You manage file screening through the MMC File Server Resource Manager snap-in, which Figure 3 shows. The default installation contains a number of file-group types, which are definitions of common file extensions and their content. For example, there's an Audio and Video Files group that contains nearly all known extensions. Once file groups exist, you can apply a file screen to a disk or folder to enforce certain behavior toward one or more file groups.

You can create an active or passive file screen. If a certain file is a banned file type, an active file screen actually stops the file—in real time—from being written; a passive screen allows the writing of the file but will perform a particular action that you've defined. For a given file screen, you can define a comprehensive set of actions to be performed in the event of an offense (i.e., file activity of a screened file type). These actions include sending an email message to the user or administrator, creating an event log, and creating a report that shows how a certain user is using disk space. You can also initiate a custom action.

The first action type—sending an email message—is crucial to the success of a filescreen rollout. Remember that file screening is a new server-side technology; file screens are invisible to client OSs, and if a user attempted to write a screened file type, he or she would simply receive an Access denied message, then probably get on the phone to the Help desk. By configuring an email action to occur seconds after the Access denied message, you can inform the user, with your own custom text, that company policy prohibits the type of file he or she was attempting to write and that the user should refer to a URL for a full list of company policies surrounding file server usage. Microsoft supplies 11 standard File Groups, which you can modify to add additional file types as necessary.

To avoid the need to recreate actions every time you set a file screen, you can define the actions on templates. You can apply a template to a specific file group, then apply it to disks and folders as necessary. To create a file screen, follow these steps:

  1. Open the MMC File System Resource Manager snap-in by clicking Start, Programs, Administrative Tools, File Server Resource Manager.
  2. Expand the File Screening Management branch, and select File Screens.
  3. In the Actions pane, click Create File Screen.
  4. Click Browse, and select the path to which you want to apply the file screen. You can then select the template from which you want to derive the settings or set specific values, then click Create.

As Figure 4 shows, after you build a template, you can tune it and define other file types or perform other actions as necessary.

Another type of file screen is possible. The standard file screen is to block file groups, but you can also create a file-screen exception. This capability is useful if, for example, you want to block nearly all file types at a root folder level but create an Audio or Images folder as a subfolder. You can then create file-screen exceptions on those subfolders to allow only audio and images, respectively, thereby forcing data to be stored according to a predefined structure—as opposed to anywhere on disk.

Obviously, there's a small amount of overhead associated with this new technology because the system is performing extra checks. However, the overhead isn't significant: File Screening Management intercepts only write and change operations, and I haven't seen any instances in which file screening has introduced any appreciable bottleneck to system operations.

A Final Caveat
These three common solutions can offer a real benefit to almost any environment. However, a non-technical aspect of these solutions must not be overlooked: communication. Both access-based enumeration and file screening directly affect the end user's experience, and unless communication occurs with users before changes are made, the overall implementation will be seen a failure—no matter how technically successful the implementation is. You never want end-user confusion to ensue and productivity to drop.

End of Article

Prev. page     1 2 [3]     next page -->



You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

You guys are over the top. I've had a paid subsription to whatever your magazine is called this month for years and I still can't get to the full text of an article without paying you more money for the Monthly Online Pass too!

What a bunch of greedy #$%@#$% you guys are.

billdunn- May 20, 2007

Article Rating 1 out of 5

Hey Bill, If you have a monthly subscription to Windows IT Pro, you should be able to access the full text of all WITP articles online--that's included in your sub. I'll let our customer service know and will ask them to help you out. You can also email Colette Riehl at criehl@pentontech.com for help. I apologize for any trouble you've had accessing articles, but we'll work on fixing that ASAP. --Anne Grubb, senior editor, Windows IT Pro

AnneG_editor- May 23, 2007

Article Rating 4 out of 5

 
 

ADS BY GOOGLE