Classification made easy with File Classification Infrastructure in Windows Server 2008 R2
Published Apr 10 2019 02:09 AM 388 Views
Iron Contributor
First published on TECHNET on Oct 16, 2009

Don’t know how to get started on classification?

Afraid of getting it wrong?

Think classification is cost prohibitive?

Don’t understand what value you can get out of classifying and applying policy?

If you answered yes to one of the above  – read on

How do I start? What if I make a mistake?

The Windows Server 2008 R2 File Classification Infrastructure makes it easy to start:

·         Crawl, Walk, Run: There is no need to determine everything up-front. You can start with one classification property (e.g.: Secrecy=High,Medium,Low) or more and then add additional properties as you see fit

·         It is very easy to set up – You can get familiar with classification in a Sandbox environment – using Hyper-V and a copy of data would be a great way to understand how classification and your actions will behave before working on the production environment

·         You can “revert” classification mistakes: If you found an issue with the way classification was defined, just run a script to clear the mis-configured property and fix the configuration (see: )

Choosing classification properties

let’s talk about how to determine which classification properties you should use

Here’s a very simple guidance that we use:

Step 1: Determine the action that you want to apply to the data (e.g.: expire stale data, protect sensitive information …)

Step 2: Choose the right classification property for that action

An example – Reporting sensitive information on public file servers

Here’s a universal example: Making sure sensitive information is where it belongs.  Let’s take an example where you would like to make sure you do not have any sensitive information on public file servers.

Your action would be to get a report of all the sensitive information that resides on public servers so that you can make sure to remove files that should not be there

To achieve this action you want to classify which files have sensitive information. For that, let’s choose a property name: “Secrecy” with potential values: “High”, “Medium”, “Low”

You can then set automatic classification rules to determine the classification of documents. For example – use content classification to mark all documents that contain the word “Confidential” as “High” secrecy and use folder classification to mark all the files that are placed in the engineering servers as “Medium” secrecy

Now, all you have to do is set a scheduled storage report of type: “report by property” for the “Secrecy” property so that it will be sent to your email once a week and provides the distribution of the “Secrecy” property on each of your public servers. If you see any “High” or “Medium” secrecy documents on these servers, you know that you need to take action

Most common actions

The three most common actions based on classification that we have seen and heard people use with FCI are:


Property (option 1)

Property (option 2)

Expire stale data based on time and classification

None (just use file age and last modified)

Retention: Long, Short, Indefinite

Find and protect sensitive information on file servers

Secrecy: High, Medium, Low

Automated targeted upload of files from file servers to SharePoint

None (just use file age and last modified)


But these are all good material for additional blog entries J

Good luck with your classification

Version history
Last update:
‎Apr 10 2019 02:09 AM
Updated by: