File Screens, a feature of the File Server Resource Manager tool, allows administrators to restrict the type of files that can be stored on a share. It is both useful and infuriating. Useful to me as I can enable it on our student’s redirected folder location. Infuriating for students because they can’t save any EXEs in this location.
File Screens has a downside though. It is an all or nothing approach to file type filtering. In the example above, users are either allowed or blocked from saving executable files on the HomeFolders location. The result is dependent on if the rule is active or not.
Let’s say that you don’t really mind that a user saves an executable to their redirected downloads folder. You might have asked a user to download an application so you can deploy it. Or a user might need to run a small application once (such as a online meeting plugin). When file screens are enabled, your users get a nasty accessed denied error. What is needed is something a bit more flexible – say, a PowerShell script (or two).