In this installment of my File Server Resource Manager series I’ll discuss File Classification Management and how it can be used to better manage files on your file server. File Classification allows you to set additional file attributes outside of what are normally associated with a file.
Contents of this article

Files typically have attributes like author, last saved, company, owner, etc. File Classification allows you to supplement those attributes with additional information that may be industry or organization specific based on classifications you perform manually or automatically.

Before I continue, all of the examples that follow are based on Windows Server 2012. File Classification has been greatly improved in Server 2012. Many of the features discussed below like which users can classify files, the UI in Explorer, and automatic classification aren't available in Server 2008 R2.

Classifying files ^

In the FSRM administrative tool, go to the Classification Management area. Expand Classification Management and click on Classification Properties.

Classification Management in FSRM

Classification Management in FSRM

Set a Name, Description, and Property type. Property types can be Yes/No, Date/Time, Numbers, Multiple Choice Lists, Ordered Lists, Single Choice, String, and Multi-String. In the example here, I've used Social Security Number since that is a very common piece of data companies in the US consider sensitive and want to identify.

Create a Local Classification Property

Create a Local Classification Property

If we examine any file’s properties on the file server from Windows Server 2012 or Windows 8, you’ll see there is a new Classification tab that includes the File Classifications that we’ve created.

Classification tab

Classification tab

 

Now that we’ve created a file classification, we can configure the classification to be applied to files automatically via a schedule or on an ongoing basis. In the FSRM administrative tool, go to Classification Rules under the Classification Management Area, and click on Create Classification Rule.

Classification Rules in FSRM

Classification Rules in FSRM

In the General tab, set a Rule name and ensure that Enabled is checked.

Create Classification Rule

Create Classification Rule

In the Scope tab, set the type of data and folders that will be scanned.

Scope tab

Scope tab

In the Classification tab, set the Classification method to Content Classifier. In Property, choose the classification and set the value. In Parameters, click Configure. In the Classification Parameters, you'll have to set the logic that will be used for finding information inside files. In the case of our example, Social Security Numbers always follow the pattern 3 numbers, 2 numbers, 4 numbers. In addition to use regular expressions, you can also use a string value (both case-sensitive and case-insensitive).

Classification MethodClassification Parameters

Classification Method – Classification Parameters

In the Evaluation Type tab, determine whether files should be re-evaluated or whether they should be evaluated only once. Also determine whether you want to overwrite or keep old values and click OK.

Evaluation Type

Evaluation Type

You may have also noticed the option, Configure Classification Schedule in the Classification Rules area. This is the same configuration screen that we briefly covered back in Part 2 of this series. If you're updating your classification rules, now may be a good time to revisit these settings.

If you're planning on automatically classifying files, your business needs are going to dictate how often you need the process to run. An initial pass over a large data set can take quite some time... so definitely set the schedule to run during off hours and setting the limit.

Automatic Classification

Automatic Classification

Classifying folders ^

Three different properties can be set for folders: Access-Denied Assistance Message, Folder Owner Email, and Folder Usage. These can all be set in the FSRM administrative tool under Classification Management > Classification Properties > Set Folder Management Properties.

Access-Denied Assistance Message allows you to configure what an end user sees when he/she is denied access to a file or folder. Rather than getting a generic 'access denied' message, the user will get a dialog box that IT can configure with whatever information you believe they should see. The downside is that this particular feature requires Windows Server 2012/Windows 8.

Set Folder Management Properties

Set Folder Management Properties

The Folder Owner Email property is also something that can come in very handy. In most organizations, IT has to seek approval from the data owner to grant access to thing like file shares. Setting this property allows you to present the user with the owner's email address so that they can seek access approval before contacting IT. This feature also requires Windows 8/Server 2012.

Folder Owner Email property

Folder Owner Email property

The Folder Usage property is used when running classification and file management tasks. Folders can be classified as Application Files, Backup & Archival Files, Group Files, and User Files. This allows you to run different classification rules against different types of files which enables you eliminate areas like archives or software shares from your file classification schedules since those files, most likely, don't need to be scanned.

Folder Usage property

Folder Usage property

5 Comments
  1. Anonymous 6 years ago

    Pretty thorough coverage

  2. JN 5 years ago

    Excellent write up :), thank you so very much.

  3. Maneesh 5 years ago

    Thanks Kyle, This is amazing explanation. Better than any other source I came across for this topic.

     

  4. Paul 4 years ago

    Cool, but if i run the report for a second time it shows nothing. Only changes (new files) are reported. How can i get my report to show all results, including older ones?

    On server 2016 in a 2016 domain btw

    • Chris 4 years ago

      @Paul, If you use Storage Reports Management (in the tree above Classification Management in FSRM ) to schedule a report based on the classification property that you have defined it will report on all files, including previously detected ones.

Leave a reply to JN Click here to cancel the reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account