В этой статье мы разберем методику использования функционала File Server Resource Manager (FSRM) на файловом сервере Windows Server 2012 R2 для детектировании и блокировки работы вирусов-шифровальщиков (троянов-энкодеров, Ransomware или CryptoLocker). В частности, разберемся, как установить службу FSRM, настроить детектирование определенных типов файлов и, в случае детектирования таких файлов, заблокировать доступ пользователя к каталогу на файловом сервере.
Содержание:
- Детектирование шифровальщиков с помощью FSRM
- Настройка SMTP параметров FSRM для отправки email уведомлений
- Создание группы расширений файлов, создаваемых шифровальщиками
- Настройка File Screen Templates
- Применение шаблона File Screen к диску или папке
- Автоматическая блокировка доступа пользователя, зараженного шифровальщиком
- Тестирование защиты FSRM
Детектирование шифровальщиков с помощью FSRM
Если компонент File Server Resource Manager еще не установлен на сервере, его можно установить с помощью графической консоли Server Manager или из командной строки PowerShell:
Install-WindowsFeature FS-Resource-Manager -IncludeManagementTools
Проверим, что роль установилась:
Get-WindowsFeature -Name FS-Resource-Manager
После установки компонента сервер нужно перезагрузить.
Настройка SMTP параметров FSRM для отправки email уведомлений
Следующий этап — конфигурация SMTP параметров службы FSRM, благодаря которым администратор может настроить отправку email уведомлений на свой ящик. Для этого запустите консоль fsrm.msc, щелкните ПКМ по корню консоли File Server Resource Manager и выберите пункт Configure Options.
Укажите адрес SMTP сервера, почтовый ящик администратора и имя отправителя.
Совет. Если у вас отсутствует внутренний почтовый сервер, можно настроить пересылку через SMTP релей на внешние ящики.
Проверить корректность настройки SMTP сервера можно, отправив тестовое письмо с помощью кнопки Send Test E-mail.
Настроить параметры SMTP службы FSRM также можно выполнить с помощью Powershell:
Set-FsrmSetting -AdminEmailAddress "[email protected]" –smtpserver smtp.adatum.com –FromEmailAddress "[email protected]"
Создание группы расширений файлов, создаваемых шифровальщиками
Следующий шаг – создать группу файлов, в которой будут содержаться известные расширения и имена файлов, которые создают шифровальщики в процессе работы.
Этот список можно задать из консоли FSRM. Для этого разверните раздел File Screening Management -> File Groups и в меню выберите Create File Group.
Нужно указать имя группы (к примеру, Crypto-files) и внести все известные расширения в список с помощью поля Files to include.
Список известных расширений файлов, создаваемых шифровальщиками довольно большой, поэтому намного проще создать его с помощью PowerShell.
В Windows Server 2012 создать группу файлов с помощью PowerShell можно так:
New-FsrmFileGroup -Name "Crypto-files" –IncludePattern @("_Locky_recover_instructions.txt","DECRYPT_INSTRUCTIONS.TXT", "DECRYPT_INSTRUCTION.TXT", "HELP_DECRYPT.TXT", "HELP_DECRYPT.HTML", "DecryptAllFiles.txt", "enc_files.txt", "HowDecrypt.txt", "How_Decrypt.txt", "How_Decrypt.html", "HELP_RESTORE_FILES.txt", , "restore_files*.txt", "restore_files.txt", "RECOVERY_KEY.TXT", "how to decrypt aes files.lnk", "HELP_DECRYPT.PNG", "HELP_DECRYPT.lnk", "DecryptAllFiles*.txt", "Decrypt.exe", "AllFilesAreLocked*.bmp", "MESSAGE.txt","*.locky","*.ezz", "*.ecc", "*.exx", "*.7z.encrypted", "*.ctbl", "*.encrypted", "*.aaa", "*.xtbl", "*.abc", "*.JUST", "*.EnCiPhErEd", "*.cryptolocker","*.micro","*.vvv")
