Preventing .mov Video File Uploads to Windows Server Shared Folders

D

The correct answer for this scenario would be (D) a file screen.

A file screen is a feature in Windows Server that allows administrators to set restrictions on what types of files can be stored in a specific directory or folder. With file screening, administrators can prevent users from uploading files that match certain file types or extensions.

In this scenario, the requirement is to block users from uploading video files that have the .mov extension to shared folders on the file servers while allowing all other types of files. To achieve this, you can create a file screen that blocks the upload of files with the .mov extension to the shared folders.

File screening can be configured through the File Server Resource Manager (FSRM), a built-in Windows Server feature. Here are the steps to configure file screening using FSRM:

1. Open the FSRM console from the Server Manager.
2. Expand the "File Screening Management" node and select "File Screens".
3. Right-click on the "File Screens" node and select "Create File Screen...".
4. In the "Create File Screen" wizard, select the folder or directory where you want to block the upload of .mov files.
5. In the "File Screening" tab, click the "Add..." button under the "File Groups" section and select the "Video Files" group.
6. In the "File Groups" dialog, select the "Custom" option and enter "*.mov" as the file extension.
7. Click "OK" to close the "File Groups" dialog and then click "OK" again to close the "Create File Screen" wizard.

With these steps, you have created a file screen that blocks the upload of .mov files to the shared folders on the file servers. Since file screening is a server-side feature, it minimizes administrative effort by centrally controlling file upload restrictions, rather than relying on user education or client-side tools.

Option (A) Dynamic Access Control (DAC) central access policy, and (C) Dynamic Access Control (DAC) central access rule are both features that enable you to create access policies to control access to files and folders based on different factors, such as users, groups, and device claims. While DAC is a useful feature, it is not the appropriate solution to block specific file types from being uploaded to shared folders.

Option (B) Data Loss Prevention (DLP) policy is another useful feature that can help prevent sensitive data from being leaked by blocking access to data that meets certain criteria, such as data that contains personally identifiable information (PII). However, DLP is not designed to block specific file types from being uploaded to shared folders.