How do you deal with mp3, avi etc on server storage?
772
Do you have a "delete first ask questions later" policy for music and movie files? Or are you more lenient? Just wondering if there's a difference between how large and small organizations deal with the issue.
What you're describing isn't a technical problem-- it's a management / policy problem.
Small organizations often have no documented IT policies, and "fly by the seat of their pants".
Large organizations often have no documented IT policies, and "fly by the seat of their pants", too. >smile<
You need a policy that describes acceptable use of server storage, management buy-in on that policy, and then you can begin enforcing it. This works in any kind of organization, small or large. Once you have a policy, then you can bring technical solutions to bear (delete on sight, force users to store them locally, etc).
Another technique used in larger organizations is to "back bill" departments for their use of compute / storage resources. This usually makes no sense in a small organiation, but can put the problem of excess usage of compute / storage capacity into the hands of department managers who can do something about it, by way of impacting their budgets.
Edit:
I would mention that having a documented policy is important from a legal compliance perspective, too. I am not a lawyer, so I'm not giving you legal advice, but I would recommend you discuss with your company's counsel the potential legal advantages afforded by having a documented policy re: corporate liability for copyright infringement your users might commit. The kinds of files you're talking about, in many cases, contain copyrighted material that users may be using in an infringing manner.
We use the file screening available on Windows Server 2003 R2. This prevents files with specific extensions (.mp3 .wav .mov .avi etc) from being written to the network shares. That said, on existing files we contact the user before just deleting it. If you want to delete before asking, I'd make sure you have a backup of the files, just in case you run into an 'issue' later.
Non-work-related files shouldn't be on company servers. Especially if those files violate some kind of law, such as copyright-infringement. Every company should have a policy to this effect. Leniency could be granted for files which are not illegal in nature (i.e. your home movie).
However I think, in general, delete-first-ask-later is usually not the best admin policy. I'd ask the user to delete the files first, or else justify their existence (it's possible that Britney Spears file is just a clip, allowable within fair use, which is to be used in some marketing person's presentation.)
We had a policy, established by the client, of notifying the user's manager and giving the user a "heads up" courtesy call to let them know that all non-work related files were to be removed from the server asap. We'd assist if they asked and after a couple of days and with approval from the manager would delete the offending matter. We rarely had complaints, in most cases the users were happy we warned them first. I can think of only one case where the user was a repeat offender. From what I've seen ten percent, or a smaller token amount, use the majority of the space, work and non-work related.
It's going to really depend on your business requirements. We are not able to to the delete first ask questions later bit for media files because our users generate them as business data. Deleting them at will would be a colossally large career limiting move.
I'd put out a policy explaining that music and video files are not to be kept on company storage, and any files found will be deleted by staff after a warning to the user (so they have time to copy them off). Then suggest a cheap solution for people to keep their music files portable.
My company has already handed out 2GB flash drives to employees for other reasons, so if I was writing that policy document, I'd suggest those flash drives as an alternative.
The big issue here, though, is documenting the policy so you can stand behind it when employees inevitably place the latest Britney Spears album in the public share folder.
We've got the standard "work files only" policy. We do have some people that keep MP3s, etc on their network share, but some also store recordings of interviews, etc. For that reason, we only audit people that use a large amount of space. If they're using it for their music collection, we delete it. If it's legit, we leave it. Also, we notify their department head if it's a second offense, or if the items found were really work inappropriate.
They get the message pretty quick when their music collection just disappears one day.
BTW, same policy for people that hit their e-mail quota and don't clean it up themselves.
There is a very simple answer here. Provided you allow your employees to bring in their iPods, Laptops, or cellphones and don't allow them on the network this tends to be a non issue. When found they are immediately removed and every year there should be a signed reminder that any files found will be provided to any of the following:
RIAA
Government
The Chinese Government
Angry Spouses
You Mother
Depending on the sysadmin's particular disposition or mood. Three strikes rules are in effect and generally it goes from verbal reminder, to written reprimand, to your badge no longer works and you are in the parking lot. Some areas have legitimate need to store these files (depending on the type of work they do) so it is very difficult to police this sort of activity and the employees have to know better. The policy should be so black and white and absolutely no excuse is acceptable.