В Windows Server 2008 R2 придется воспользоваться утилитой filescrn.exe:
filescrn.exe filegroup add /filegroup:"Crypto-files" /members:"DECRYPT_INSTRUCTIONS.TXT|DECRYPT_INSTRUCTION.TXT| DecryptAllFiles.txt|enc_files.txt|HowDecrypt.txt|How_Decrypt.txt| How_Decrypt.html|HELP_TO_DECRYPT_YOUR_FILES.txt|HELP_RESTORE_FILES.txt| HELP_TO_SAVE_FILES.txt|restore_files*.txt| restore_files.txt|RECOVERY_KEY.TXT|HELP_DECRYPT.PNG|HELP_DECRYPT.lnk| DecryptAllFiles*.txt|Decrypt.exe|ATTENTION!!!.txt|AllFilesAreLocked*.bmp| MESSAGE.txt|*.locky|*.ezz|*.ecc|*.exx|*.7z.encrypted|*.ctbl| *.encrypted|*.aaa|*.xtbl|*.EnCiPhErEd|*.cryptolocker|*.micro|*.vvv| *.ecc|*.ezz|*.exx|*.zzz|*.xyz|*.aaa|*.abc|*.ccc|*.vvv|*.xxx| *.ttt|*.micro|*.encrypted|*.locked|*.crypto|*_crypt|*.crinf| *.r5a|*.XRNT|*.XTBL|*.crypt|*.R16M01D05|*.pzdc|*.good| *.LOL!|*.OMG!|*.RDM|*.RRK|*.encryptedRSA|*.crjoker| *.LeChiffre|*.keybtc@inbox_com|*.0x0|*.bleep|*.1999| *.vault|*.HA3|*.toxcrypt|*.magic|*.SUPERCRYPT|*.CTBL|*.CTB2|*.locky"
Совет. Список известных расширений файлов различных шифровальщиков можно составить самостоятельно, или воспользоваться готовыми периодически обновляемым списками, ведущимися энтузиастами:
_https://www.bleib-virenfrei.de/ransomware/
_https://fsrm.experiant.ca/api/v1/combined
Во втором случае актуальный список расширений файлов для FSRM можно грузить прямо с веб сервера с помощью Invoke-WebRequest
new-FsrmFileGroup -name "Anti-Ransomware File Groups" -IncludePattern @((Invoke-WebRequest -Uri "_https://fsrm.experiant.ca/api/v1/combined").content | convertfrom-json | % {$_.filters})
Либо воспользоваться готовым файлом: crypto_extensions.txt. Данный файл можно сохранить на диск и обновить с его помощью созданную группу файлов FSRM:
$ext_list = Get-Content .\crypto_extensions.txt
Set-FsrmFileGroup -Name "Crypto-files" -IncludePattern ($ext_list)
Настройка File Screen Templates
Создадим новый шаблон File Screen Template, в котором определяются действия, которые FSRM должен выполнить при обнаружении указанных файлов. Для этого в консоли FSRM перейдите в раздел File Screen Management -> File Screen Templates. Создадим новый шаблон Create File Screen Template.
На вкладке настроек укажем имя шаблона “Block_crypto_files”, тип скрининга – Active screening (запрещается создавать указанные типы файлов) и в списке групп файлов выбрать Crypto-Files.
На вкладке E-mail Message включим отправку почтовых уведомлений, настроив текст оповещения по-своему вкусу.
На вкладке Event Log включим запись события в системный журнал. С указанием записывать только имя пользователя: [Source Io Owner]
На вкладке Command можно указать действие, которое нужно выполнить при обнаружении такого типа файла. Об этом чуть ниже.
Сохраните изменения. В списке шаблонов должен появится еще один.
Применение шаблона File Screen к диску или папке
Осталось назначить созданный шаблон к диску или сетевой папке на сервере. В консоли FSRM создадим новое правило Create File Screen.
