1
00:00:00,740 --> 00:00:04,270
In this demo, we'll look at file screens and quotas in File Server

2
00:00:04,270 --> 00:00:07,790
Resource Manager. To make sure we have this installed on my local

3
00:00:07,790 --> 00:00:10,470
machine let me go again the Roles and Features.

4
00:00:10,470 --> 00:00:14,270
We can do this Role and Feature installation with Windows Admin Center.

5
00:00:14,270 --> 00:00:17,160
I just wanted to put that in there as a note. Let me select our

6
00:00:17,160 --> 00:00:21,270
server, and then under File and Storage Services, File and iSCSI

7
00:00:21,270 --> 00:00:25,740
Services, were concerned with the File Server role, as well as File

8
00:00:25,740 --> 00:00:28,860
Server Resource Manager, and if you want to throw in Volume Shadow

9
00:00:28,860 --> 00:00:30,530
Copy as well for good measure.

10
00:00:30,530 --> 00:00:34,550
And then we can go under File and Storage Services, and this is

11
00:00:34,550 --> 00:00:36,760
where we can look, for instance, at our Shares.

12
00:00:36,760 --> 00:00:39,370
We did a little of this when I showed you BranchCache a

13
00:00:39,370 --> 00:00:41,980
moment ago, but let me just quickly show you how to stand

14
00:00:41,980 --> 00:00:43,910
up a new share in this interface.

15
00:00:43,910 --> 00:00:46,660
It's pretty cool actually. If we right‑click New Share,

16
00:00:46,660 --> 00:00:50,470
notice that you can share with Mac and Linux using NFS or

17
00:00:50,470 --> 00:00:52,230
we have the Server Message Block.

18
00:00:52,230 --> 00:00:56,200
And the difference here is we have Quick for general file sharing, then we have

19
00:00:56,200 --> 00:01:01,180
Advanced, where you can just layer in some File Server Resource Manager stuff

20
00:01:01,180 --> 00:01:05,960
like classification and quotas. Or Applications, this is going to be for server

21
00:01:05,960 --> 00:01:08,020
applications and Hyper‑V workloads.

22
00:01:08,020 --> 00:01:10,610
I'm going to go to Quick, and then we'll go into File Server

23
00:01:10,610 --> 00:01:14,340
Resource Manager. I'm going to create a custom path on my e drive,

24
00:01:14,340 --> 00:01:18,460
and I'll just call this workfiles. Windows Server will create this

25
00:01:18,460 --> 00:01:22,100
folder path for us if the folder doesn't exist. Here it is right

26
00:01:22,100 --> 00:01:23,060
here, so let me click OK.

27
00:01:23,060 --> 00:01:26,090
And here again we have our share settings.

28
00:01:26,090 --> 00:01:30,130
Access‑based enumeration is cool, because if a user doesn't have

29
00:01:30,130 --> 00:01:33,000
read to any of the resources in the shared folder,

30
00:01:33,000 --> 00:01:35,680
they just simply won't show up in the directory list. Out of

31
00:01:35,680 --> 00:01:38,360
sight is out of mind, as I think I've already mentioned. If

32
00:01:38,360 --> 00:01:39,810
we're going to do BranchCache,

33
00:01:39,810 --> 00:01:43,540
this is the control for that, Enable BranchCache on the file share.

34
00:01:43,540 --> 00:01:46,920
And, well, next we've got our access control list that we can

35
00:01:46,920 --> 00:01:49,830
customize and then we can create the share.

36
00:01:49,830 --> 00:01:51,840
So this is a nice interface for that.

37
00:01:51,840 --> 00:01:54,720
In terms of the File Server Resource Manager,

38
00:01:54,720 --> 00:01:57,890
let me go to my custom Microsoft management console

39
00:01:57,890 --> 00:01:59,850
that I've created, and specifically,

40
00:01:59,850 --> 00:02:02,870
let's look at File Server Resource Manager. And, again,

41
00:02:02,870 --> 00:02:05,710
what we're doing for our purposes here is just quota

42
00:02:05,710 --> 00:02:07,700
management and file screen management.

43
00:02:07,700 --> 00:02:08,660
Let's take a look here.

44
00:02:08,660 --> 00:02:11,270
In terms of setting quotas, you'll want to have

45
00:02:11,270 --> 00:02:14,420
templates available for ease of use here.

46
00:02:14,420 --> 00:02:17,720
And if we enumerate the built‑in quota templates, these

47
00:02:17,720 --> 00:02:19,380
are just meant to get us started.

48
00:02:19,380 --> 00:02:22,670
Let's take a look here. Notice that we have some hard

49
00:02:22,670 --> 00:02:24,890
limits, as well as some soft limits.