What you're describing isn't a technical problem-- it's a management / policy problem.
Small organizations often have no documented IT policies, and "fly by the seat of their pants".
Large organizations often have no documented IT policies, and "fly by the seat of their pants", too. >smile<
You need a policy that describes acceptable use of server storage, management buy-in on that policy, and then you can begin enforcing it. This works in any kind of organization, small or large. Once you have a policy, then you can bring technical solutions to bear (delete on sight, force users to store them locally, etc).
Another technique used in larger organizations is to "back bill" departments for their use of compute / storage resources. This usually makes no sense in a small organiation, but can put the problem of excess usage of compute / storage capacity into the hands of department managers who can do something about it, by way of impacting their budgets.
Edit:
I would mention that having a documented policy is important from a legal compliance perspective, too. I am not a lawyer, so I'm not giving you legal advice, but I would recommend you discuss with your company's counsel the potential legal advantages afforded by having a documented policy re: corporate liability for copyright infringement your users might commit. The kinds of files you're talking about, in many cases, contain copyrighted material that users may be using in an infringing manner.
We use the file screening available on Windows Server 2003 R2. This prevents files with specific extensions (.mp3 .wav .mov .avi etc) from being written to the network shares. That said, on existing files we contact the user before just deleting it. If you want to delete before asking, I'd make sure you have a backup of the files, just in case you run into an 'issue' later.
We're "delete first, ask later", but it's fully backed up by HR policy and directives, as it should be.
Non-work-related files shouldn't be on company servers. Especially if those files violate some kind of law, such as copyright-infringement. Every company should have a policy to this effect. Leniency could be granted for files which are not illegal in nature (i.e. your home movie).
However I think, in general, delete-first-ask-later is usually not the best admin policy. I'd ask the user to delete the files first, or else justify their existence (it's possible that Britney Spears file is just a clip, allowable within fair use, which is to be used in some marketing person's presentation.)
We had a policy, established by the client, of notifying the user's manager and giving the user a "heads up" courtesy call to let them know that all non-work related files were to be removed from the server asap. We'd assist if they asked and after a couple of days and with approval from the manager would delete the offending matter. We rarely had complaints, in most cases the users were happy we warned them first. I can think of only one case where the user was a repeat offender. From what I've seen ten percent, or a smaller token amount, use the majority of the space, work and non-work related.
It's going to really depend on your business requirements. We are not able to to the delete first ask questions later bit for media files because our users generate them as business data. Deleting them at will would be a colossally large career limiting move.
I'd put out a policy explaining that music and video files are not to be kept on company storage, and any files found will be deleted by staff after a warning to the user (so they have time to copy them off). Then suggest a cheap solution for people to keep their music files portable.
My company has already handed out 2GB flash drives to employees for other reasons, so if I was writing that policy document, I'd suggest those flash drives as an alternative.
The big issue here, though, is documenting the policy so you can stand behind it when employees inevitably place the latest Britney Spears album in the public share folder.
We've got the standard "work files only" policy. We do have some people that keep MP3s, etc on their network share, but some also store recordings of interviews, etc. For that reason, we only audit people that use a large amount of space. If they're using it for their music collection, we delete it. If it's legit, we leave it. Also, we notify their department head if it's a second offense, or if the items found were really work inappropriate.
They get the message pretty quick when their music collection just disappears one day.
BTW, same policy for people that hit their e-mail quota and don't clean it up themselves.
There is a very simple answer here. Provided you allow your employees to bring in their iPods, Laptops, or cellphones and don't allow them on the network this tends to be a non issue. When found they are immediately removed and every year there should be a signed reminder that any files found will be provided to any of the following:
Depending on the sysadmin's particular disposition or mood. Three strikes rules are in effect and generally it goes from verbal reminder, to written reprimand, to your badge no longer works and you are in the parking lot. Some areas have legitimate need to store these files (depending on the type of work they do) so it is very difficult to police this sort of activity and the employees have to know better. The policy should be so black and white and absolutely no excuse is acceptable.