В поле File screen path нужно указать локальный диск или путь к каталогу, для которого мы хотим включить систему защиты от шифровальщика, а в списке шаблонов выбрать созданный ранее шаблон Block_crypto_files.
Автоматическая блокировка доступа пользователя, зараженного шифровальщиком
Осталось настроить действие, которое FSRM будет выполнять при обнаружении файлов, созданных шифровальщиками. Мы воспользуемся готовым скриптом: Protect your File Server against Ransomware by using FSRM and Powershell (https://gallery.technet.microsoft.com/scriptcenter/Protect-your-File-Server-f3722fce). Что делает этот скрипт? При попытке записать «запрещенный» тип файла в сетевой каталог, FSRM запускает данный скрипт, который анализирует журнал событий и на уровне шары запрещает запись пользователю, из-под осуществлялась попытка записать запрещенный тип файла. Таким образом, мы заблокируем доступ зараженного пользователя к сетевой папке.
Скачайте указанный скрипт и распакуйте его в корень каталога C:\ на файловом сервере. В эту же папку скопируйте утилиту SubInACL (нужна для изменения разрешений на сетевой каталог). В каталоге должны оказаться следующие файлы:
- RansomwareBlockSmb.ps1
- StartRansomwareBlockSmb.cmd
- subinacl.exe
Примечание. В PS скрипте пришлось изменить строки:
$SubinaclCmd = "C:\subinacl /verbose=1 /share \\127.0.0.1\" + "$SharePart" + " /deny=" + "$BadUser"
и
if ($Rule -match "Crypto-Files")
Осталось в настройках шаблона “Block crypto files” на вкладке Command указать, что должна запуститься командная строка с аргументом StartRansomwareBlockSmb.cmd:
Run this command or script:
c:\windows\system32\cmd.exe
Command arguments:
/c “c:\StartRansomwareBlockSmb.cmd”
Команда должна выполняться с правами локальной системы (Local System).
Тестирование защиты FSRM
Протестируем, как работает защита FSRM от шифровальщиков. Для чего в защищаемом каталоге создадим файл с произвольным расширением, и попробуем изменить его на запрещенное .locky.
При попытке сохранить запрещенный файл FSRM запишет в журнал событие:
Event ID: 8215
Source: SRMSVC
Скрипт RansomwareBlockSmb.ps1на основании данных из события запретит текущему пользователю доступ к данному каталогу, выставив в разрешениях на шару персональный deny:
Защита работает! В корне диска в логе можно посмотреть каталог и пользователя, из-под которого пытался запустится шифровальщик.
Если нужно обеспечить еще более высокий уровень зашиты, можно перейти от черного списка файлов к белому, когда на файловом сервере можно сохранять только файлы разрешенных типов.
Итак, мы рассмотрели, как с помощью FSRM автоматически блокировать доступ к сетевым каталогам пользователям, компьютеры которых заражены вирусом-шифровальщиком. Естественно, использование FSRM в таком режиме не может дать 100% гарантию защиты файлов на серверах от этого класса вирусов, но как один из эшелонов защиты, методика вполне себе пригодна. В следующих статьях мы рассмотрим еще несколько вариантов противодействия вирусам-шифровальщикам:
- Как восстановить файлы пользователя из снимков VSS после заражения шифровальщиком
- Блокировка вирусов и шифровальщиков с помощью Software Restriction Policies
[Updated on Date: 2021-02-01] Before you can create any file management strategy on a Windows server, you must install the File Server Resource Manager (FSRM) on the server. How to install FSRM on Windows Server 2012 is one of the application topics related to Windows Server, which will be discussed in this article. Once this role is installed, you can use its various tools to manage server files. You can visit the packages available in Eldernode to purchase a Windows VPS server. Stay tuned for the rest of this article.
Table of Contents
FSRM is one of the features available in Microsoft Windows Server. This feature enables you to better manage your data stored in the file server and categorize it. Using FSRM, you can classify the files on your file server and assign specific tasks to each created category. You can set a specific amount of space for each folder and volume created, report on the amount of storage space you have, and monitor it as well.
