File Screening
File Screening is a new Windows 2003 Server R2 feature that can be used to prevent or allow users saving specific file types to specific directories. Using file screening, you can create a "photos" drive or "videos" drive and ensure only files of the correct type are saved in those locations. You can also use file screening to prevent users from saving executables, videos, or photos in their "My Documents" folder (or other folders for that matter).
It's a great tool, but there are some limitations:
- Users can simply change the file extension to bypass this security measure, but most users don't know what a file extension is, let alone how to change it.
- This feature can interfere with roaming profiles if you place file restrictions on the profiles share on the server, but this issue is easily avoided.