Scan Outside Profile
In this section:
The scan enables you to discover data outside of the user’s profile and so determine whether that data should be synchronized with the File Director server.
Introduced 2020.3, the scan is performed using a configuration which includes parameters that administrators can set. The scan identifies files that match these parameters. Reports are generated to show an administrator which files have been found on a user’s endpoint outside the profile, and the administrator can then decide whether or not these files require managing using File Director.
By default, the scan is restricted to fixed (non-removable) media. However, in some circumstances USB drives may identify themselves to the OS as fixed and so will be included in the scan.
Parameters are set within the scan configuration to determine the scope of the scan - that is, where the scan searches, and which files to identify of interest. Parameters comprise a set of exclusions that can be modified by administrators. The configuration includes some default exclusions which can also be overridden.
The scan parameters use the same expression syntax as other File Director sync rules. This enables you to specify various attributes of exclusions such as path, file size, file type etc. to provide precise control over file discovery. For further information refer to Exclusions and Electives.
The file owner rule is specific to the scan feature and allows you to match an expression against the file owner. The file owner can be specified using a Regex which may contain environment variables, or a SID:
Owner == /LD\\john.smith/ or Owner == /LD\\.*/
Owner == S-1-5-21-3930722610-2437293652-3849561480-96868
•Environment variable example:
Owner == /%userdomain%\\%username%/
Note that the rule may require an internal lookup of the account name and an AD query if the account is not known locally.
By default, the scan is excluded from the following folders (including any child folders and files):
The configuration of the scan also allows defaults and exclusions to be overridden
The configuration for the scan is held under the following registry key and sub-keys:
Note, any rule specified in the ScanExclusions sub-key is added to the default excludes (as logical OR).
The ScanExclusionOverrides sub-key can be used to override any excludes, either default or specified.
Scan Exclusion Overrides
In addition to overriding default exclusions, overrides can be used to specify folders or sub-folders that already form part of the scan exclusion.
For example, the folders within
%PROGRAMFILES%\mysoftware are excluded by default. By specifying an exclusion, the administrator can include a specific subfolder relating to specific software but otherwise keep the default exclude in place.
Note, the default exclusion expression is highlighted in bold font:
Logical results of scan
|Beneath == “%ProgramFiles%”||The default exclusion has no override, so the scan excludes all files and folders beneath
|Beneath == “%ProgramFiles%”||
||The default exclusion has a corresponding override, so the scan includes all files and folders beneath
Default exclusion has been modified to also apply to a specified sub-folder
The override has been added to negate the default exclusion, so the scan includes all files and folders beneath "%ProgramFiles%” but it excludes files and folders in "%ProgramFiles%\mysoftware"
Recursive scans of deep and complex folder structures can result in performance issues and to prevent this, by default, certain exclusions cannot be overridden.
The scan will not search the following folders even if override rules are present:-
Enable the scan
By default the scan is disabled. The scan is enabled using the following registry DWORD key:
Once enabled, the scan will run immediately after the logon sync has completed.
When the scan completes it sends a default summary report to the File Director server. The summary includes how long the scan took, how many files were found, and their total size. The summary report enables administrators to review scan results and identify any areas requiring further investigation.
Optionally, the scan can also generate and send a detailed report on files found. This enables administrators to modify the scan configuration parameters and focus on identifying files of interest.
Enable detailed report
To enable detailed report to be sent use the following key:
The following scan events are audited:
•The summary details are audited once the scan completes (9834)
•Any failure when parsing the scan rules (9833)
For further information refer to Client-side auditing.
Key metrics from the scan data are visualized in a new dashboard available from the Ivanti Marketplace free for your use.
In the example illustrated, the top two graphs present data from the scan summary report:
•The number of files discovered outside of profile
•The size of files discovered.
The bottom two graphs present data from the scan details report:
•The types of files discovered
•The top 20 discovered paths per user.
Monitoring of your syslog audit stream enables you to manage your File Director appliances and ensure performance is optimal. Free tools including a number of ready-made dashboards are available for you to download.
Refer to File Director Dashboards for further information.