Create File Screen command from the resulting shortcut menu. Windows will then display the Create File Screen dialog box shown in Figure C.
As you can see in Figure C, all you really have to do next is associate a file screen with a path on the hard disk, and then click the Create button. You do have the option of getting a little bit more creative, though. For example, if you click the Custom Properties button, you'll be given a choice between active screening and passive screening. Active screening prevents users from saving unauthorized files, while passive screening is only used for monitoring purposes.
Creating a custom file screen also gives you the option of generating email alerts reports, logging messages to the event log and running commands. Figure D shows what the dialog box used for creating custom file screens looks like.
After that, you are all set. Again, this is a great way to ensure that users don't use up valuable disk space with unauthorized files (such as illegally downloaded music), and as you can see, the process is rather simple using Server Manager in Windows 2008.
ABOUT THE AUTHOR
Brien M. Posey, MCSE, has received Microsoft's Most Valuable Professional Award four times for his work with Windows Server, IIS and Exchange Server. He has served as CIO for a nationwide chain of hospitals and healthcare facilities, and was once a network administrator for Fort Knox. You can visit his personal Web site at www.brienposey.com.
This was first published in October 2008