Advanced Windows PowerShell Scripting Video Training

Advanced Windows PowerShell Scripting Video Training
Advanced Windows PowerShell Scripting Video Training

Friday, December 3, 2010

Can you use a file screen to prevent files from being redirected?

Yes you can. The scenario here is we have set up our clients, through Group Policy, to redirect the desktop to a server. I have also set up a files screen on the shared folder that will host the data. This file screen is configured to block .TXT files. When the user tries to create a .TXT file on their desktop, they are prevented from doing so. Below is the setup procedure to do this.

Step 1: configure the folder to hold the user data.

I created a folder on my server

Next I shared it by right clicking the folder and selecting Properties.

 

image

Click Advanced Sharing.

Click Permissions.

Click Add

In the Enter the object names to select box, type Authenticated Users and click Check Names.

Click OK

image

Click Authenticated Users

Check Full Control.

Click OK

Click OK

Click Close

The folder is not set up for your users to have their desktops redirected to this location.

 

Step 2

We now need to create the Group Policy that will redirect the users desktop to this location.

On your Domain Controller, click Start / Administrator Tools / Group Policy Management

Expand the tree until you expand Group Policy Objects.

Right click Group Policy Objects and click New.

image

Give the GPO a name.  In this example, we will call it DesktopRedirection.  Click OK

Under Group Policy Objects, right click DesktopRedirection and then click Edit.

Expand User Configuration / Windows Settings / Folder Redirection.

Right click Desktop and select Properties.

In the Settings drop down box, select Basic – Redirect everyone’s folder to the same location.

In Target folder location select Create a folder for each user under the root path.

IN Root Path, enter the UNC path to the folder we created earlier.  In this example, it is \\MCT-1\Desktop.

image

Click the Settings tab.

By default, Grant the user exclusive rights to Desktop.  For this example, I unchecked it.

Click OK

image

Close Group Policy Management Editor

In the Group Policy Management window, drag and drop the GPO onto the Organizational Unit that holds your user accounts.  Remember, you cannot link a GPO to the default users container.

This policy is now being applied to your users.

 

Step 3 Install FSRM

On the server that holders the Desktop folder, clickStart \ Administrator Tools \ Server Manager

You need to add the File Server Resource Manager Role service to this server.  If File Services are not installed, click Add Roles and add the File Services role to this computer.

In Server Manager click Roles.

Scroll down until you get to the Role Services section and click Add Role Services

image

Check File Server Resource Manager and then click Next.

Select the drive that you have the Desktop folder on.

Click Next

Click install.

Close the window when completed.

 

Step 4 Set up the file screen

Click Start / Administrator Tools / File Server Resource Manager

Expand File Screen Management

Right click File Screens and select Create File Screen.

In the File screen path, choose the Desktop folder that you created.

In Derive properties from this file screen template (recommended), choose the file screen you want to use.  For our example, we are using a custom file screen.  This screen blocks .TXT files.

image

We are now ready to test the screen

Log into your client as a user who has the Group Policy applied to them.

Attempted to create a .TXT file.  You should receive an error like the one below:

image

If not, make sure your group policies have replicated and this client has downloaded the policy.

No comments: