Presentation is loading. Please wait.

Presentation is loading. Please wait.

FILE SERVERS 1:45-2:00. WHAT IS A FILE SERVER?  “A file server is a file storage device on a Local Area Network (LAN) that is generally accessible to.

Similar presentations

Presentation on theme: "FILE SERVERS 1:45-2:00. WHAT IS A FILE SERVER?  “A file server is a file storage device on a Local Area Network (LAN) that is generally accessible to."— Presentation transcript:

1 FILE SERVERS 1:45-2:00

2 WHAT IS A FILE SERVER?  “A file server is a file storage device on a Local Area Network (LAN) that is generally accessible to all users on the network.  A file server stores, manages and maintains data files for users on the system.  They serve as central data depositories for networks of desktop computers.  They are more powerful and efficient than desktop computers and allow multiple users to update documents and share computer files…” - Arkfeld on Electronic Discovery and Evidence

3 WHAT IS A FILE SERVER, CONT?  Further: “A computer that serves as a storage location for files on a network. File servers may be employed to store Electronically Stored Information, such as email, financial data or word processing information or to backup the network.”  While there are several types of file servers (UNIX, LINUX, etc.) and use cases for them, the focus today is on Windows-based file servers use for file sharing purposes

4 ABOUT FILE SERVERS  Major potential source for discovery  One of the main “roles” Windows Server provides  Provide centralized storage for ESI  Underlying storage can be: –Direct Attached Storage (DAS) –Storage Area Network (SAN) or Network Attached Storage (NAS)  Are included in the company’s backup and disaster recovery plan  Often there is a file server at each office/physical location  Accessible to all and/or designated groups of users  Managed via Microsoft Active Directory (AD) and Group PolicyMicrosoft Active Directory (AD)Group Policy

5 HOW DO FILE SERVERS FIT INTO THE IT INFRASTRUCTURE?  Provided to users as a place to store ESI that should be backed up  Usually “under-managed” in the sense there are typically no rules or protocols regarding how ESI is stored below the “share” level –Users frequently have wide latitude to create folders and folder hierarchy as they wish  Rarely subject to records management or retention –Most organizations do not actively groom or prune their file servers

6 HOW ARE FILE SERVERS TYPICALLY CONFIGURED?  File server at each company facility  File servers centralized or regionalized  Partitioned – segregated into multiple “drives”  Backed up on a regular schedule

7 HOW ARE FILE SERVERS TYPICALLY CONFIGURED, CONT.  Multiple partitions –Home directory…(“H” or “E” drive) o Typically set up so each user has a home directory only accessible to that user and IT admin –Public drive…(“P”, “O”, “J” etc. drive) o May be set up so all employees or just employees in a specific location have access –Departmental drive…(”D”, ”G”, etc. drive) o Set up for file sharing between members of certain departments –HR, Sales, Accounting, Legal, etc. –Utility drive… (T”, “Z”, etc. drive) o Typically set up by IT to facilitate distribution of software, utilities, and other IT related functions –May not be viewable or directly accessible to users

8 FILE SERVER CONCEPTS  Drive mapping –Ability to map a remote shared folder to the local machine –Folder remains in remote location but user has access (see Offline Files feature)  Permissions –Share permission –Item-level permission  Redirected folders/folder redirection –Managed via Group Policy –Redirect commonly used folders local –hard disk to network location o AppData (Roaming), Desktop, Start Menu, o Documents, Pictures, Music, Videos, Contacts, o Downloads, Links, Searches, Saved Games

9 FILE SERVER CONCEPTS CONT’D  Offline files –Files users open from shared folder are automatically –available offline –Default location: C:\Windows\CSC (can be changed via registry setting)  Work Folders (“synced sharing”) –Use an internet or corporate network connection to sync data to local computer from corporate file servers  Branch Cache –Enables computers in a branch office to cache files that are downloaded from a shared folder and then securely share the files to other computers in the branch office

10 FILE SERVER CASE STUDY: FORTUNE 500 COMPANY  Global chemical manufacturing company  68 file servers world-wide, including: TX, MI, KY, France, Mexico, Germany  Primary storage technology for file servers is SAN, specifically, HP MSA 2000 devices  Every employee with a ABC-issued computer has a home directory –May be a few employees without computers who have home directories

11 FILE SERVER CASE STUDY: FORTUNE 500 COMPANY, CONT.  According to John Smith, there is only one company wide and open public share; this public share resides on amgdcfilep1 and amgdcfilep2 (clustered servers). –This company-wide share is referred to as the “T-drive.” Drive letter automatically assigned at every system boot. –Data is being automatically purged 60 days after creation date. The share to which this is being applied is called “all sites unsecured.”  Departmental and “project” shares are used. –Users have access to departmental and project shares based on their job responsibilities and business requirements –Access to these shares is controlled via Active Directory (as well as share permissions, and file permissions) –Directory and Resource Administrator (DRA – NetIQ) is also used, primarily by help desk, to manage users and groups

12 FILE SERVER CASE STUDY: FORTUNE 500 COMPANY, CONT.  Backup schedule and scope should be identified early in the discovery process (identification and preservation stages) to ascertain scope of backup and avoid potential and/or scheduled deletion.  Does not necessarily mean that backups for disaster recovery fall under a litigation hold (Automated Solutions Corp. v. Paragon Data Sys., Inc., —F.3d—, 2014 WL 2869286 (6th Cir. June 25, 2014)), but failure to identify and act can have adverse implications, when backups are the only source of specifically relevant ESI.

13 WINDOWS SERVER 2012 FILE SERVER RESOURCE MANAGER  Provides management controls for ESI stored on file servers, including: –Quotas –File screening –Reporting –File classification

14 WHAT IS ACTIVE DIRECTORY?  AD is a central database of information about all the “objects” in a Windows network  A key function of AD is managing the objects in the network, including file servers, users, printers, and other resources  Who has permission to what file server(s) is controlled via AD  AD can be used for collection from File Servers

15 WHAT IS GROUP POLICY?  Controls the working environment of users and computers in a Microsoft network  Controls a wide range of features and functions, incl. –Password complexity –Folder redirection –Hundreds of other features

16 PERMISSIONS  Frequently used method of partial preservation by IT  Does not change file system metadata

17 DRIVE MAPPING  Caution when relying on a custodian’s drive letter designation for collection purposes.  Check what network location the drive letter actually points to  Why? One user’s “H” drive can map to a different location than another user’s “H” drive.



Download ppt "FILE SERVERS 1:45-2:00. WHAT IS A FILE SERVER?  “A file server is a file storage device on a Local Area Network (LAN) that is generally accessible to."

Similar presentations

Ads by Google