This monitor checks to see if the File Server Resource manager (FSRM) data screen driver loaded correctly.
The File Server Resource Manager (FSRM) file screening minifilter driver (Datascrn) intercepts file system calls and enforces file screening policies by rejecting I/O requests that would cause an unauthorized file to be saved on a folder or volume that is being screened. File screen enforcement and management require that the FSRM file screen minifilter is loaded. If the FSRM file screen minifilter driver is not loaded, Windows cannot perform file screen enforcement and management tasks.
This issue is rare. It most commonly happens on a computer that is experiencing a heavy load and runs out of memory (RAM).
Load and start the driver
A member of the Administrators group should manually load the file screening minifilter driver and then start the driver. If these procedures do not work, the administrator should reboot the computer. To load the file screening minifilter driver (Datascrn) by using fltmc:
1. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
2. At the command prompt, type:
fltmc attach datascrn <volume>:
Where volume is the drive letter of the volume. For example:
fltmc attach datascrn c:
To start the file screening minifilter driver (Datascrn):
1. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
2. At the command prompt, type:
net start datascrn
Verification
To verify that the file screening minifilter driver (Datascrn) is attached and running, review the output of the net start command.
| Target | Microsoft.Windows.FileServer.Service.FSRM.Base |
| Parent Monitor | System.Health.AvailabilityState |
| Category | Custom |
| Enabled | True |
| Alert Generate | False |
| Alert Auto Resolve | False |
| Monitor Type | Microsoft.Windows.2SingleEventLog2StateMonitorType |
| Remotable | True |
| Accessibility | Public |
| RunAs | Microsoft.Windows.FileServices.MonitoringAccount |
Home<UnitMonitor ID="Microsoft.Windows.FileServer.Service.FSRM.DatascrnDriverLoaded" Accessibility="Public" Enabled="true" Target="Microsoft.Windows.FileServer.Service.FSRM.Base" ParentMonitorID="SystemHealth!System.Health.AvailabilityState" Remotable="true" Priority="Normal" RunAs="FileServices!Microsoft.Windows.FileServices.MonitoringAccount" TypeID="Windows!Microsoft.Windows.2SingleEventLog2StateMonitorType" ConfirmDelivery="true">
<Category>Custom</Category>
<OperationalStates>
<OperationalState ID="FirstEventRaised" MonitorTypeStateID="FirstEventRaised" HealthState="Error"/>
<OperationalState ID="SecondEventRaised" MonitorTypeStateID="SecondEventRaised" HealthState="Success"/>
</OperationalStates>
<Configuration>
<FirstComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</FirstComputerName>
<FirstLogName>System</FirstLogName>
<FirstExpression>
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>^(2|3|4)$</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Datascrn</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</FirstExpression>
<SecondComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</SecondComputerName>
<SecondLogName>System</SecondLogName>
<SecondExpression>
<Or>
<Expression>
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>^(12|13)$</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Datascrn</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">6</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Microsoft-Windows-FilterManager</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Params/Param[5]</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Datascrn</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</Or>
</SecondExpression>
</Configuration>
</UnitMonitor>