Windows 7 / Networking

File Classification Management

As stated earlier in this tutorial, Windows Server 2008 R2 FSRM includes a new feature called file classification, based on the new File Classification Infrastructure or FCI. File classification allows an organization to define properties and rules that will add specific file properties to better define the characteristics of the classified files. File classification properties are supported on a Windows Server 2008 R2 NTFS partition and the file classification properties will follow Microsoft Office 2007 files and SharePoint files when moved around. All other files that are classified will have their properties stored within the NTFS volume they are hosted on, but if the files are moved to other Windows Server 2008 R2 NTFS volumes, these properties will follow the files.

File classification in Windows Server 2008 R2 is the first release of this feature and is sure to be more and more valuable as third-party Microsoft partners and independent software vendors extend the functionality included with the default framework provided. Currently, out of the box, Microsoft Windows Server 2008 R2 allows administrators to create file properties and automatically classify files with these properties based on the file location and, in some cases, based on the content stored within the file. The steps to file classification include, first, enabling and defining file properties that can be used for classification and, second, creating classification rules that will actually classify files according to the criteria defined within the rule, and properties and values that are applied to this rule. Once files are classified, file management tasks can be created to perform tasks upon classified files, such as moving files to designated folders or performing custom tasks such as running automated scripts to perform any number of tasks related to the particular file classifications.

The best way to understand file classification is to start defining file classification properties, file classification rules, and file management tasks on data that has been copied from a server share to an isolated lab server running Windows Server 2008 R2. Once a file is classified and has properties defined, these properties cannot be removed-they can only be overwritten or merged with other properties, so performing any sort of learning or testing on production data can result in undesired changes that would require heavy manual work to reverse. To begin using the file classification features of Windows Server 2008 R2, install the File Server Resource Manager service and tool as previously described in this tutorial, then perform the steps outlined in the proceeding sections.

Classification Properties

Classification properties are used to categorize files to be used later for file management tasks or reporting. A classification property, as included with Windows Server 2008 R2, includes the following classification property types:

  • Yes/No
  • Date-time
  • Number
  • Ordered List
  • String
  • Multichoice
  • Multistring

To get a good understanding of how classification can be used, this section and the following sections provide an example of how classification can be used to classify files based on content that includes the word password. To do this, we will create a file property type of Yes/No and create a classification rule to search the E:\ITDept folder for any files containing the word and to classify these files as necessary. To perform this task, we must first create the classification property. Perform the following steps to create the classification property:

  1. Log on to a Windows Server 2008 R2 system with the FSRM service and tool installed, with an account with administrative rights.
  2. Click Start, click All Programs, click Administrative Tools, and select Server Manager.
  3. Expand Roles, expand File Services, expand Share and Storage Management, and double-click on the File Server Resource Manager node beneath it.
  4. Double-click Classification Management and select the Classification Properties node.
  5. In the Actions pane, click on the Create Property link to start the creation of the classification property.
  6. In the Create Classification Property Definition window, type Files with Passwords in the Property name section, enter a description, and choose the Property type of Yes/No.
  7. In the Value section, enter a description as desired and click OK to create the classification property.

Once the new classification property is created, we can create a classification rule that will use this property to classify files that the rule determines to meet the criteria.

Classification Rules

Once the file administrator has created the necessary file classification properties, they can proceed in creating classification rules that will actually process and classify the files that meet the rule criteria, by applying the necessary classification property values to the file collections. To create a new classification rule, perform the following steps:

  1. Log on to the same Windows Server 2008 R2 system that the Files with Passwords classification property was previously defined on, with an account with administrative rights.
  2. Click Start, click All Programs, click Administrative Tools, and select Server Manager.
  3. Expand Roles, expand File Services, expand Share and Storage Management, and double-click on the File Server Resource Manager node beneath it.
  4. Double-click Classification Management and select the Classification Rules node.
  5. In the Actions pane, click on the Create a New Rule link to start the creation of a new classification rule.
  6. In the Classifications Rule Definitions window, type in the name of the rule as Classify files with passwords and enter a description.
  7. In the Scope section of the page, click the Add button to define the volumes and or folders that this classification rule will be applied to. For our example, we will apply this rule to E:\ITDept. When the location is specified, all subfolders will be included.
  8. Once the name, description, and file locations are defined, click on the Classification tab and select Content Classifier from the Classification mechanism drop-down menu.
  9. In the Property Name section, select the Files with Passwords property and set the property value to be assigned as Yes
  10. Click the Advanced button to set the additional parameters that will actually be used to determine if the files match the criteria and should be classified with the property defined in this rule.
  11. In the Additional Rule Parameters window, select the Additional Classification Parameters tab. On this tab, administrators can define three different types of criteria used to search with a files content. These three types are as follows:
    • RegularExpression-The RegularExpression is the same as is used with .NET programming and can be used to find complex or multiple types of data formats, for more complex searches.
    • String-The String type is used to find a very specific string, such as password that will not be dependent on the case of the string, although the string must be an exact match. For example, the string password will not match passwords, as that is a different string.
    • StringCaseSensitive-The StringCaseSensitive is the same as the string, in that the entire string must be an exact match, but the case must match. For example, the StringCaseSensitive string of Password will not match the string password.
  12. For our example, we will specifically look for the word password and will not care about the case. In the Name section, type in String and in the value type in password. Click OK when completed.
  13. Back on the Classification Rule Definitions page, click OK to complete the rule creation.

Once the rule is created, it can be scheduled or run manually. To run all of the rules manually, in the tasks pane, right-click on the Classification Rules node and select Run Classification with All Rules Now. Follow the steps to select the type of report that will be generated and whether the administrator will wait for the classification to complete and display the window or to have the process run in the background. If a schedule or a manual run is performed, any files that meet the properties of any enabled classification rules will be classified, unless these files have been previously classified.

[Previous] [Contents] [Next]

In this tutorial:

  1. File System Management
  2. Windows Server 2008 R2 File System/Technologies
  3. File Classification Infrastructure
  4. Remote Storage Service (RSS)
  5. File System Access Services and Technologies
  6. Windows Server 2008 R2 Disks
  7. Utilizing External Disk Subsystems
  8. Managing Windows Server 2008 R2 Disks
  9. Creating Fault-Tolerant Volumes Using Disk Management
  10. System File Reliability
  11. Adding the File Services Role
  12. Managing Data Access Using Windows Server 2008 R2 Shares
  13. Install BranchCache
  14. Volume-Based NTFS Quota Management
  15. File Server Resource Manager (FSRM)
  16. Installing the File Server Resource Manager Tools
  17. Adjusting Quotas
  18. Creating File Screens
  19. Generating Storage Reports with FSRM
  20. File Classification Management
  21. File Management Tasks
  22. The Distributed File System
  23. DFS Replication
  24. Planning a DFS Deployment
  25. Planning for DFS Replication
  26. Installing DFS
  27. Creating a DFS Folder and Replication Group
  28. Managing and Troubleshooting DFS
  29. Backing Up DFS
  30. Using the Volume Shadow Copy Service