Add Shadowing

An administrator can establish visibility for the file content read from and written to devices connected to clients. This type of visibility is referred to as file shadowing.

File shadowing can be applied to the following device classes:

  • COM/Serial Ports
  • DVD/CD Drives

    When burning to a CD/DVD/BD, files burned only during a single/first session are shadowed.

  • LPT/Parallel Ports
  • Floppy Disk Drives
  • Printers

    You can assign shadowing only to the main printer class under default settings or to a special PC under machine-specific settings.
    Only print jobs sent to printers that use the Microsoft Windows Print Spooler service are shadowed.

  • Removable Storage Devices

You can also apply file shadowing to:

  • Device groups
  • Computer-specific devices or device model types
  1. In the Management Console, select View > Modules > Device Explorer.
  2. From the Default settings division of the Device Explorer hierarchy, right-click a device, device class, or device type.
  3. Select Add Shadow from the right-mouse menu.
  4. Click Add.
    The Select Group, User, Local Group, Local User dialog opens.
  5. Select the user or user group and click Next.
    The Choose Bus dialog opens.
  6. Select All or individual bus types.

    Important: The available bus types shown are dependent upon the device class you select. The Encryption panel is only active, with all options selected by default, for the Removable Storage Devices and DVD/CD Drives device classes.

  7. Select a Drive option.
  8. Click Next.
    The Choose Permissions dialog opens.
  9. In the Read and/or Write panels, choose one of the following options:
  10. Option



    File content copying is not active.


    File content copying is not active; only the file name for a file copied to or from a device is saved in the Ivanti Device and Application Control database.


    File content copying is active.

    Restriction: Only the Write panel is active for the COM/Serial Ports, LPT/Parallel Ports and Printers device classes.

  11. Click Next.
  12. From the Finish dialog, click Finish.
    The shadow rule permission details are shown in the Permissions column of the Device Explorer hierarchical structure. The shadow permission details are displayed in the Permissions column of the Device Explorer module. A value of R means that shadowing is enabled for files read to and from the device, W means that it is on when files are written to and from the device; no letter means that shadowing is enabled for both reading and writing files. You can review shadowed files using the Log Explorer module.

Specifying where shadow files are stored

Using shadowing on large environments can lead to great storage requirements. To better handle this need, you can change the default path where shadow files are stored. In this case you can use your storage servers or even better, using third party applications that mount cloud storage drives, you can store your shadow files in the cloud.

You do this using two values of type REG_SZ in the registry key Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sxs\parameters:

DataFileDirectory - the location used to store shadow files and scan files, and also used for temporary purposes when agents upload logs, shadow files, and scan files.

TempFileDirectory - optionally, if the server specified in DataFileDirectory is remote, the location specified here is used to offload the intensive usage of the temporary accesses to a local folder or a close share with low latency.

Related Information

Related Tasks