For an overview of File Classification Infrastructure, check Classifying files based on location and content using the File Classification Infrastructure (FCI) in Windows Server 2008 R2 . Previously we showed you how to expire stale data using File Management Tasks in Windows Server 2008 R2 . Now let's look at what else can be done with File Management Tasks.
As stated previously, File Management Tasks are a mechanism to apply a commands to a selected set of files on a scheduled basis. The trick to applying an action other than Expiration to the selected files is simply to change a drop down box on the Task’s Action tab. You can see the default action here:
The other two options in the drop down are "Custom" and "RMS Encryption". With a Custom File Management Task, you can then specify an arbitrary executable with a series of parameters that will be run for each file that matches the conditions of the File Management Task. The only restriction is that the executable as well as the folder structure the command is contained in (as in all parent folders) must be writeable for Administrator and System only. If we did not impose this restriction a non-authenticated user would be able to replace the command being run.
We will now provide an example of using a Custom File Management Task to do something useful. The script we will give essentially:
- looks at the folder structure of the file passed in as the first parameter
- creates a new directory under the folder passed in as the second parameter with the folder structure path discovered in step 1
- moves the file into that new directory
- creates a link to the file in its original location
Copy and paste this script into C:\Windows\System32\MoveCreateLink.ps1:
param([string]$FileSource, [string]$FolderDestination)
# Capture source folder name and filename
$SourceFileName = (Get-Item $FileSource).Name
$SourceFolder = (Get-Item $FileSource).DirectoryName
# Destination Path
$DestinationPath = $FolderDestination + "\" + $SourceFolder.Substring(3, $SourceFolder.Length-3)
# Check Destination Path, create if doesn't exist
$CheckedPath = Get-Item $DestinationPath -ErrorAction Ignore
if ($CheckedPath -eq $null) {
New-Item -Path $DestinationPath -ItemType Directory
}
# Move original file
Move-Item -Path $FileSource -Destination $DestinationPath
# Create shortcut in original location
$expr = Invoke-Expression -Command ("cmd /c mklink `"" + $FileSource + "`" `"" + $DestinationPath + "\" + $SourceFileName + "`"")
The following PowerShell will automatically create a Custom File Management Job that uses the MoveCreateLink.ps1 script:
$Command = "C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe"
$CommandParameters = "`"C:\Windows\System32\MoveCreateLink.ps1 -FileSource '[Source File Path]' -FolderDestination 'C:\Expired'`""
$Action = New-FSRMFmjAction -Type Custom -Command $Command -CommandParameters $CommandParameters -SecurityLevel LocalSystem -WorkingDirectory "C:\Windows\System32\WindowsPowerShell\v1.0\"
$Condition = New-FsrmFmjCondition -Property "File.DateLastModified" -Condition LessThan -Value "Date.Now" -DateOffset -365
$Schedule = New-FsrmScheduledTask -Time (Get-Date) -Weekly Sunday
New-FsrmFileManagementJob -Name "Custom File Expiration" -Namespace "C:\Shares" -Action $Action -Condition $Condition -Schedule $Schedule
Effectively we built a simple form of Hierarchical Storage management with a few lines of batch scripting. Since this script does alter files, we need to set the custom action to run as Local System. However, if your executable needs lower permissions, you can restrict the account it runs in further.
Now what else can we do this? We could use Custom File Management Tasks to:
- Compact database files that haven't been modified in a year (custom action of compact.exe with a condition of not modified for 365 days and a file name of *.mdb)
- Remove the Everyone ACL from all files older than 3 days
- Generate a report of all files containing the word "confidential" that have not been modified in a year (custom script with no parameters, a condition that references a classification property with an appropriate classification rule that searches for the word "Confidential", and setting the File Management Task report to be generated in the appropriate formats)
Remember that these File Management Tasks are scheduled and can happen as often or as rarely as you would like. Tell us you think you could leverage custom File Management Tasks.
This post is provided "AS IS" with no warranties, and confer no rights. Use of included code samples are subject to the terms specified at Microsoft - Information on Terms of Use .