Available tools in FSRM
Quota Management: This allows the admin to divide disk space based on folder structure rather than drive structure.
File Screening: This allows the admin to create a blacklist of a variety of files that are allowed or unauthorized to be stored on the server.
Storage Reports: The admin can receive reports from the server instantly or as scheduled.
File Screen Report: File Screen Report
Quota Report: Quota status report
Large Files Report: Report large files
Most Accessed File Report: Report the most accessed files.
Least Accessed File Report: Report the least accessed files.
Files by Owner Report: Groups files by Owner.
File Classification Infrastructure: Allows admins to sort files by content.
File Management Tasks: Using this feature, you can run operations on files that have certain criteria based on File Classification.
Note: The FSRM role is a File and Storage service.
Step by step tutorial for installing FSRM role
1. In Server Manager, click Add Roles and Features.
2. On the page before you begin, click Next.
3. On the Installation Type page, click the first option, Role-base or feature-based installation, and then click Next.
4. In the Select Destination Server page, select the desired server and click Next.
***
5. On the File and Storage Services page, Select server roles. Then open File and iSCSI Services. Select the File Server Resource Manager option.
When the Add roles and feature wizard page opens, click Add features and then click Next.
6. Finish the installation and click Finish.
Conclusion
After explaining about FSRM and how to install it in Windows Server 2012, the tools available in FSRM were mentioned. Then the step-by-step installation of the FSRM role was explained with the relevant pictures.
File Server Resource Manager is use to apply quota on Share folders and it sub folders. File Server Resource Manager is provide two types of quota, hard quota and soft quota.
Hard quota: In Hard quota users are not allow to exceed the limit. for example: if Administrator apply 5GB quota on Shared Folder «Folder1», Those users who have access on this Shared Folder «Folder1» only can move 5GB Data.
Soft Quota: In Soft quota users are allow to exceed the limit. Soft quota is only use for the monitoring purpose.
File Server Resource Manager is also use for file screening policies means user is restrict to not move specific type of file extensions as per the Organization rules. File Server Resource Manager manage files and folders by use of Storage Report Management, Classification Management and File Management Task.
To install File Server Resource Manager on Windows Server 2012 R2 click on «Add roles and features» on server manager.
After click on Add roles and features click «Next» to continue. if you want to remove roles and features this page also help you therefore not check mark the «Skip the page by default».
To select the installation type choose the option of «Role-based or feature-based installation». Select a server from Server Pool then click «Next» to continue. Select the Server Role «File Server Resource Manager» from the Roles window.
Click on «Add Features» to include the Management tools that are required for File Server Resource Manager. To complete the installation of File Server Resource Manager click on «install». You can also tick mark on «Restart the destination server automatically if required». File Server Resource Manager has been successfully installed.
Create Quota: In File Server Resource Manager (FSRM), Quota restrict the user to store a fixed size of data on folder «Shared Folder». To create a quota on shared folder quota template is require. In File Server Resource Manager (FSRM) some default quota templates are already available. To create a custom quota template click on «Create Quota Template» in «Quota Templates».
Provide the below mention details to Create Quota Template, You can change as per your requirement.
Template name: 25 GB Limit.
Description (optional): For Users.
Space limit: 25 GB.
Hard quota: Do not allow users to exceed limit.
After provide the details click on «OK» to Create Quota Template.
The Hard quota of 25 GB Limit has been created. you can see on the below image, if you not see image clearly then click on image the image will open it’s original size.
To create a quota on shared folder click on «Create Quota» in Quotas.
Select a shared folder «Data» in Quota path, Choose option «Auto apply template and create quotas on existing and new sub folders» and select quota template «25 GB Limit» in Derive properties from this quota template (recommended) then click «Create».
The quota has implemented successfully on Shared Folder «Data» and its Sub folders, because we have choose the option «Auto apply template and create quotas on existing and new sub folders».
