file servers 1:45-2:00. what is a file server? “a file server is a file storage device on a local...
TRANSCRIPT
FILE SERVERS1:45-2:00
WHAT IS A FILE SERVER?
“A file server is a file storage device on a Local Area Network (LAN) that is generally accessible to all users on the network.
A file server stores, manages and maintains data files for users on the system.
They serve as central data depositories for networks of desktop computers.
They are more powerful and efficient thandesktop computers and allowmultiple users to update documentsand share computer files…”
- Arkfeld on Electronic Discovery and Evidence
WHAT IS A FILE SERVER, CONT?
Further: “A computer that serves as a storage location for files on a network.File servers may be employed to storeElectronically Stored Information, such asemail, financial data or word processinginformation or to backup the network.”
While there are several types of file servers(UNIX, LINUX, etc.) and use cases for them,the focus today is on Windows-basedfile servers use for file sharing purposes
ABOUT FILE SERVERS
Major potential source for discovery One of the main “roles”
Windows Server provides Provide centralized storage for ESI Underlying storage can be:
– Direct Attached Storage (DAS)– Storage Area Network (SAN) or Network Attached Storage (NAS)
Are included in the company’s backup and disaster recovery plan
Often there is a file server at each office/physical location Accessible to all and/or designated groups of users Managed via Microsoft Active Directory (AD) and Group Policy
HOW DO FILE SERVERS FIT INTO THE IT INFRASTRUCTURE?
Provided to users as a place to store ESI that should be backed up
Usually “under-managed” in the sense there are typically no rules or protocols regarding how ESI is stored below the “share” level– Users frequently have wide latitude to
create folders and folder hierarchyas they wish
Rarely subject to records managementor retention– Most organizations do not actively groom
or prune their file servers
HOW ARE FILE SERVERS TYPICALLY CONFIGURED?
File server at each company facility File servers centralized or regionalized Partitioned – segregated into multiple “drives” Backed up on a regular schedule
HOW ARE FILE SERVERS TYPICALLY CONFIGURED, CONT.
Multiple partitions– Home directory…(“H” or “E” drive)
o Typically set up so each user has a home directory only accessible to that user and IT admin
– Public drive…(“P”, “O”, “J” etc. drive)o May be set up so all employees or just employees
in a specific location have access
– Departmental drive…(”D”, ”G”, etc. drive)o Set up for file sharing between members of
certain departments– HR, Sales, Accounting, Legal, etc.
– Utility drive… (T”, “Z”, etc. drive)o Typically set up by IT to facilitate distribution of software,
utilities, and other IT related functions– May not be viewable or directly accessible to users
FILE SERVER CONCEPTS
Drive mapping– Ability to map a remote shared folder to the local machine– Folder remains in remote location but user has access
(see Offline Files feature)
Permissions– Share permission– Item-level permission
Redirected folders/folder redirection– Managed via Group Policy– Redirect commonly used folders local– hard disk to network location
o AppData (Roaming), Desktop, Start Menu,o Documents, Pictures, Music, Videos, Contacts,o Downloads, Links, Searches, Saved Games
FILE SERVER CONCEPTS CONT’D
Offline files– Files users open from shared folder are automatically– available offline– Default location: C:\Windows\CSC
(can be changed via registry setting)
Work Folders (“synced sharing”)– Use an internet or corporate network connection
to sync data to local computer fromcorporate file servers
Branch Cache– Enables computers in a branch office to
cache files that are downloaded from ashared folder and then securely sharethe files to other computers in the branch office
FILE SERVER CASE STUDY: FORTUNE 500 COMPANY
Global chemical manufacturing company 68 file servers world-wide, including: TX, MI, KY,
France, Mexico, Germany Primary storage technology for
file servers is SAN, specifically,HP MSA 2000 devices
Every employee with a ABC-issued computer has a home directory– May be a few employees without computers who
have home directories
FILE SERVER CASE STUDY: FORTUNE 500 COMPANY, CONT.
According to John Smith, there is only one company wide and open public share; this public share resides on amgdcfilep1 and amgdcfilep2 (clustered servers). – This company-wide share is referred to as the “T-drive.” Drive
letter automatically assigned at every system boot.– Data is being automatically purged 60 days after creation date.
The share to which this is being applied is called “all sites unsecured.”
Departmental and “project” shares are used.– Users have access to departmental and project shares based on
their job responsibilities and business requirements– Access to these shares is controlled via Active Directory (as well as
share permissions, and file permissions)– Directory and Resource Administrator (DRA – NetIQ) is also used,
primarily by help desk, to manage users and groups
FILE SERVER CASE STUDY: FORTUNE 500 COMPANY, CONT.
Backup schedule and scope should be identified early in the discovery process (identification and preservation stages) to ascertain scope of backup and avoid potential and/or scheduled deletion.
Does not necessarily mean that backups for disaster recovery fall under a litigation hold (Automated Solutions Corp. v. Paragon Data Sys., Inc., —F.3d—, 2014 WL 2869286 (6th Cir. June 25, 2014)), but failure to identify and act can have adverse implications, when backups are the only source of specifically relevant ESI.
WINDOWS SERVER 2012 FILE SERVER RESOURCE MANAGER
Provides management controls for ESI stored on file servers, including: – Quotas– File screening– Reporting– File classification
WHAT IS ACTIVE DIRECTORY?
AD is a central database of information about all the “objects” in a Windows network
A key function of AD is managing the objects in the network, including file servers, users, printers, and other resources
Who has permission to what file server(s) is controlled via AD
AD can be used for collectionfrom File Servers
WHAT IS GROUP POLICY?
Controls the working environment of users and computers in a Microsoft network
Controls a wide range of features and functions, incl.– Password complexity– Folder redirection– Hundreds of other features
PERMISSIONS
Frequently used method of partial preservation by IT
Does not change file system metadata
DRIVE MAPPING
Caution when relying on a custodian’s drive letter designation for collection purposes.
Check what network location the drive letter actually points to Why? One user’s “H” drive can map to a different location than another
user’s “H” drive.
QUOTA
NEXT TOPICBREAK, THEN MICROSOFT SHAREPOINT