Plan for Automatic File Classification
Published: August 16, 2012
Updated: September 26, 2012
Applies To: Windows Server 2012
Before you deploy file classification across the file servers in your organization, you should identify the information that should be classified and identify the appropriate classification method.
Use the following table to plan your automatic file classification deployment in your organization.
Inventory your existing data and decide what information needs to be classified before creating rules.
Choose the appropriate classification method for the classification rule: manual, location-based, or content-based.
Use the Data Classification Toolkit when possible to export the configuration from a baseline computer and import it on the file servers.
You should start by doing an inventory on the existing data on all files in your organization. From there, you should list the classification requirements and use that list to figure out which file and folder should be classified. Be sure to ensure that you consider any regulations, such as HIPAA, while you are listing the classification requirements.
Before you create any new classification properties, ensure that a matching resource property does not already exist in Active Directory Domain Services. If one already exists, you should enable that resource property before creating a new one.
When you identify the files that should be classified, you should include both new and existing files in your organization. There are three ways to classify files:
Manual You can classify files manually by using the Classification tab of the properties sheet of the file.
Location-based Location-based classification can be used by classifying folders manually using the Classification tab or by using the folder classifier in a classification rule.
Content-based Content-based classification can be deployed by using the content classifier in a classification rule. The Data Classification Toolkit includes some built-in rules for determining personally identifiable information. More information on the Data Classification Toolkit can be found on the TechNet website.
If the folder and content classifiers do not fit the requirements of your organization, you can use the Windows PowerShell classifier or purchase a non-Microsoft classifier. The Windows PowerShell classifier allows you to write a Windows PowerShell script that returns true or false. If true, the file is classified according to the classification rule.
There are several things to consider when you have more than one file server in your organization:
The Data Classification Toolkit uses Windows PowerShell cmdlets to import and export classification rules. You should be this to export the configuration from a baseline computer and import to another computer to ensure that the configuration is the same.
You should use dynamic name spaces when the source and destination servers use the same drive letters for the storage on the server. When you create a new file share by using Server Manager, you can specify the name space. For more information about dynamic name spaces, see What's New in File Server Resource Manager in Windows Server 2012.