2011-06-28 01:07 AM
Hi, we have a customer looking to move their CIFS file shares from a Windows Server to a NetApp.
There are currently using Windows Server's File Screening feature in Windows File Server Resource Manager to block certain file types. They would like to continue doing this when they move to the Netapp.
I understand FPolicy can do some screening, but that it can also integrate with File Screening Servers to get it's policy data ... can such a server be a Windows Server with the native Microsoft File Screening feature? If so does anyone know where I might find some documentation for setting this feature up?
Solved! SEE THE SOLUTION
2011-06-28 05:01 AM
When the NetApp Controller provides the CIFS Shares, there is no FSRM available. In order to use the FSRM feature within the Windows Server, it would need to support the FPolicy Feature/API of the NetApp Controller (which is not the case afaik).
You can setup basic file screening within the NetApp System. e.g. to block mp3 files from being stored:
options fpolicy.enable on
fpolicy create mp3blocker screen
fpolicy ext inc set mp3blocker mp3
fpolicy options mp3blocker required on
fpolicy monitor set mp3blocker -p cifs,nfs create,rename
fpolicy enable mp3blocker -f
PS In worst case they can keep using their Windows Server and attach a LUN to the NetApp (iSCSI/FC), then they can keep using the FSRM but loose the best snapshot technology in the world (or most of it)...
2015-03-31 01:33 AM
One item missing is the fpolicy volume option to limit this to a particualr volume, so to apply only to a volume called homedirs:-
fpolicy vol inc add mp3blocker homedirs
if need to turn it off in a hurry as I just had to do :
fpolicy disable mp3blocker.
I have seen issues here, worked fine initially, then sudenly users could create one file or folder then all files and folder creation blocked
2017-02-26 08:31 AM
is it possible to block not just File Types, but File Patterns?
How_to_decrypt.html or How_to_decrypt.*
At Windows File Server I can donwload a List from:
to block all this stuff.
"*.msj","*.szesnl","_DECRYPT_INFO_szesnl.html","00 0-IF-YOU-WANT-DEC-FILES.html","*.evillock","*.letm etrydecfiles","*.yourransom","*.lambda_l0cked","*. gefickt","*.email@example.com ","*.HakunaMatata","*.CRYPTOSHIELD","*.weareyourfr iends","MERRY_I_LOVE_YOU_BRUCE.hta"
I can say block these File-extensions, file patterns AND when somebody try to Safe this file send an EMail to firstname.lastname@example.org with a warning an with the name/ip of the user who is trying to safe the ransomware data.
is it possible to implent it on Netapp?