?
Solved

Windows fileserver (FSRM) file screening and offline files

Posted on 2014-10-30
3
Medium Priority
?
492 Views
Last Modified: 2014-11-09
We have a fileserver where everybody's My Documents, Downloads, Desktop etc. folders are redirected. The fileserver is running Windows Server 2012 R2, and is running the File Server Resource Manager role.

I've set up file screens that prevent the users from saving executable files into their user profiles. This is to help dissuade users from accidentally downloading malware / spyware / junk from the Internet. I also block them from saving documents to their desktop (only shortcuts / links can go on the desktop).

And for the most part, it works. If I attempt to use any Microsoft product to save any disallowed files (e.g. File Explorer, Internet Explorer, Word etc.), I get an appropriate error box saying access is denied and it blocks it.

But under certain circumstances (e.g. downloading EXE files in Google Chrome), the EXE is still downloaded and they appear to be saved into the folder.

I've discovered that what is going on is that the folders have offline file caching turned on, and because of this the file gets cached in the offline mode on the one computer. The bad files never arrive on the server, but their computer caches it forever, and Windows periodically tries to sync it up to the server (and fails).  The user doesn't realize that the file is in this "transient" state, and they think they've successfully saved a file when really they haven't, but regardless they can ACCESS the file as if it was saved directly into that folder, which defeats the purpose of the file screens.

I have email notifications configured on the Fileserver to tell me when violations to the file screening rules occur, and I am getting INUNDATED with hundreds of notifications every day for the same couple files on a couple user's machines every time the Windows Sync center fails to sync the offline file over and over again.

I'm not sure what to do about this...

For the users who already have offline cached files that are stuck on their system, is there a way to purge the cache so those files go away?

And is there a way to configure the workstations to be more strict about not allowing EXE files to be saved to their redirected user profiles?
0
Comment
Question by:Frosty555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40414994
other than turning off offline files I can't think of a solution.
0
 
LVL 16

Accepted Solution

by:
cantoris earned 1500 total points
ID: 40415206
Here's how to purge the cache:

1. Ensure any changes have already been synced (or else they will be lost)
2. Add a registry value:
REG ADD "HKLM\System\CurrentControlSet\Services\CSC\Parameters" /v FormatDatabase /t REG_DWORD /d 1 /f
3. Reboot

You can read more here:
http://support.microsoft.com/kb/942974
0
 
LVL 31

Author Closing Comment

by:Frosty555
ID: 40431476
Partial solution. Thanks for your help.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question