Wednesday, July 10, 2013

File Server Management using File Server Resource Manager (FSRM)

Windows Server 2012 has brought many new features to the new platform to enhance the productivity and efficiency of IT in many ways. From new innovations in Hyper-V 3.0, SMB 3.0, Active Directory, Security, Networking and so one. The File Server Role was not overlooked. In Server 2012 we now have the built in capability to manage and restrict what goes onto a File Server and even be notified of when and who tries to put something that has been restricted.

The lab setup is outlined in Figure 1. Just in case you would like to duplicate the lab.

If you have set up a role or feature before in Server 2012 you know how easy it will be to get up and running. The File Server Resource Manager is no different. To install this role on your File Server head over to Add a role and Feature then select File and Storage Services, then File and ISCSI Services selecting the File Server Resource Manager Role as outlined in Figure 2.

Once the installation is successfully the next step is to open FSRM from the Tools menu to enter the console as outlined in Figure 3.

FSRM allows us to block files not only by the extension of the file name but by looking into the file itself and then it determines the content of the file whether it be video, picture, music, etc.. In some environments that I have encountered there were some users that would use the company's file server to save inappropriate files that they have downloaded from the internet or they themselves brought into corporate to share among the staff. Imagine how that turned out. So now with FSRM we can block the content of these files keeping a tab of what is stored on our file servers. When joined in with an email solution (in this lab we are using Exchange 2013) notifications can be sent to IT as well as the user notifying them both that someone tried to place a file that is set as no no on the server. If we only want Word documents, or Excel Spreadsheets stored in a folder we can now administrate that leveraging FSRM.

To establish this expand the File Screening Management option, then select File Groups. We have a default selection available to us that covers the basics of the files you may want to block. In our lab we have created a Torrent file Block group to block torrent files as displayed in Figure 4.

To Create a File Group select Create File Group. Define the name of the group and then the extensions you would like to block as outlined in Figure 5. If there are any exclusions they can be added to allow certain files. An example of this would be to block all movie files but the only exclusion would be MP4. Exclusion override blocks at all times.

Our next step is to create a File Screen Template. We created our Block Torrent File before in the File Group so we will select that from the template list. Next we will name the Template Name for the Screen Template and configure it's screening type. Active scanning will not allow the file to be saved at all and notifications when setup will be sent. Passive screening allows the admins of the organization to monitor and/or build a report of a users actions. Next we will select our Torrent file block in the group we made earlier as outlined in Figure 6 below.

The next step now is to create a File Screen process. Where do we want this configuration to apply, meaning which folder and on which server. In our case it is the FISG Data folder on the File Server we have in lab as shown in Figure 7 below.

We now have a source template in place to block audio, video and torrent files. Figure 8 below shows this.

To configure the email settings for only the admin to receive notifications or both the admin and client right click the source template and then select email message. Enter your admin's email address and select okay as seen below in Figure 9.

Next let's test this new configuration on the client in our network. On our client machine we have a torrent file that is located in the documents folder as seen in Figure 10 below. We will attempt to store this file on the File server where we have FSRM enabled and configured.

Here we tried to add that torrent file and was denied. We also received the email notification making us aware that FSRM is in affect that the admin's on the network are aware shown below in Figures 11-13.

Figure 12

Figure 13

Now we have FSRM totally enforced and in effect on the network.

To download Server 2012 products to try this lab out visit

By Adnan Cartwright