Posey's Tips & Tricks

Repurposing an Old Windows Feature in the Fight Against Ransomware

Sometimes turning to the forgotten past can help manage the problems of today. DON

• By Brien Posey
• 02/12/2025

It has always seemed kind of funny to me how some Windows features seem to become popular and are adopted by the masses, while others never really go away, but fade into obscurity. Sometimes though, these types of tools remain useful in spite of their seeming obscurity. One such tool is the Windows File Server Resource Manager.

The File Server Resource Manager is one of those components that has been a part of Windows for what seems like forever. While I'm sure that there are organizations that still use this component, I couldn't even tell you the last time I heard anyone mention it.

For those who might not be familiar with the File Server Resource Manager, it's a tool that was designed to prevent users from storing certain file types in designated locations.

Way back in 2005, I did a consulting job for an organization who contacted me because users were experiencing extremely long logon and logoff times. For some users, it was taking 45 minutes or more to log into a Windows domain. Other users were able to log in with no real problems. The organization couldn't figure out what was going on and why a few users were mostly unaffected.

To make a long story short, the problem stemmed from the way that user profiles worked at the time. Many users were storing music, movies and other personal files within their profile. The way that the organization's systems were configured, the entire profile directory was being copied to the user's desktop each time that they logged in. It was this file copy process that was resulting in abnormally long logon times.

I solved the problem by using the File Server Resource Manager. I simply created a policy that prevented certain types of files (such as audio and video files) from being stored in the user's profile directories.

Recently, I was telling someone about that particular situation and realized that the File Server Resource Manager could be useful in preventing scripts, executables, and other potentially malicious files from being stored on a file server. It's possible that Microsoft always intended for the File Server Resource Manager to act as a security tool. When the tool was first introduced however, I mostly recall Microsoft talking about it from a compliance standpoint or explaining how organizations could use it to prevent users from wasting storage space.

Setting up the File Server Resource Manager is a simple process. To get started, open the Server Manager and choose the Add Roles and Features command. Work your way through the Add Roles and Features Wizard until you get to the list of roles. Expand the File and Storage Services role and then select the File Server Resource Manager option, shown in Figure 1. Now, complete the wizard to install the required component.

You can use the File Server Resource Manager to impose storage quotas on your users, but for the purposes of this article, I want to show you how to set up file screens. To do so, File Server Resource Manager command from the Server Manager's Now, select the File Screens tab and then click on the Create File Screen link, found in the Actions pane.

Now, just provide the file screen path and then choose the types of files that you want to block in that location. You can see what the interface looks like in Figure 3.

In case you are wondering, files types are classified through the use of File Groups. In the previous figure for example, the policy was configured to block audio and video files. If you select the File Groups tab, you will see a list containing various file categories (audio and video files, backup files, executable files, etc.). You can modify these file groups to add or remove file extensions based on your own needs. You can also create file groups of your own. You can see what the default file groups look like in Figure 4.