In this edition of Group Policy Quick Tips, I’ll be covering a policy that has been around a while, but was renamed and might be hard to find if you haven’t configured it before. In Windows 7/Server 2008 R2, this setting was called “Exclude files from being cached.” With Windows 8.x/Server 2012, the name changed to “Enable file screens.” Same thing; different name.
In Windows Server, you can create File Screens to prevent file types from being saved to network shares on file servers. (If I had to guess, this policy setting was simply renamed so it would be in line with the feature it is emulating from Windows server.) This policy setting effectively does the same thing… it prevents users from creating files with the file types you specify from being able to create those files in folders that have been made available as Offline Files.
Why would you want to set this policy?
- This is a great way to keep people from downloading certain large file types from folders that redirect back to a file server. Most file servers I’ve managed had quotas for end users, but typically we’ve given power users and/or users working on projects shared space for their large files. This is a great way to ‘remind’ them where the files should go. Files like ISO images, video files, MP3’s, etc. come to mind.
- This is also a great way to keep potentially malicious executable files (executable files, scripts, batch files, etc.) out of folders folders for non-Administrative users.
- I highly recommend using this setting if you have File Screening configured on your file server. If you don’t, users will be able to download files that you’ve blocked on the file server into their local cache. When the client attempts to sync the screened files back up to the file server, the sync will fail. (This can get really annoying if you’ve configured email alerts!)
Where is the policy located?
- [Windows 8+, Windows Server 2012+] Computer Configuration > Polices > Administrative Templates > Network > Offline Files > Enable File Screens
- [Windows 7, Windows Server 2008 R2] Computer Configuration > Polices > Administrative Templates > Network > Offline Files > Exclude files from being cached
- Enabled or Disabled
- Semicolon separated list of file extensions that you want excluded from being made available via Offline Files. (Note: format must be asterisk, period. file extension.)
Supported Operating Systems/Software
- Windows 7+ client OS / Windows Server 2008 R2+ server OS