Enterprise Software

Automate data classification with new features in Windows Server 2008 R2

In Windows Server 2008 R2 Microsoft has added some new automating features to file classification. The File Classification Infrastructure makes it possible to automatically assign classification information to files on file servers and apply policy to them based on that information.

Microsoft has added many features to Windows Server 2008 R2, and once you install the roles and features to add these modular goodies to your implementation, there are many impressive new things you can do. In this post, I am going to look at a new feature that works for Windows Server 2008 R2 File Servers called File Classification Infrastructure.

To use the classification features, you will need to install the File Server Role and the File Server Resource Manager feature(s) associated with it. To install the File Server Role, complete the following steps:

  1. Open the Server Manager.
  2. Scroll down to section 3, Customize This Server.
  3. Click Add Roles to add server roles.
  4. Select the File Services Role and complete the roles wizard.

Once the needed roles are installed, the File Server Resource Manager (FSRM) console can be launched by selecting it from the Administrative Tools group or by entering fsrm.msc in the search box on the Start menu.

Why classify data?

Classifying data can help make data more accessible (or less accessible) to the users in your environment who need it. For example, suppose the Human Resources department created a folder on the file server within their department called Litigation. In this folder they place files that are needed for any litigation the company is associated with. The permissions on the folder are configured so that HR employees can edit the contents of the folder and add documents. Senior management can read the documents in the litigation folder, and the HR manager can remove documents that are no longer needed.

The question is, how is it determined that a document is no longer needed and how do we apply these criteria to existing files in such a way that minimizes user interaction with them? The new classification feature in Windows Server 2008 R2 makes it possible to automatically assign classification information to files on file servers and apply policy to them based on that information.

Classification in Windows Server 2008 R2 consists of several elements: properties, rules, and a policy segment including reporting and file management. Properties are the fields that you wish to assign a value for, and the rules are the criteria that set these values. There are other methods of classification available as well, including applications and scripts. More detailed examination of the methods of configuring the File Classification Infrastructure will follow in a future post.

For the above example, a rule would be used to label a set of files in the Litigation folder. Adding a label such as Litigation-Case Number X (where X is the number of the case) can allow easy organization of files for each litigation case. When the classification rule is run against the specified folder, all files meeting the rule conditions would be classified with an appropriate label. You could use an expiration date here, but doing that might require reclassification of files if the expiration of a set of files is changed, which can take unnecessary time; using a label as a classification property is the recommended practice.

To expire files, consider moving the files that meet a set of conditions, perhaps the last modified date greater than 30 days, to a different folder that an administrator can manually clean up at his or her leisure. Or you can create another rule, using a script, that can purge on a schedule, configured by the choice of the administrator or IT staff.

In a future post, I will dig into the creation of these properties and policies further to provide a hands-on look at how granular the settings can be. This post is intended to be a high-level overview of the new feature.


Derek Schauland has been tinkering with Windows systems since 1997. He has supported Windows NT 4, worked phone support for an ISP, and is currently the IT Manager for a manufacturing company in Wisconsin.

Editor's Picks

Free Newsletters, In your Inbox