Create File Screen: To create a File Screen on File Server Resource Manager
first create a File Screen Template. Some default File Screen Templates are
already available. We will use default File Screen Template “Monitor Executable
and System Files”, its Screening Type is “Passive” means use only for
monitoring purpose and its File Group includes Executable Files and System file therefore user receive warning when he/she will move Executable Files and System file on File Screening Shared folder.
To create a File Screen on File Server Resource Manager click on «Create File Screen» in File Screening Management.
Provide a shared folder «Data» in File screen path and provide File screen template «Monitor Executable and System Files» in Derive properties from this file screen template (recommended) then click «Create».
The File Screen has successfully created on Shared Folder as shown in the below image.
Thanks for Read this Article
What is FSRM?
FSRM (File Server Resource Manager) is a set of tools that allow administrator to understand, control, and manage the quantity and type of data stored on your servers.
There are five main features in FSRM as below,
- File Classification Infrastructure – automates the processes behind classification so administrators have a more effective and insightful way to manage data.
- File Management Tasks – helps administrators apply conditional actions or policies based on how they are classified.
- File screening management – helps administrators control what kinds of files end users are allowed to store on file servers.
- Quota management – helps administrators limit how much space can be used for folders and volumes and can also be applied for new folders and volumes.
- Storage reports – helps administrators identify disk usage trends and how data is classified.
Note: Administrator can also configure email notifications to get the alerts.
Step by Step Installation & Configuration:
Open Server Manager and Click Add roles and features
Click Next to begin.
Select the Role Based or Feature Based Installation.
Select the Server to install.
Select the Role, File server Resource Manager and Click Next.
Click Next on the Features page.
Now finally Click Install on the confirmation page.
Now the Role is installed successfully. Click Close.
Now Open File Server Resource Manager in Tools.
File Screening Management:
In the File Server Resource Manager console, expand File Screening Management, and then click File Group, Right Click File Group and click Create File Group.
In the Create File Group Properties window, in the File group name box, type Media Files, then in the Files to include box, type *.mp* and *.torrent, and then click Add, in the Files to exclude box, type *.docx and *.xlsx, *.pdf click Add, and then click OK.
Verify that Media Group available in the File Group list.
Next, create a File Screen Template, right click File Screen Template, and click Create a File Screen Template
In the Create File Screen Template box, under Template name type Techiemaster Media Group, then under File Group, select Media Group check box and next click Event Log tab.
Note: There are 2 types of Screening Types available.
- Active: Don’t allow users to save unauthorized files.
- Passive: Allow users to save files (use for monitoring)
Once you click Event Log tab, click Send warning to event log and click OK to continue.
Note: We can configure the email alerts to send Admin or source file owner, etc.
Verify that Techiemaster Media Group is listed in the File Screen Template.
Next to create File Screen, so right-click File Screens, and then click Create File Screen.
In the Create File Screen box, in the File screen path text box, type C:\File Server (choose the file share folder), then under Derive properties from this file screen template, select the file screen template we created in last step by drop-down list box, and then click Techiemaster Media Group then click Create.
Now, verify that the File Screen is pointing to your selected folder.
Next, will test the file screen function, log in to your client PC, and try copy any MP3 file to File Share Folder, you should get a pop up saying that access denied.
Now test with any .docx, .pdf, or .xlsx file. You should be able to copy as we excluded that files to allow.
Finally log in to server and open Event Viewer, browse to Windows Logs and click Application, notice that you had the Warning stated User Techiemaster\administrator attempted to save C:\File Server\Maid with the Flaxen Hair.mp3 to C:\File Server on the PrimaryDC server.
Note: You can filter the logs with event id 8215.
Quota Management:
Now we will configure Quota Management to restrict the users not to copy more than the limit.
Right Click on Quota Templates and Create Quota Template.
Enter Template Name and Space Limit in KB, MB, GB, TB.
You can also select Hard Quota (Do not allow users to exceed the limit) or Soft Quota (allow users to exceed limit and used for monitoring).
Also Notifications Threshold can be configured to send alerts over email or event log same as configured earlier.
