When Microsoft released Windows Server 2003 Release 2 (R2), one of the features that first caught my attention was file screening. File screening is a filtering mechanism in the File Server Resource Manager toolset that lets you control—by file extension—which files users can save to a folder or volume. The most obvious uses for file screening are to help control viruses by limiting where users can save executables and to prevent users from wasting storage space with unwanted and potentially illegal music or video files.
As I looked closer, I realized that file screening has many more security uses. Being able to control the content of a directory is a huge step towards securing a server. You could, for example, strictly control what types of files users are able to save in public Web content directories. A simple filter could block attempts to save anything other than .htm or .jpg files—or whatever types of files you specify.
But file screening can do more than blocking. You can configure it to allow certain files and then notify you or take some action when these files appear. You could, for example, receive an email message when someone places a new file of a certain type on your FTP server. The combination of blocking and notification lets you build many filters to automate system management or security functions.
With a basic understanding of file screening, you can start building filters for your own servers to address a variety of scenarios. Let me show you how to set up the filters I've mentioned. . . .
Register
