Custom Folders Based on Search Type

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Hello All. 
Background: We have Data Stewards in every department who are responsible for scanning all the machines, and handling any results that come up. So far, either the Data Steward or the individual users are running scans, but we are moving toward scheduled, remote scans.

Problem: A few Data Stewards voiced concerns that users were saying, "I ran the scan and there were no results," or "I ran the scan, and shredded everything," but there wasn't an easy way for the Data Steward to verify that. 

Initial Solution: I wrote a small VB script that the Data Stewards could run on the computers that looked at the IDF logs and pulled some basic info about when the scan started and ended, how many matches were found, and so on. As the problem grew, we decided that another piece of "software" floating around wasn't the best thing to do. 

Idea: With the ability to run remote scans for each department, I wanted to use the ability of saving the results in a secure .idf file, for which only the Data Steward would have the password, and could easily know if the computer was scanned or not. However, I found that a results file will only be saved if Identity Finder actually finds matches, which put us back to our first problem.

Workaround: I created another VB scripted and embedded it with the installer that creates a hidden, system, dummy file when Identity Finder is installed. This file has a SSN that will be found, thus creating the saved .idf file. 

Problem #2: When there is a user initiated scan, I don't want Identity Finder to look at this folder and find this dummy file, because I don't want users to have a headache over some random SSN. But I would like a remote, scheduled scan to look at this folder so it can find a least that result and create the saved .idf file. 

Through my testing, it looks like I can do it by excluding the folder in the base University Wide system policy, and by running a search now on a group of endpoints with a higher priority policy in place. However, I can't seems to get it to work when I try doing a Scheduled Task scan in a higher priory policy. 

I'm looking for any feedback on how to tweak what the system policy covers so that the custom folder list defined in the Schedule Task policy will take precedence, OR, find a way to create a list of custom folders based on the type of scan initiated.

I know this is a lot, so if you need any clarification let me know. 

Thanks!

Reggie. 

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
rwarner1 Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 30 Nov 2010 Location: Chicago Status: Offline Points: 23	Post Options Post Reply Quote rwarner1 Report Post Thanks(0) Quote Reply Topic: Custom Folders Based on Search Type Posted: 13 Jun 2012 at 2:23pm
	Hello All. Background: We have Data Stewards in every department who are responsible for scanning all the machines, and handling any results that come up. So far, either the Data Steward or the individual users are running scans, but we are moving toward scheduled, remote scans. Problem: A few Data Stewards voiced concerns that users were saying, "I ran the scan and there were no results," or "I ran the scan, and shredded everything," but there wasn't an easy way for the Data Steward to verify that. Initial Solution: I wrote a small VB script that the Data Stewards could run on the computers that looked at the IDF logs and pulled some basic info about when the scan started and ended, how many matches were found, and so on. As the problem grew, we decided that another piece of "software" floating around wasn't the best thing to do. Idea: With the ability to run remote scans for each department, I wanted to use the ability of saving the results in a secure .idf file, for which only the Data Steward would have the password, and could easily know if the computer was scanned or not. However, I found that a results file will only be saved if Identity Finder actually finds matches, which put us back to our first problem. Workaround: I created another VB scripted and embedded it with the installer that creates a hidden, system, dummy file when Identity Finder is installed. This file has a SSN that will be found, thus creating the saved .idf file. Problem #2: When there is a user initiated scan, I don't want Identity Finder to look at this folder and find this dummy file, because I don't want users to have a headache over some random SSN. But I would like a remote, scheduled scan to look at this folder so it can find a least that result and create the saved .idf file. Through my testing, it looks like I can do it by excluding the folder in the base University Wide system policy, and by running a search now on a group of endpoints with a higher priority policy in place. However, I can't seems to get it to work when I try doing a Scheduled Task scan in a higher priory policy. I'm looking for any feedback on how to tweak what the system policy covers so that the custom folder list defined in the Schedule Task policy will take precedence, OR, find a way to create a list of custom folders based on the type of scan initiated. I know this is a lot, so if you need any clarification let me know. Thanks! Reggie.
	"For the things we have to learn before we can do them, we learn by doing them." - Aristotle

dwoodruff Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 24 Nov 2010 Location: Rochester, NY Status: Offline Points: 71	Post Options Post Reply Quote dwoodruff Report Post Thanks(0) Quote Reply Posted: 19 Jun 2012 at 1:30pm
	I take it you are using the Console to deploy the policies and organize endpoints, correct? If you have decent endpoint organization in the console, why not create roles for each department Data Steward and give them rights to see only their tag's data? We have taken this approach and it works pretty well, both technically and process wise. We also have a series of 10 reports that follow a logical progression of what a Data Steward would want to see in their environment - from computers installed, computers not installed but in an AD tag, to last search data, last search vs previous search data, and roll up summaries. If rolls and console access for Stewards were possible in your environment, you might avoid these scripts and workarounds all together. Your Stewards would also be able to review the data without visiting each computer. Regarding the policies, what if you just have multiple System policies instead of Scheduled Task policies? In my environment, I only use System policies. There is a default All Endpoints policy that specifies basic configuration that everyone needs and that is on the very bottom of the list. Then each department has their own policy and is applied to their tag. In here are any department specific configuration settings such as additional network drive letters to search as well as their monthly scheduled tasks. From everything I have seen, a manual search and a scheduled task both search the exact same locations and respect the inclusions/exclusions defined in Custom Folders. Hope that makes sense! Dan