Verify the created new Quota Template.
Now create Quota by Right clicking the Quota.
Select the Quota Path to implement and select the quota template created in last step by drop down menu in Derive properties from this quota template.
Now test it by copying the files for more than 10MB to the folder where we applied Quota.
It shows the error there is not enough space on file server.
Note: As I applied hard quota it is not allowing me to copy files for more than 10MB, if you give soft quota then you should be able to copy files.
Storage Reports Management:
Now we will configure how to run Storage Reports.
Right click Storage Reports Management and Click Schedule a New Report Task.
Enter the Report Name and select the reports to generate (e.g. Storage quota, most recently opened files, etc.) and the report formats like html, xml,csv.
Then in Scope tab, include all folders that store the kind of data like application files, user data, group files, backup and archival files and choose the folder(s) to run this reports.
In Delivery tab, you can configure to send emails and default report saved location.
Finally in schedule tab, configure when this reports should run automatically.
Now run the report by right clicking the created task.
Now we see the reports generated and saved in default location.
With this FSRM, you can save properly maintain the file servers by restricting the file types not required for business purpose (mp4, mp3, etc.) and quotas can be implemented based on the folders.
How to configure File Server/Shares in Windows 2012 R2 Step by Step
How to Deploy & Configure DFS in Windows Server 2012 R2 Step by Step
The Windows Server 2008 first carried FSRM or Fie Server Resources Manager, which allowed administrators to define the file types that users could save to file servers. Windows FSRM has been a part of all succeeding Windows Servers, and administrators can now block defined file types from being uploaded to a specific folder or to an entire volume on the server.
Before you can begin blocking file extensions, you may need to install and configure FSRM on your Windows Server 2012 R2. Installation of FSRM can be achieved through the Server Manager GUI or by using the PowerShell console.
This article will examine the installation of FSRM using both methods, Server Manager GUI and Windows Server PowerShell console, while providing all necessary information to ensure a successful deployment and configuration of FSRM services.
FREE Hyper-V & VMware Backup: Easy to use — Powerful features — Just works, no hassle: It’s FREE for Firewall.cx readers! Download Now!
Installing FSRM On Server 2012 Using The Server Manager GUI
Assuming you are logged in as the administrator, start with the Server Manager – click on the second icon from left on the bottom toolbar on the desktop as shown below:
Figure 1. Launching the Server Manager Dashboard
This brings up the Server Manager Dashboard. Proceed to the top right hand corner and click on Manage, then click on Add Roles and Features.
Figure 2. Opening Add Roles and Features console
This opens the Add Roles and Features Wizard, where you need to click on Server Selection. Depending on how many servers you are currently managing, the right hand side will show one or multiple servers in the pool. Select the file server on which you want to install FSRM, and click on Next to proceed.
Figure 3. Selecting a Server to add the FSRM role
The next screen shows the server roles that you can install on the selected server. On the right hand side, locate File and Storage Services and expand it. Locate the File and iSCSI services and expand it. Now, locate the File Server Resource Manager entry.
Figure 4. Selecting the File Server Resource Manager role for installation
Click on the check box in front of the entry File Server Resource Manager. This will open up the confirmation dialog box for the additional features that you must first install before installing FSRM.
Figure 5. Confirming the installation of additional role services required for FSRM
Click on Add Features and you are all set to install FSRM, as the check box for File Server Resource Manager now has a tick mark (shown below).
Figure 6. Back to the Server Role installation – Confirming FSRM Role Selection
Clicking on Next allows you to Select one or more features to install on the selected server. We don’t need to add anything here at this stage, so click Next to go to the next step.
This brings up a screen asking you to Confirm installation selections. This is the stage where you have the last chance to go back and make any changes, before the actual installation starts.
Figure 7. Confirm installation selections
Click on Install to allow the installation to commence and show the progress on the progress bar on the Results screen. Once completed, you can see the Installation successful on … under the progress bar.
