PowerStore: How to configure File Filtering on SMB shares
Summary: How to configure the file filtering feature on SDNAS on PowerStore. File Filtering features allow system administrators to restrict certain file extension operations such as create or modify. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
This article explains how to configure the file filtering feature on PowerStore. File Filtering features allow system administrators to restrict certain file extension operations such as create or modify.
Note: Administrators are not restricted unless allowed explicitly.
Step 1:
As a domain administrator or standalone SMB administrator, either on a Windows Explorer or from Start->Run, type the following UNC Path:
\\NAS-SMB01\c$\.etc\.filefilter
This shows the .filefilter folder on the NAS Server
The .etc folder does not permit or allow domain admins if browsing using a mapped drive or using the path \\NAS-SMB01\c$. It must be given directly as shown above.
Step 2:
Use the filter files naming convention: [extension@sharename]
In this example, we are creating a new filter file and name the file: mp4@screensmb
- Ensure that there are no hidden file extensions as the windows explorer may hide the extension for known types.
- Create each file type to be blocked for every share, like jpg@share1, jpg@share2, and so on.
- If a certain file type is to be blocked on all the shares on the NAS server, create a file like "tmp". This blocks this file extension on all the shares on the given NAS server, in this example, all .tmp files.
If there are multiple SMB servers on the PowerStore, the above must be done for every SMB Server.
Now if you try to create a mp4 file (with a normal user, not a domain admin user) on the NAS SMB share screenSMB you should get an error on the windows server/client:
Customizing the file filtering access denied message is not supported in PowerStore.
Additional Information
If you are on the windows server as administrator and you have set, for example, mp4@DataShare ,it continues to work.
To test this, you must sign in as a normal user of the share (a non-domain admin level account). Domain admins have full Read/Write access to the shares.
If you have restricted a specific file type on a share, you can permit exceptions to the filter by configuring the ACL on the filter file to allow specific users or groups full control access to the file.
Example:
You have a filter file named cad@engineering_files. You can set the ACL so that people in the Engineering group have full access to .cad files, while users outside the Engineering group are denied all access to .cad files on the share.
To disable file extension filtering for the Engineering group:
1. Right-click the filter file cad@engineering_files, and click Properties > Security.
2. Click Add to add the Engineering group.
3. Under Permissions, select the checkboxes Full Control, Modify, Read and Execute, Read, and Write to allow specific permissions for the user.
4. Click Apply, and then click OK.
Affected Products
PowerStoreArticle Properties
Article Number: 000273638
Article Type: How To
Last Modified: 21 Jan 2025
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.