Limit a directory's content by file type

I am looking for a solution to minimize the amount of space used by JPGs on our company's file servers.  Due to the nature of our business we have GBs of pictures that I want to limit to a single drive/folder.  What I would like to do is purchase an inexpensive USB drive, attach to a Windows server, assign a drive mapping via login script, and then set up a top level folder on it to only accept JPGs to avoid any other file types being place there as this entire drive would be excluded from backup.  I believe this can be done via Sharepoint, but I have one Sharepoint enviornment and 50 locations, so I dont want to push the data over the WAN, it needs to remain on the local Windows file servers.  What are my options?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tricky, can't think of a way to restrict write access to a directory based on the file name.  But a plan "B" would be to write a powershell script that runs before backups that searches all directories that users are allowed to write to for *.JPG, then move them to the user's home directory.   (Just prefix a sequence number to the file name, if it is a duplicate).  

Then do a little social engineering and if you do have to move the JPG, you let them know via email or something so they know were it is and are reminded to read companywide emails.
P.S. you would also have to trap RENAME functions, and put hooks into any executables that might save images, like outlook or IE.  If they want to save a jpg attachment from email, or save a web page, then they would have to saveas to that directory.s

I think users would revolt.   I just don't see how what you want could be implemented w/o writing a daemon that moves things around and emails them what happened, or just modifying backup to skip over .JPGs in the first place, or do what I wrote earlier and automatically migrate the files and alert user via the same login script that does the mapping

But if somebody comes up with a good procedure that automates this, I would love to be corrected.
gke565Author Commented:
I dont think moving the files helps, its the social engineering I'm trying to control.  The files are placed by one group and used by another.  I'm not too concerned about JPGs being placed in the proper area, I'm more worried about other files being placed there - for legal reasons I dont have to store pictures, but I do have to store and backup PPTs, XLS, etc.
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

How about something sneaky?   Use a filter driver.  This is something a systems developer knows about, basically you put a hook in the O/S that traps opens, reads, writes, etc, when an app calls them, and does something else.   Unless you are a total stud kernel developer, forget doing it yourself, but if you have $10K+ burning budgeted you could farm it out.

OR ... use the filter driver built into your antivirus software.   Tell it that all .JPG files in that directory, need to be quarantined, automatically, and perhaps you can set up a rule so that the quarantine for JPGs happens to be in the usb drive?  
gke565Author Commented:
Interesting idea, but that creates more complexity than we have.  Also, if I quarantine the files, then the EUs wont have access to them unless they are an administrator.  Instead of MS developing ways to control behavior they just created a search engine to encourage it, oh well.
I was thinking there is probably a way to add a script that automatically kicks off when a new "virus" is detected.  Surely your AV software can be configured to send something out when that happens with computer name, file name, etc.  So parse it, and configure a script to run as a service with admin privs to automatically move the file.  In an AD environment, this shouldn't be too bad, you may even be able to do it as a one-off,  as part of a logon/logoff script.  Just make sure the policy is set up right.

But obviously that is a kludge.  Maybe you just need a small script to search for such files that runs on local PC and migrate them automatically after the fact.  It won't be real-time but you won't have to worry about permissions either, and as long as the script is re-run as part of a precursor to backing up, then problem is effectively solved, as it prevents backing up of JPGs.

gke565Author Commented:
Finally found an answer: File Server Resource Manager.  Apparently this is a little know feature of Windows Server 2003 R2 that is not installed by default.  More information can be found here: 

Thanks dlethe for the 'interesting' ideas for a solution.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.