View Shadow Files

To view shadow files, you can use predefined templates. When a predefined template does not contain the type of data that you want to review, you can create your own template query to view shadow files.

Prerequisites

To view shadow files, Ivanti recommends that you show only log entries that display attachments by filtering templates.

The file name, date, and administrator name are logged for every instance a shadowed file is accessed.

  1. In the Management Console, select View > Modules > Log Explorer > Templates.
    The Select and edit template dialog opens.
  2. Select a predefined shadow template from the list shown.
  3. Caution: Avoid opening files exceeding 350 MB unless sufficient resources are available.

  4. Click Select.
  5. Click Query.
  6. To view shadow files using a custom query:
    1. Click Settings.
    2. Select Attachment.
    3. Click Criteria.
    4. Select With.
    5. Click OK.
    6. Click Execute Query.
      The Select and edit template dialog closes and the query runs.

When the Shadow rule is enforced, the entries listed show attached files that are exact copies of the shadowed files:

  • Copied to or from authorized devices

  • Read by users

Depending on the selected fields, the date shown for shadow files are:

  • Traced On - when files were copied or read, to or from, the device
  • Transferred On - when a file was uploaded to the database

Device Control tracks the:

  • User name for the copied file
  • Computer name used for the copy action
  • Filename
  • Content
  • Device name

After Completing This Task

Once you list the files, right-click any attachment showing the True value, which indicates that the full content is shadowed, and select one of the following options:

Option Description
View Allows you to view the contents of the file in an internal binary viewer administered by Device Control.
Open Opens the file with the associated application as defined in Windows Explorer®. If there is no association, this command is equivalent to Open With.

Restriction: Only available for full shadowing and when selecting one log registry.

Open with Allows you choose the application that opens the file.

Restriction: Only available for full shadowing and when selecting one log registry.

Save as Allows you to save the file to a local or network drive and use an external utility or program to open the file.

Related Information:

Related Tasks: