FILE SERVERS1:45-2:00

WHAT IS A FILE SERVER?

“A file server is a file storage device on a Local Area Network (LAN) that is generally accessible to all users on the network.

A file server stores, manages and maintains data files for users on the system.

They serve as central data depositories for networks of desktop computers.

They are more powerful and efficient thandesktop computers and allowmultiple users to update documentsand share computer files…”

- Arkfeld on Electronic Discovery and Evidence

WHAT IS A FILE SERVER, CONT?

Further: “A computer that serves as a storage location for files on a network.File servers may be employed to storeElectronically Stored Information, such asemail, financial data or word processinginformation or to backup the network.”

While there are several types of file servers(UNIX, LINUX, etc.) and use cases for them,the focus today is on Windows-basedfile servers use for file sharing purposes

ABOUT FILE SERVERS

Major potential source for discovery One of the main “roles”

Windows Server provides Provide centralized storage for ESI Underlying storage can be:

– Direct Attached Storage (DAS)– Storage Area Network (SAN) or Network Attached Storage (NAS)

Are included in the company’s backup and disaster recovery plan

Often there is a file server at each office/physical location Accessible to all and/or designated groups of users Managed via Microsoft Active Directory (AD) and Group Policy

HOW DO FILE SERVERS FIT INTO THE IT INFRASTRUCTURE?

Provided to users as a place to store ESI that should be backed up

Usually “under-managed” in the sense there are typically no rules or protocols regarding how ESI is stored below the “share” level– Users frequently have wide latitude to

create folders and folder hierarchyas they wish

Rarely subject to records managementor retention– Most organizations do not actively groom

or prune their file servers

HOW ARE FILE SERVERS TYPICALLY CONFIGURED?

File server at each company facility File servers centralized or regionalized Partitioned – segregated into multiple “drives” Backed up on a regular schedule

HOW ARE FILE SERVERS TYPICALLY CONFIGURED, CONT.

Multiple partitions– Home directory…(“H” or “E” drive)

o Typically set up so each user has a home directory only accessible to that user and IT admin

– Public drive…(“P”, “O”, “J” etc. drive)o May be set up so all employees or just employees

in a specific location have access

– Departmental drive…(”D”, ”G”, etc. drive)o Set up for file sharing between members of

certain departments– HR, Sales, Accounting, Legal, etc.

– Utility drive… (T”, “Z”, etc. drive)o Typically set up by IT to facilitate distribution of software,

utilities, and other IT related functions– May not be viewable or directly accessible to users

FILE SERVER CONCEPTS

Drive mapping– Ability to map a remote shared folder to the local machine– Folder remains in remote location but user has access

(see Offline Files feature)

Permissions– Share permission– Item-level permission

Redirected folders/folder redirection– Managed via Group Policy– Redirect commonly used folders local– hard disk to network location

o AppData (Roaming), Desktop, Start Menu,o Documents, Pictures, Music, Videos, Contacts,o Downloads, Links, Searches, Saved Games

FILE SERVER CONCEPTS CONT’D

Offline files– Files users open from shared folder are automatically– available offline– Default location: C:\Windows\CSC

(can be changed via registry setting)

Work Folders (“synced sharing”)– Use an internet or corporate network connection

to sync data to local computer fromcorporate file servers

Branch Cache– Enables computers in a branch office to

cache files that are downloaded from ashared folder and then securely sharethe files to other computers in the branch office

FILE SERVER CASE STUDY: FORTUNE 500 COMPANY

Global chemical manufacturing company 68 file servers world-wide, including: TX, MI, KY,

France, Mexico, Germany Primary storage technology for

file servers is SAN, specifically,HP MSA 2000 devices

Every employee with a ABC-issued computer has a home directory– May be a few employees without computers who

have home directories

FILE SERVER CASE STUDY: FORTUNE 500 COMPANY, CONT.

According to John Smith, there is only one company wide and open public share; this public share resides on amgdcfilep1 and amgdcfilep2 (clustered servers). – This company-wide share is referred to as the “T-drive.” Drive

letter automatically assigned at every system boot.– Data is being automatically purged 60 days after creation date.

The share to which this is being applied is called “all sites unsecured.”

Departmental and “project” shares are used.– Users have access to departmental and project shares based on

their job responsibilities and business requirements– Access to these shares is controlled via Active Directory (as well as

share permissions, and file permissions)– Directory and Resource Administrator (DRA – NetIQ) is also used,

primarily by help desk, to manage users and groups

FILE SERVER CASE STUDY: FORTUNE 500 COMPANY, CONT.

Backup schedule and scope should be identified early in the discovery process (identification and preservation stages) to ascertain scope of backup and avoid potential and/or scheduled deletion.

Does not necessarily mean that backups for disaster recovery fall under a litigation hold (Automated Solutions Corp. v. Paragon Data Sys., Inc., —F.3d—, 2014 WL 2869286 (6th Cir. June 25, 2014)), but failure to identify and act can have adverse implications, when backups are the only source of specifically relevant ESI.

WINDOWS SERVER 2012 FILE SERVER RESOURCE MANAGER

Provides management controls for ESI stored on file servers, including: – Quotas– File screening– Reporting– File classification

WHAT IS ACTIVE DIRECTORY?

AD is a central database of information about all the “objects” in a Windows network

A key function of AD is managing the objects in the network, including file servers, users, printers, and other resources

Who has permission to what file server(s) is controlled via AD

AD can be used for collectionfrom File Servers

WHAT IS GROUP POLICY?

Controls the working environment of users and computers in a Microsoft network

Controls a wide range of features and functions, incl.– Password complexity– Folder redirection– Hundreds of other features

PERMISSIONS

Frequently used method of partial preservation by IT

Does not change file system metadata

DRIVE MAPPING

Caution when relying on a custodian’s drive letter designation for collection purposes.

Check what network location the drive letter actually points to Why? One user’s “H” drive can map to a different location than another

user’s “H” drive.

QUOTA

NEXT TOPICBREAK, THEN MICROSOFT SHAREPOINT