You may automatically save scheduled task searches in idf format, which will require a password and will be saved as an Spirion Results file, which would then be able to be opened in the Spirion Client and remediation performed on the results from within the Client. You may also save results as CSV or HTML files however it is recommended to save as an idf file so it will be password protected and can only be opened from within the Client.
To automatically save a scheduled task search results in idf format, it is required to configure the Settings\ScheduledTask\SaveKey setting. This does require the creation of a password hash at one endpoint computer. This key will then work on all endpoints.
In the Console there are settings that allow users to auto-save encrypted .idf results files to the local or network storage locations. In order to configure the auto-save, encrypted password hashes are required to be input into the Console policy settings. Specifically, the settings affected are:
To obtain an encrypted password hash, follow these steps:
- Launch the Spirion client on any Windows system. Note: If the client is connected to the console and the SaveKey setting is defined in a System Policy applied to the endpoint, this process will fail and must be performed on a different endpoint.
- Create or log into a Spirion Client profile. It is necessary to use a Profile to ensure that the necessary values will be written to the registry. When the Guest profile is used, the registry will not be updated.
- Open the Settings dialog by clicking on the Configuration tab (A) and choose the Settings (B)button.
- Select the Scheduling (C) page.
- Check the Schedule a search (D)checkbox.
- Check the Automatically save results securely with a password (E) checkbox, and for the File Location put in C:\temp.idf For this process it does not matter what location you enter as it will not be used for this process. This process is just to generate the password hash you will copy into a Policy on the Console.
- In the Enter Password and Confirm Password boxes enter the password you wish to use.
- Click Apply (F)to save your settings.
- A dialog box will come up to schedule a task with the Windows operating system. The dialog requires a valid Windows account and credentials. By default the currently logged on Windows username will be in the Enter User Name field. For the Enter Password and Confirm Password dialogs put in your Windows password associated with the provided Windows user account. Once the credentials are entered, click OK.
- You will then receive the following popup dialog. Select Yes
- If when you select Yes you receive the following warning message it is because your Windows user name you entered is not correct. If that error occurs then ensure your user name is correct and that your password is the one you use to log into your machine.
- Minimize the Spirion Client and open up regedit (Start -> Run, type regedit and hit enter or click OK).
- In regedit navigate to the following key: HKEY_CURRENT_USER\Software\Identity Finder\Client\Settings\ScheduledTask
- Double click on the SaveKey value name on the right and in the Value data field, copy out the text.
- Open up and log in to the Console and navigate to Policy Management -> [Policy Name] -> Settings -> Settings -> ScheduledTask -> SaveKey
- Double click on the SaveKey and paste the value from step 12 into the data field, then click OK.
- The Console Policy now contains the same password you typed into the Spirion Client settings dialog.
- Close regedit by hitting Cancel on the SaveKey edit dialog, then choose the menu File -> Exit.
- Open up the Settings dialog in the Spirion Client and navigate to the Scheduling page, uncheck the Schedule a search checkbox and click OK to save settings.
- Exit the Spirion Client by clicking the X in the upper right hand corner of the main window.
The steps above can be repeated for the SaveKey2 value as well.
In a policy, the settings section Settings\ScheduledTask has several settings to configure an automatic saving of a scheduled task search results.
The following settings are the minimum that are required to be configured, to automatically save a scheduled task search results file (an .idf file) with a password:
If you are automatically saving results to a networked share, the task would need to be run as the local logged on user, where the local Windows user has permissions to the share where you are saving the results.