IT-Connect Watch on YouTube

Serveurs de fichiers - Episode 10 - Se protéger des ransomwares (avec mon script PowerShell !)

2 min read 2 hours ago
Published on Sep 20, 2024 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

This tutorial provides a step-by-step guide on protecting file servers from ransomware attacks using a PowerShell script called BlockRansomwares.ps1. By utilizing the File Server Resource Manager (FSRM) for file filtering, you can block file extensions commonly associated with ransomware threats. This guide is particularly relevant for administrators using Windows Server 2022.

Step 1: Download the PowerShell Script

  1. Visit the GitHub repository to access the script:
  2. Click on the script file and download it to your local machine.

Step 2: Open PowerShell as Administrator

  1. Right-click on the Start menu.
  2. Select "Windows PowerShell (Admin)" or "Windows Terminal (Admin)" to open PowerShell with administrative privileges.

Step 3: Execute the Script

  1. Navigate to the directory where the script is saved using the cd command. For example:
    cd C:\path\to\your\script
  2. Run the script by typing:
    .\BlockRansomwares.ps1
  3. Follow any prompts that may appear, ensuring that the script executes successfully.

Step 4: Configure FSRM for File Filtering

  1. Open the FSRM management console:
    • Go to Server Manager > Tools > File Server Resource Manager.
  2. In the console, select "File Screening Management."
  3. Right-click on "File Screens" and choose "Create File Screen."
  4. Specify the folder you want to protect from ransomware.
  5. Under the "File Screen Properties" window:
    • Select "Create a file screen using a template."
    • Choose the appropriate template that includes ransomware file extensions (e.g., Blocked File Types).
  6. Click "OK" to apply the settings.

Step 5: Monitor and Review

  1. Regularly review the FSRM logs to monitor any blocked activities.
  2. Adjust the file screening templates as necessary to accommodate any new file types or extensions.

Conclusion

By following these steps, you can effectively protect your file server from ransomware threats using the BlockRansomwares PowerShell script and FSRM's file filtering capabilities. Regularly updating your file screening settings and monitoring logs will help maintain security against evolving ransomware tactics. For further information, consider exploring additional resources provided in the video description or the related episodes on file server management.

Table of Contents

Recent