?
Solved

Limit a directory's content by file type

Posted on 2010-01-12
7
Medium Priority
?
291 Views
Last Modified: 2013-12-04
I am looking for a solution to minimize the amount of space used by JPGs on our company's file servers.  Due to the nature of our business we have GBs of pictures that I want to limit to a single drive/folder.  What I would like to do is purchase an inexpensive USB drive, attach to a Windows server, assign a drive mapping via login script, and then set up a top level folder on it to only accept JPGs to avoid any other file types being place there as this entire drive would be excluded from backup.  I believe this can be done via Sharepoint, but I have one Sharepoint enviornment and 50 locations, so I dont want to push the data over the WAN, it needs to remain on the local Windows file servers.  What are my options?
0
Comment
Question by:gke565
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 47

Expert Comment

by:David
ID: 26300594
Tricky, can't think of a way to restrict write access to a directory based on the file name.  But a plan "B" would be to write a powershell script that runs before backups that searches all directories that users are allowed to write to for *.JPG, then move them to the user's home directory.   (Just prefix a sequence number to the file name, if it is a duplicate).  

Then do a little social engineering and if you do have to move the JPG, you let them know via email or something so they know were it is and are reminded to read companywide emails.
0
 
LVL 47

Expert Comment

by:David
ID: 26300624
P.S. you would also have to trap RENAME functions, and put hooks into any executables that might save images, like outlook or IE.  If they want to save a jpg attachment from email, or save a web page, then they would have to saveas to that directory.s

I think users would revolt.   I just don't see how what you want could be implemented w/o writing a daemon that moves things around and emails them what happened, or just modifying backup to skip over .JPGs in the first place, or do what I wrote earlier and automatically migrate the files and alert user via the same login script that does the mapping

But if somebody comes up with a good procedure that automates this, I would love to be corrected.
0
 
LVL 3

Author Comment

by:gke565
ID: 26307550
dlethe:
I dont think moving the files helps, its the social engineering I'm trying to control.  The files are placed by one group and used by another.  I'm not too concerned about JPGs being placed in the proper area, I'm more worried about other files being placed there - for legal reasons I dont have to store pictures, but I do have to store and backup PPTs, XLS, etc.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 47

Expert Comment

by:David
ID: 26307828
How about something sneaky?   Use a filter driver.  This is something a systems developer knows about, basically you put a hook in the O/S that traps opens, reads, writes, etc, when an app calls them, and does something else.   Unless you are a total stud kernel developer, forget doing it yourself, but if you have $10K+ burning budgeted you could farm it out.


OR ... use the filter driver built into your antivirus software.   Tell it that all .JPG files in that directory, need to be quarantined, automatically, and perhaps you can set up a rule so that the quarantine for JPGs happens to be in the usb drive?  
0
 
LVL 3

Author Comment

by:gke565
ID: 26308953
Interesting idea, but that creates more complexity than we have.  Also, if I quarantine the files, then the EUs wont have access to them unless they are an administrator.  Instead of MS developing ways to control behavior they just created a search engine to encourage it, oh well.
0
 
LVL 47

Expert Comment

by:David
ID: 26309089
I was thinking there is probably a way to add a script that automatically kicks off when a new "virus" is detected.  Surely your AV software can be configured to send something out when that happens with computer name, file name, etc.  So parse it, and configure a script to run as a service with admin privs to automatically move the file.  In an AD environment, this shouldn't be too bad, you may even be able to do it as a one-off,  as part of a logon/logoff script.  Just make sure the policy is set up right.

But obviously that is a kludge.  Maybe you just need a small script to search for such files that runs on local PC and migrate them automatically after the fact.  It won't be real-time but you won't have to worry about permissions either, and as long as the script is re-run as part of a precursor to backing up, then problem is effectively solved, as it prevents backing up of JPGs.

0
 
LVL 3

Accepted Solution

by:
gke565 earned 0 total points
ID: 26350765
Finally found an answer: File Server Resource Manager.  Apparently this is a little know feature of Windows Server 2003 R2 that is not installed by default.  More information can be found here: http://207.46.16.252/en-us/magazine/2006.05.getcontrol.aspx 

Thanks dlethe for the 'interesting' ideas for a solution.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month15 days, 2 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question