50
00:02:24,890 --> 00:02:29,900
The soft limit is going to track violations of your storage quotas,

51
00:02:29,900 --> 00:02:33,300
but it won't restrict a file copy operation or a file

52
00:02:33,300 --> 00:02:35,180
move, you see what I mean, a hard will.

53
00:02:35,180 --> 00:02:41,910
So let's see here, 200 MB Limit with 50 MB Extension, 250 MB

54
00:02:41,910 --> 00:02:46,310
Extended Limit, 200 MB, let me double‑click this Reports to User

55
00:02:46,310 --> 00:02:48,140
and let's take a look at its properties.

56
00:02:48,140 --> 00:02:48,600
Alright,

57
00:02:48,600 --> 00:02:53,500
so we simply specify a Space limit in the template using a unit of measurement.

58
00:02:53,500 --> 00:02:56,340
As you can see, you determine whether it's Hard or Soft.

59
00:02:56,340 --> 00:02:59,190
Hard means the user cannot exceed the limit; Soft

60
00:02:59,190 --> 00:03:00,640
means that it's just monitoring.

61
00:03:00,640 --> 00:03:04,530
Then you can specify Notification threshold, and you can just

62
00:03:04,530 --> 00:03:06,650
structure this to your heart's content.

63
00:03:06,650 --> 00:03:11,450
It looks like the default in this template is 85%, 95% Warning,

64
00:03:11,450 --> 00:03:15,680
100% Warning. Click OK, and now let's select the Quotas node,

65
00:03:15,680 --> 00:03:17,950
right‑click the node, and create a quota.

66
00:03:17,950 --> 00:03:20,880
We'll select the quota path, we'll browse for folder.

67
00:03:20,880 --> 00:03:23,970
I'm going to go to my F drive under shares, data,

68
00:03:23,970 --> 00:03:26,340
and select the data shared folder.

69
00:03:26,340 --> 00:03:29,950
And what's neat about this is that you can create a quota just on the

70
00:03:29,950 --> 00:03:34,600
folder path, or you can auto apply the template and create quotas on

71
00:03:34,600 --> 00:03:36,950
existing or new subfolders, you see.

72
00:03:36,950 --> 00:03:40,920
So if you do have network‑based home folders for your users,

73
00:03:40,920 --> 00:03:46,480
you could attach the quota template to the root of that share and then cascade

74
00:03:46,480 --> 00:03:51,120
or auto apply the template. As you're bringing on and creating new home folders

75
00:03:51,120 --> 00:03:54,300
for users, you can automatically apply that quota,

76
00:03:54,300 --> 00:03:56,670
which is pretty darn convenient it seems to me.

77
00:03:56,670 --> 00:04:00,820
And then we can select our template here and then click Create. It gives

78
00:04:00,820 --> 00:04:03,230
us the summary down at the bottom, as you can see.

79
00:04:03,230 --> 00:04:04,990
So that's all there is to quotas.

80
00:04:04,990 --> 00:04:08,820
When you right‑click a quota entry, you can disable the quota,

81
00:04:08,820 --> 00:04:10,310
you can edit its properties,

82
00:04:10,310 --> 00:04:13,820
you can create a template from that quota, you can view quotas that are

83
00:04:13,820 --> 00:04:17,380
affecting the folder, so there's some good context here. Of course,

84
00:04:17,380 --> 00:04:21,570
in the MMC console, you also have the Actions pane that you can bring in.

85
00:04:21,570 --> 00:04:22,730
I tend to hide that.

86
00:04:22,730 --> 00:04:24,990
Now the other thing we'll look at is file screens.

87
00:04:24,990 --> 00:04:27,180
So under File Screening Management, again,

88
00:04:27,180 --> 00:04:29,860
there's the concept of File Screen Templates,

89
00:04:29,860 --> 00:04:33,230
but before we look at that, we need to determine what is it that you

90
00:04:33,230 --> 00:04:36,450
actually want to screen out or block. In my experience,

91
00:04:36,450 --> 00:04:39,580
you want to block out media oftentimes. So you see there's

92
00:04:39,580 --> 00:04:41,830
lots of file groups already created.

93
00:04:41,830 --> 00:04:42,670
For example,

94
00:04:42,670 --> 00:04:46,060
this Audio and Video Files one is going to pick up a whole

95
00:04:46,060 --> 00:04:49,700
bunch of audio and video extensions like,

96
00:04:49,700 --> 00:04:51,420
wow, real audio.

97
00:04:51,420 --> 00:04:53,910
Are you serious? In 2022?

98
00:04:53,910 --> 00:04:55,800
This really needs to be updated.

99
00:04:55,800 --> 00:04:58,260
In fact, there is MP3, at least.