Figure 8. Completion of FSRM role installation
Click on Close to exit the process.
To check if the FSRM has actually started running, go to the Server Manager Dashboard and click on File and Storage Services on the left hand side of the screen.
Figure 9. Server Manager Dashboard
The Dashboard now shows all the servers running under the File and Storage Services. Go down to Services and you will see FSRM running with an automatic start up.
Figure 10. File and Storage Services – Confirming FSRM Service
Installing FSRM On Server 2012 Using The PowerShell Console
This is a comparatively easier and faster process compared to the GUI method.
To invoke the PowerShell, click the third icon from left on the bottom toolbar on the desktop.
Figure 11. Launching Windows PowerShell
This will open up a console with an administrative level command prompt. At the command prompt, type:
C:\Users\Administrator> Add-WindowsFeature –Name FS-Resource-Manager –IncludeManagementTools
Figure 12. Executing PowerShell command to install FSRM
A successful installation will be indicated as True , under the Success column as shown above.
FREE Hyper-V & VMware Backup: Easy to use — Powerful features — Just works, no hassle: It’s FREE for Firewall.cx readers! Download Now!
Configuring File Screening
Invoke FSRM from the Tools menu on the top right hand corner of the Server Manager Dashboard.
Figure 13. Running the File Server Resource Manager component
The File Server Resource Manager screen opens up. On the left panel, expand the File Screening Management and go to File Groups. The central panel shows the File Groups, the Include Files and the Exclude Files in three columns.
Under the column File Groups, you will find file types conveniently grouped together. The column Include Files lists all file extensions that are included in the specific file group. For a new server, the column Exclude Files is typically empty.
Figure 14 – File Groups, Include File and Exclude Files
On the left panel, go to File Screen Templates and click on it. The central panel shows predefined rules that apply to folders or volumes.
Figure 15. File Server Resource Manager — File Screen Templates
For instance, double-click on Block Image Files in the central panel. This opens up the File Screen Template Properties for Block Image Files. Here you can define all the actions that the server will take when it encounters a situation where a user is trying to save a file belonging to the excluded group.
Figure 16. FSRM — File Screen Template Properties for Block Image Files
You can choose to screen the specified file type either actively or passively. Active screening disallows users from saving the specified file group. With passive screening, users are not prevented from saving the files while the administrator can monitor their actions.
The server can send from one to four basic alerts when it encounters an attempt to save a forbidden file. The server can send an Email message to the administrator, create an entry in the Event Log, run a specified Command or Script and or generate a Report. You can set up the details for each action on individual tabs. When completed, exit by clicking on OK or Cancel.
To edit the existing template or to create a new one based on the chosen template, go to the File Screen Templates and in the central panel, right-click on the predefined template you would like to edit. From the Actions menu on the right panel, you can either Create File Screen Template or Edit Template Properties.
Figure 17. FSRM – Creating or editing a File Screen Template
Clicking on Create File Screen Template opens up a dialog where you can click on Browse to select a folder or volume on which the new rule would be applied. Under How do you want to configure file screen properties? You can either Derive or Create the file screen properties. Click on Create to allow the new file screen rule to appear in the central panel.
Figure 18. FSRM — Creating a File Screen
Creating Exceptions
Exceptions are useful when you want to allow a blocked file type to be saved in a specific location. Go to the left panel of the FSRM screen and right-click on File Screens.
Figure 19. FSRM – Creating a File Screen Exception
From the menu on the right panel, click on Create File Screen Exception. On the menu that opens up, click on Browse to select a folder or volume on which the new rule would be applied and select the group you would like to exclude under the File groups. Click OK and complete the process.
Figure 20. FSRM – File Screen Exception settings and options
Summary
This article showed how to we can use Windows Server File Server Resources Manager (FSRM) to block file types and extensions from being uploaded or saved to a directory or volume on a Windows 2012 R2 server. We explained how to perform installation of FSRM via GUI interface and Powershell, and covered the creation or editing of File Screen Templates used to block or permit access for specific files.