Install and Configure File Server Resource Manager

Install the File Server Resource Manager

To isolate and protect the area where user uploaded files reside, we will install the Windows File Server Resource Manager. Similar to the IIS, this application is already available on Windows Servers and just needs to be activated.

1. On your Windows Server, open Server Manager and select the Dashboard. Click Add roles and features.

2. Click Installation Type => Role-based or feature-based installation and then click Next.

3. On the Server Selection dialog box, click Select a server from the server pool. In the Server Pool list, select your server and then click Next.

4. In Server Roles, find the entry File Storage Services and expand the node tree. Find the sub-node File and iSCSI Services and expand it. Select the checkboxes for File Server Resource Manager. Click Next.

1. In the Features section, click Next.

2. In the Confirmation section, click Install and wait for the installation to finish.

Configure the File Server Resource Manager

On your Windows Server, open Server Manager and select the Dashboard. Click Tools and find the File Server Resource Manager, click to open it.

We can use the File Server Resource manager to prevent files of certain types to be uploaded and executed on the server by a malicious user.

Create a File Group for the Temp folder

The File Server Resource manager supplies a number of standard file groups that we can use, but a special File group is needed for the Temp folder.

To create a designate File Group for the Temp folder, right-click on the File Group Node and select Create File Group...

In the displayed dialog, enter the File Group Name "Web Page Files in Temp".

Add the following files to include in the group:

• *.asp

• *.aspx

• *.cgi

• *.css

• *.dhtml

• *.hta

• *.htm

• *.mht

• *.php

• *.php3

• *.shtml

• *.url

Save the File Group.

Create File Screens

The next step is to define File Screen for the three folders:

• Files

• Temp

• Tests

Create a File Screen for the Files folder

Right-click on the File Screens node and select Create File Screen.

In the File screen path, type or browser to the path of the Files folder.

Click the button Custom Properties... and:

• Select Active Screening

• Select the File Groups Executable Files and Web Page Files

Click on the tab Event Log and check the checkbox Send Warning to event log. Then click OK.

Create a File Screen for the Temp folder

Create another File screen and in this case:

• Browse to / type in the path to the Temp folder

• Select the File groups Executable Files and Web Page Files in Temp

Create a File Screen for the Tests folder

Create another File screen and in this case:

• Browse to / type in the path to the Tests folder

• Select the File groups Executable Files and Web Page Files

When finished, the File Server Resource Manager should look like the image below.