100
00:04:58,260 --> 00:05:01,700
So, anyway, you may very well want to create your own file group,

101
00:05:01,700 --> 00:05:04,920
which you can do here just by right‑clicking in an empty space,

102
00:05:04,920 --> 00:05:07,060
Create File Group, and this is just going to be a

103
00:05:07,060 --> 00:05:09,250
collection of file types, as simple as that.

104
00:05:09,250 --> 00:05:13,420
But notice that you can explicitly include and exclude file types.

105
00:05:13,420 --> 00:05:16,170
So we might want to block all of these media types,

106
00:05:16,170 --> 00:05:19,800
for instance, on the Audio and Video Files template, but we want to

107
00:05:19,800 --> 00:05:24,410
accept MP3s, for example. So you create your file groups or decide

108
00:05:24,410 --> 00:05:28,110
what you want to block, and then you can roll this into a file screen

109
00:05:28,110 --> 00:05:29,670
template that you then apply.

110
00:05:29,670 --> 00:05:32,520
And so, again, these are just starter ones.

111
00:05:32,520 --> 00:05:36,040
You can always create your own file screen template.

112
00:05:36,040 --> 00:05:40,370
And besides giving the template a name and choosing what your file groups

113
00:05:40,370 --> 00:05:43,550
are that you're going to block, you then can choose is this going to be a

114
00:05:43,550 --> 00:05:47,520
hard screen or an active screen or is it going to be passive, just for

115
00:05:47,520 --> 00:05:49,540
monitoring, and auditing, etc.

116
00:05:49,540 --> 00:05:52,130
And then we have some notification options here.

117
00:05:52,130 --> 00:05:55,210
It looks like we have to give the template a name before we can

118
00:05:55,210 --> 00:05:59,110
navigate to another tab here in this dialog. And it looks like we

119
00:05:59,110 --> 00:06:01,040
have to choose at least one file group.

120
00:06:01,040 --> 00:06:02,680
Now if we go to E‑mail Message,

121
00:06:02,680 --> 00:06:06,540
this is where you can do notifications and you can even structure

122
00:06:06,540 --> 00:06:10,730
kind of an email merge here with these volatile fields here that you

123
00:06:10,730 --> 00:06:14,790
can substitute in, these variables, Event Log, you can run commands,

124
00:06:14,790 --> 00:06:18,500
so there's remediation that you can take place here with these file

125
00:06:18,500 --> 00:06:19,640
screen templates.

126
00:06:19,640 --> 00:06:21,200
So lastly, to test this,

127
00:06:21,200 --> 00:06:25,520
let's go over to File Screens, let's right‑click, Create File Screen.

128
00:06:25,520 --> 00:06:28,950
The File screen path is going to be the same folder that

129
00:06:28,950 --> 00:06:30,870
I set a quota on, for convenience.

130
00:06:30,870 --> 00:06:35,300
Let's click Browse, we'll select my data folder, click OK. I'm going

131
00:06:35,300 --> 00:06:39,090
to derive the properties from the Block Audio and Video Files

132
00:06:39,090 --> 00:06:42,930
template and click Create to create the file screen. To tie in our

133
00:06:42,930 --> 00:06:46,720
learning from earlier, why don't I make it easier for users to find

134
00:06:46,720 --> 00:06:48,160
this data shared folder?

135
00:06:48,160 --> 00:06:52,090
Let me quickly add a new folder to our DFS namespace.

136
00:06:52,090 --> 00:06:56,010
I'll call it data. And let's add a folder target, click Browse on

137
00:06:56,010 --> 00:06:58,620
this machine. We'll select data from the list,

138
00:06:58,620 --> 00:07:02,140
click OK, and then finish with OK, alright.

139
00:07:02,140 --> 00:07:05,140
And then to test, let's open up a Run prompt here.

140
00:07:05,140 --> 00:07:10,080
I'm going to hit the root of the DFS tree, contosolocal public. We'll

141
00:07:10,080 --> 00:07:13,350
go into data, and I have an MP3 file over here.

142
00:07:13,350 --> 00:07:16,620
Let's go ahead and attempt to copy that file into

143
00:07:16,620 --> 00:07:19,270
this folder. And this is the result.

144
00:07:19,270 --> 00:07:24,230
It's not very useful feedback, but as you saw in the FSRM tool,

145
00:07:24,230 --> 00:07:27,270
we can configure better remediation guidance.

146
00:07:27,270 --> 00:07:28,100
Unfortunately,

147
00:07:28,100 --> 00:07:31,130
it just tells us access denied, you need permission, and

148
00:07:31,130 --> 00:07:33,070
notice that there's no more details.

149
00:07:33,070 --> 00:07:41,000
We can try all we want, but that file screen is going to continue to block us from putting media into that folder.