Windows Server 2016: Using File Server Resource Manager

One of the most powerful features of the File Server Resource Manager is probably the File Classification, but as the additional file attributes may not be required in many organizations, in this post I’d like to focus on other useful features of FSRM that undoubtedly can help administrators of any file servers in enterprises: file/folder quotas, file screening and access denied assistence. Let’s see how these features can be deployed.

To install FSRM on a file server click Add Roles and features in Server Manager and select File Server Resource Manager under the File and Storage Services\File and iSCSI Services node. Once installed run it from Server Manager:

The first thing to do right after FSRM installation is to configure the server options:

SMTP Server:

After pressing Send Test E-Mail the test message arrives at my mailbox:

At this stage the other options can be left at their defaults – you can adjust them to your needs any time later.

1) Quotas

Let’s create a quota that will pose a 100 MB limit on users (based on file/folder owneship) – it means every user will be prohibited from using more than 100MB of the server’s shared resource.

Double-clicking on the quota opens the quota’s properties:

Now let’s see how it works. Suppose a user (TestENTERPRISE\entadmin) wants to copy the four ~26MB files to the share to which this quota is applied – in my case it is the \\dc\FS shared folder:

Please note the following: the quota is calculated based on the files/folders owners – as the owner of the FS folder is Administrators group the quota will apply to this group!

If the user entadmin tries to make the fourth copy of the Emet Setup.msi file the following error will be raised:

…and the message below will arrive at the administrator’s mailbox:

The corresponding event (ID 12325)  in the Application log:

Over the time an administrator would probably want to create reports to see which files/folders exist in the server’s shared folders – here’s how we can create the corresponding reports:

The following report will be sent to the administrator:

2. File Screening.

I think many companies would like to restrict file types users can save in their file servers’ shares. With the File Screening feature it would take just a few minutes to prevent users, for example, from storing their audio/video files in the file servers’ shared folders. Before proceeding to creating file screens I’ll enable the following server option:

I’ll start by right-clicking File Screening Management\File Screens and selecting Create File Screen…

As my goal is to prevent users from storing audio/video files on file server I can make use of the built-in templates – Block Audio and Video Files:

If I then double-click the newly-created file screen and press Edit I’ll see the list of the file types included in the built-in Block Audio and Video Files template:

As you may see this list does not include one of the most popular video formats -*.mts, so I’ll add it to the list by typing *.mts in the Files to include field and pressing the Add button (see above):

Now If I try to copy 00001.mts file to \\dc\FS I’ll see this error:

The corresponding event 8215:

Again, let’s create the File Sceening Audit report:

The e-mail message will be delivered to the configured administrator’s mailbox:

 

3. Access Denied Assistance

When a user tries to get access to a file or a folder for which he\she does not have access it would be pertinent to display in the warning window as much information as possible to help user resolve access permission issue, for example, by sending a message to an administrator. For the Access Denied Assistance to work it must be enabled in the server’s options:

You can type in any text you’d like your users see in their warning windows in the Display the following message to users…

 

Pressing Configure E-mail requests… opens the window in which we can define what information (including the custom text appended to the e-email messages) will be sent to which receipient(s):

 

Furthemore, there’s the option to customize the message for each folder (otherwise the same message will be be displayed when accessing any folder on the server):

Alternatively, the access denied assistance can be enabled in the following policy setting (in the local GP

O for the single server or in the domain GPO which applies to multiple servers) – you must enable at least “Enable access-denied assistance on client for all types” policy setting:

If a user (User1 in my test) now connect to the server file share he\she should be presented with the customized dialog box:

Suppose a user (User1) wants to request assistance – in this case he/she would click Request Assistance, type the message to the administrator and press Send message:

 

Once the request is sent, the administrator will receive the following message:
If the access really must be denied the administrator may use the Deny the Access Request section to compose the corresponding message to the user:

This message in the User1’s mailbox:

 

Summary:

File Server Resource Manager can be of great help for any file server administrator as it may help in restricting storage space for each user, defining the file types allowed on the server and helping users to get access to the servers’ shared folders.

Advertisements
%d bloggers like this: