Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 296
  • Last Modified:

Limit a directory's content by file type

I am looking for a solution to minimize the amount of space used by JPGs on our company's file servers.  Due to the nature of our business we have GBs of pictures that I want to limit to a single drive/folder.  What I would like to do is purchase an inexpensive USB drive, attach to a Windows server, assign a drive mapping via login script, and then set up a top level folder on it to only accept JPGs to avoid any other file types being place there as this entire drive would be excluded from backup.  I believe this can be done via Sharepoint, but I have one Sharepoint enviornment and 50 locations, so I dont want to push the data over the WAN, it needs to remain on the local Windows file servers.  What are my options?
0
gke565
Asked:
gke565
  • 4
  • 3
1 Solution
 
DavidCommented:
Tricky, can't think of a way to restrict write access to a directory based on the file name.  But a plan "B" would be to write a powershell script that runs before backups that searches all directories that users are allowed to write to for *.JPG, then move them to the user's home directory.   (Just prefix a sequence number to the file name, if it is a duplicate).  

Then do a little social engineering and if you do have to move the JPG, you let them know via email or something so they know were it is and are reminded to read companywide emails.
0
 
DavidCommented:
P.S. you would also have to trap RENAME functions, and put hooks into any executables that might save images, like outlook or IE.  If they want to save a jpg attachment from email, or save a web page, then they would have to saveas to that directory.s

I think users would revolt.   I just don't see how what you want could be implemented w/o writing a daemon that moves things around and emails them what happened, or just modifying backup to skip over .JPGs in the first place, or do what I wrote earlier and automatically migrate the files and alert user via the same login script that does the mapping

But if somebody comes up with a good procedure that automates this, I would love to be corrected.
0
 
gke565Author Commented:
dlethe:
I dont think moving the files helps, its the social engineering I'm trying to control.  The files are placed by one group and used by another.  I'm not too concerned about JPGs being placed in the proper area, I'm more worried about other files being placed there - for legal reasons I dont have to store pictures, but I do have to store and backup PPTs, XLS, etc.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
DavidCommented:
How about something sneaky?   Use a filter driver.  This is something a systems developer knows about, basically you put a hook in the O/S that traps opens, reads, writes, etc, when an app calls them, and does something else.   Unless you are a total stud kernel developer, forget doing it yourself, but if you have $10K+ burning budgeted you could farm it out.


OR ... use the filter driver built into your antivirus software.   Tell it that all .JPG files in that directory, need to be quarantined, automatically, and perhaps you can set up a rule so that the quarantine for JPGs happens to be in the usb drive?  
0
 
gke565Author Commented:
Interesting idea, but that creates more complexity than we have.  Also, if I quarantine the files, then the EUs wont have access to them unless they are an administrator.  Instead of MS developing ways to control behavior they just created a search engine to encourage it, oh well.
0
 
DavidCommented:
I was thinking there is probably a way to add a script that automatically kicks off when a new "virus" is detected.  Surely your AV software can be configured to send something out when that happens with computer name, file name, etc.  So parse it, and configure a script to run as a service with admin privs to automatically move the file.  In an AD environment, this shouldn't be too bad, you may even be able to do it as a one-off,  as part of a logon/logoff script.  Just make sure the policy is set up right.

But obviously that is a kludge.  Maybe you just need a small script to search for such files that runs on local PC and migrate them automatically after the fact.  It won't be real-time but you won't have to worry about permissions either, and as long as the script is re-run as part of a precursor to backing up, then problem is effectively solved, as it prevents backing up of JPGs.

0
 
gke565Author Commented:
Finally found an answer: File Server Resource Manager.  Apparently this is a little know feature of Windows Server 2003 R2 that is not installed by default.  More information can be found here: http://207.46.16.252/en-us/magazine/2006.05.getcontrol.aspx 

Thanks dlethe for the 'interesting' ideas for a solution.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now