The Identity Finder Enterprise Client on a Windows system can be used to remotely search any file system that is viewable from that Windows system. For example, if a remote Unix or Linux system is running Samba and the files on that system can be viewed from Windows explorer, those files can be searched. There are two methods for searching remote files:
- Custom Folder list: Used to search a mapped network drive or UNC path (external link at Microsoft)
- Remote Machine list: Used to connect to one or more remote computers, optionally authenticate,
enumerate the available drives, and search all files on each drive.
Both methods can be used from within the Windows Enterprise Client user interface or configured via policy on Enterprise Console v4.5 or later. When using a policy, that policy will be applied to any Windows system that has the client installed (the managed endpoint) which will in turn search the remote computers (the unmanaged endpoint).
Custom Folder list
To search locally, remotely via a mapped drive letter, or remotely using a unc path on a machine to which authentication credentials exist, use the Custom Folder list. The custom folder list will search the specified folder and all of its files and subfolders. To prevent the searching any subfolder of a folder in the list, add the subfolder as an exclusion.
Within the client UI, the Custom Folder list is managed within Settings on the Custom Folders page. The folders specified as exclusions only apply when searching custom folders or when searching Remote Machines and the option, "Apply Custom Folder list exclusions to all machines" is enabled.
Within a policy specified on Enterprise Console v4.5 or later, use PolicyName > Search Locations > Custom Folders. Within a policy specified on the Enterprise Console 4.1.3 or earlier or in an xml configuration file, use the settings Profile\Admin\CustomFolderIncludeList and Profile\Admin\CustomFolderExcludeList. The folders specified as exclusions only apply when searching custom folders (Settings\Locations\Files\FileLocations is 2) or when searching Remote (Settings\Locations\Files\FileLocations is 3) and the setting Settings\Locations\Remote\ApplyCustomFolderListExclusions is Enable (1). When a policy is used or the above settings are used xml configuration file, the custom folders will not appear in the client user interface and consequently, the user will not be able to edit the list. If the UserData section of an xml configuration file is used, the custom folders will appear in the client UI and users will be able to edit the list.
Remote Machine list
To search remotely via IP address, NetBIOS name, or fully qualified domain name, use the Remote Computer list. The list supports the use of IP address ranges in the form 10.10.10.1-10.10.10.255. Within the client UI, the Remote Machine list is managed within Settings on the Remote Machines page and within a policy specified on Enterprise Console v4.5 or later, the Remote Machine list is specified within PolicyName > Search Locations > Remote Machines.
Identity Finder will use the credentials available at the time of the search (for example if the user is a Domain Admin and the remote machine is a member of the domain, no additional credentials are necessary). Alternatively, credentials can be supplied to Identity Finder. In Interactive Mode, the credentials are saved as part of the encrypted profile while in policy the credential are saved in an encrypted database. At the start of the search, an attempt will be made to authenticate to each specified machine. If a suitable connection cannot be made, the machine will be skipped and a log message will be written. This behavior can be modified:
- Allow prompt for network credentials during search (Settings\Locations\Remote\AllowPromptForCredentialDuringSearch): When enabled/set to "Ask at start of search" and a connection to the machine could be made but the specified privileges were insufficient, a dialog will appear allowing the user to provide alternate credentials.
- Authenticate Remote Machines during search (Settings\Locations\Remote\AuthenticateMachinesDuringSearch) : When enabled, specifies that connections should not be made at the start of the search but rather sequentially as each machine is searched.
When searching remote machines, the client will enumerate all of the available drives on the remote machine and attempt to search them all (using the administrative root shares to each drive). This behavior can be modified:
- To prevent the searching of specific folders on all remote machines, add those folders to the Custom Folder list. Then enable the setting, "Apply Custom Folder list excludes on to all machines" (Settings\Locations\Remote\ApplyCustomFolderListExclusions).
- To prevent the searching of the system root location (as defined by the administrative system share) on all remote machines, enable the setting, "Exclude SystemRoot locations on all machines" (Settings\Locations\Remote\SkipSystemRoot).
- To search only specific folders on a remote machine, add the machine to the Remote Machine list but only enable "Specify authentication credentials" and provide a valid username and password. Via policy, select the mode "Auth Only." Then add the specific folders to the Custom Folder list via unc paths.
How to search a Remote Machine when the search is initiated from the Console:
In the Policy on the left side select Search Locations>Remote Machine to configure the remote machine connection:
If in the Client you had configured it as a Custom Folder then you would configure the remote machine to authenticate only.
If you do configure it using Custom Folders then you would also need to put the folder path in the Custom Folders on the Search Locations in the Policy also.
You would also need to configure the following setting to be either Custom or Remote Machine. If you are using the Custom Folder method then you would configure it to be Custom. If you are authenticating and searching the remote machine then you would configure it to be Remote:
By default the results of a remote machine search will be shown in an endpoint named as the remote machine that was searched. This behavior can be changed to show the results on the Source Endpoint which is the endpoint that performed the search. This can be configured with the following Policy setting: