Compliance Guardian Installation and Administration User Guide
Contents
1. System String System String e ee d TestDefiniti ACR TectNefiniti Figure 79 The key and value for cookie information For SharePoint Metadata information the Key should be Metadata however the Value object should be another Dictionary lt string string gt instance which uses the SharePoint column name as the key and uses the SharePoint column value as the value Notes For SharePoint build in columns the key should end with O 0 The indicator 0 0 tells the scan engine that the column is a SharePoint build in column which will be ignored by the scan engine during the scanning progress ct gt metagata YE CCE resource resx metadata Count 1 IO ad CCF resource zh CN ER 0 _ Metadata System Collections Generic Dictionary 2 System String System String A Key Q Metadata Value Count 20 Kei JER DocAveStandard snk g E d FileEntry cs e 0 Name d FilterUtility cs e 1 Title d HimlExtractText cs e 2 TDFColumn Customized Column yc HtmiScanner cs Key 2 TDFColumr d IContentComplianceC 2 Value d IContentScanner cs HE a Non Public members IScanEngine cs GY 5 reated By z ce iti DI Modified Customized Column E A mare enges B a 8 Modified By Ss yG MetadataScanner cs e 9 Copy Source OfficeUtility cs e DO Checked Out To2. hast 231 Compliance Guardian Installation and Administration User Guide Scheduled Classification Scanner for Social Network The Social Network Mode allows you to configure connection with a social network Currently Compliance Guardian only supports scanning content in Yammer Compliance Guardian allows users to scan content according to a predefined scan policy and then take action on that content Launching Scheduled Classification Scanner Social Network Mode On the Scheduled Classification Scanner Home interface select Create on the ribbon a drop down list appears Select Social Network from the drop down list to enter the Scheduled Classification Social Network Mode to scan content in Yammer Configuring Connections to Yammer For more information refer to Configuring Connections to Yammer Performing a Scheduled Classification Scanner Plan in Wizard Mode To configure a Scheduled Classification Scanner plan using Wizard Mode complete the following steps 1 From the Scope panel on the left select a connection 2 Select Plan Builder from the Plan Management group on the ribbon select Wizard Mode from the drop down menu or you can directly select Start with Wizard Mode on the landing page 3 Enter a Plan Name for the plan and an optional Description 4 Select Next on the ribbon or on the lower right section of the screen The User Scope screen appears Define the following options e Add users Sele
3. Configure C Export Settings Export R Requests Close X Compliance Scanner for Lync Page Functionality Name and Hot Key Complian P Create C Lync L Lync tab H ce Plan Builder P Wizard M Back B Scanner Mode Next N Finish R ae 279 Compliance Guardian Installation and Administration User Guide 280 Finish and Run Now Cancel Form Mode Save Save and Run Now Cancel olol gt l o Configure Archiving Create Lync L Save Cancel Save and Run Now View Details Edit Delete Enable Disable Run Now Job Monitor plo lmi wic Close Scan Policy Create View Details Edit Delete Export Close Filter Policy Create View Details Edit Delete Close x o m lt iz xigjo m lt O Compliance Guardian Installation and Administration User Guide Database D Create C Manager View Details V Edit E Delete D Close X Account A Groups G Add Group AG Manager Edit Group E Show Users S Delete Group D Permission Level P Authentication AM Manager Close X Users U Add User AU Edit User E Delete User DU Activate AC Deactivate DA Permis
4. Information Bar Help Figure 7 Choose how to allow the pop ups 38 F D e e DE Compliance Guardian Installation and Administration User Guide You can now log into Compliance Guardian from Internet Explorer Logging In to Compliance Guardian The Compliance Guardian GUI can be launched from Web browsers within the same network as the Compliance Guardian Manager Refer to Accessing the Compliance Guardian GUI for the supported Web browsers Connect to the interface using the IP hostname for the Compliance Guardian Manager Control Service as well as the Control Service Port if it was changed 1 Open an Internet Explorer window and enter https lt machine gt 14100 where lt machine gt is the hostname or IP address of the machine running the Compliance Guardian Control Service If the default port number has been changed from 14100 enter the new port number Note If the hostname of the machine running the Compliance Guardian Control Service contains the underline _ use the IP address of the corresponding machine to access Compliance Guardian The Compliance Guardian login screen pops up Select Local System from the Log on to drop down list and enter the default login account information e Login ID admin e Password admin Select Login Note When you log on to Compliance Guardian for the first time it is strongly recommended that you back up the Compliance Guardian security keys for protection For mor
5. Note An asterisk in the user interface indicates a mandatory field or step 1 Enter a Plan Name and an optional Description if desired Select Next The Report Settings page appears 2 Configure the report settings e Database Policy Select a database policy from the drop down list to store the result data of the Compliance Scanner job If you want to set up a new database policy select 174 e on Compliance Guardian Installation and Administration User Guide the New Database Policy link in the drop down list Refer to Configuring Database Policy for more information e Report Group Select a Compliance Guardian group from the drop down list Once a group is specified as the Report Group all of the users in the specified group will be able to view and download the reports in the Compliance Report module Multiple groups can be specified here choose Select All to select all of the listed groups Select Next The Scan Settings page appears 3 Configure the scan settings e Scan Policy Select a scan policy from the drop down list and it will be used to scan the contents in the specified scope Only one scan policy can be selected here e Maximum Scanned Rows Enter the maximum number of table rows that will be scanned e Alert If you want Compliance Guardian to send an e mail when an error occurs during the scan then select an e mail profile to specify the users who will receive the e mail
6. Note Tags can only be added into the following file types DOCX XLSX PPTX HTM HTML PDF and ASPX If you define to add tags in the file in the check but the file type is not one of the above file types select OK and the tags will not be added e If you select Cancel the current tag names and tag values will not be added Note If you do not have the Manage Lists or Edit Items permission to the corresponding site you can only view the scanned results the OK button will be greyed out Refer to the following steps to use Compliance Guardian Tag Assist Manager in SharePoint 2010 1 Navigate to the corresponding SharePoint site where the content you want to scan is gt Site Settings gt Site features and activate the Compliance Guardian Tag Assist Manager feature Note At a minimum to use the Compliance Guardian Tag Assist Manager feature in a site the user must have the following required six site permissions assigned hast 237 Compliance Guardian Installation and Administration User Guide 2 238 e Manage Lists e Edit Items e View Items e View Application Pages e View Pages e Open Select the corresponding document library in Quick Launch Bar and then select the Documents tab The button Compliance Guardian Tag Assist Manager appears in the Compliance Guardian Tool group on the ribbon Check the checkbox in front of the file that you want to scan Select Compliance Guardian Tag Assist Manag
7. Select Preview to review the users that meet the configured condition in the Preview window Select Save to save the changes and close the Add users window The posts of the users that meet the configured condition will be scanned e Import file with specified users Select the radio button to import a file along with the added users You can select Download Template and save the template file Edit the template file to add the users and then select Import to import the file 5 Select Next on the ribbon or on the lower right section of the screen The Scan Settings screen appears 6 Configure the following scan settings e Scan Policy Select a scan policy from the drop down list or create a new scan policy e Scan File Note Versions Select to scan the current version or all of the versions of the file or note e Action Policy Select an action policy from the drop down list or create a new action policy 7 Select Next on the ribbon or on the lower right section of the screen The Schedule screen appears 8 Select a scheduling option e No schedule Select this option if you do not want to add a schedule and run the job manually e Configure the schedule myself Configure a customized schedule Select Add Schedule and the Add Schedule window pops up Configure the following settings for the schedule o Options Select the type of the scan for this plan Full Scan or Incremental Scan Full Scan will s
8. Specify a compare type for this length compare The attributes for CompareType are GreaterThan LessThan GreaterOrEqualThan LessOrEqualThan Equal and NotEqual e hast 293 Compliance Guardian Installation and Administration User Guide o Characters Specify the number of the characters used for the compare Select the delete button 4 to delete this check rule Select Add Another Length to add another rule TextCompare This element is optional Select the checkbox before this element and the following attributes appear o CompareType Specify a compare type The attributes for CompareType are MustContain MustNotContain MustEqual MustNotEqual MustMatch and MustNotMatch o Separator Specify a separator if multiple values are specified o CaseSensitive Specify if the attribute values being tested for must match the case exactly o Value Define one or more values for the test use the separator specified before to separate the values Select the delete button 4 to delete this check rule Select Add Another TextCompare to add another rule WordsRepeat This element is optional Select the checkbox before this element the following attribute appears o Number Define the number of times that words can repeat in the attribute value before the test fails Select Add Another Attribute to add another Attributes check rule ElementContent If you want to configure the ElementContent
9. e Action Policy Select an action policy from the drop down list or create a new action policy to define the actions to the content that will be scanned out For more information on working with action policies refer to Configuring Action Policies e Alert Specify whether to send out an alert e mail when an error occurs during the process of scanning a file or when a tag fails to be added to a file If you choose to send out alert e mails when an error occurs configure the recipients by selecting the corresponding checkboxes You must select a default e mail template before select the recipients Select the New Notification Template link to create a new template o Creator e mail template Select this checkbox to send an alert e mail to the creator of the specified file If this option is selected you must select an e mail template from the corresponding drop down list If you do not select an e mail template Compliance Guardian will use the default e mail template o Modifier e mail template Select this checkbox to send an alert e mail to the last modifier of the specified file If this option is selected you must select an e mail template from the corresponding drop down list If you do not select an e mail template Compliance Guardian will use the default e mail template o User in the selected notification file Select this checkbox to send an alert e mail to the recipients configured in the selected alert notificati
10. e Failover Database Server Specify a failover database server In the event that the specified report database collapses the data stored in the report database can be transferred to this standby database Alternatively you can configure the authentication in Advanced settings by entering a connection string instead of configuring the settings Select Advanced the Connection String section appears Check the Edit Connection String directly checkbox to activate this feature and then enter the connection string according to the example listed in the left pane Select Save to finish and save the configuration or select Cancel to return to the Database page without saving any configurations Database Policy Database Policy allows you to apply report retention rule to the specified database A retention rule defines how to prune the reports stored in the database To access Database Policy settings in the Control Panel interface select Database Manager under the Common Settings heading The Database tab is the default one Select the Database Policy tab to launch the Database Policy page Select Close on the ribbon to close the Database Policy interface Managing Database Policy In Database Policy you can create view details edit or delete a database policy For more information about creating or editing a database policy refer to Configuring Database Policy hast 123 Compliance Guardian Installation and Administrati
11. 143 Compliance Guardian Installation and Administration User Guide After selecting some test suites if you want to clear the selection status select the Clear Selection link and then specify your desired test suites again You can also perform the following actions when selecting the test suites Sort Select the header row of each column to sort all of the values in the specified column according to the ascending descending order Search Filter the test suites and display them by the keyword you designate the keyword must be contained in a column value At the top right corner of the test suite viewing pane enter the keyword for the test suites you want to display You can select to Search all pages or Search current page Manage columns You can manage which columns are displayed in the list so that only the information you want to see will be shown Select the manage columns button then check the checkbox next to the column name to have that column shown in the list Hide the column Hover over a column name and then select the hide column button in the column name to hide the column To change the number of test suites displayed per page select the desired number from 5 8 10 15 default value 20 25 50 100 in the Show rows drop down menu at the lower right corner To go to the specified page enter the page number in the Go to of text box at the lower right corner and press Enter
12. 325 Compliance Guardian Installation and Administration User Guide 326 order to validate the result For more information on CustomCheck refer to Using CustomScan in Compliance Guardian This is optional Dictionary Configure the following attributes o Separator Specify a separator if multiple values are specified o Value Define one or more values for the test use the separator specified before to separate the values Select the delete button 4 to delete this Dictionary check rule Select Add Another Dictionary to add another rule Filter This is optional Select the checkbox before Filter the Text section and the Regex section appear o Text Select the checkbox before Text and configure the following attributes CaseSensitive Specify if the element being tested for must match the case exactly Separator Specify a separator if multiple values are specified Value Define one or more values for the test and use the separator specified before to separate the values If the scanned result that matches the specified regular expression exactly matches the value specified here this result will be filtered out Select Add Another Text to add another Text filter check rule Select the delete button 4 to delete this filter check rule o Regex Select the checkbox before Regex and configure the following attributes CaseSensitive Specify if the element being tested for m
13. Control Panel Job Monitor Figure 32 Job Monitor module launch window 3 Alternatively you can select Administration on the top left corner and select the Job Monitor tab on the appeared navigation bar to launch Control Panel ee f 249 Compliance Guardian Installation and Administration User Guide fi Report Y Administration v Welcome admin D A ma E z Compliance Scanner Classification Scanner Job Monitor Control Panel What do you want to do next HA Compliance Manager CH 9 Compliance Scanner Compliance Report Classification Manager Q Ca Classification Scanner Classification Report Seen KEE Aa System Manager z VW Control Panel Job Monitor Figure 33 Job Monitor tab on the navigation bar Understanding Job Monitor Job Monitor allows you to customize the way your jobs are displayed so you can more efficiently manage them The following two sections will cover the different viewing options Job Monitor Interface The interface in Job Monitor contains the following four areas 1 Tabs Switch between the Job Monitor and Scheduled Job Monitor interface 2 Ribbon Toolbar where you can customize the view perform actions on selected jobs and configure report location settings 3 Search Search tool for filtering the displayed jobs 4 Viewing pane List of jobs displayed according to the filters you configure 250 F e D e e Compli
14. Select MustContain or MustEqual for this attribute e ResultNA If the primary check in this check is not fulfilled the scan status will be the value you selected for the ResultNA attribute e Value Specify a scanned value for the primary check section e ME 313 Compliance Guardian Installation and Administration User Guide Secondary Configure the following attributes in this section Truelf Specify the condition when the check result is True If Found is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be True If NotFound is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be False SearchAll Specify whether or not to check the comments and scripts ListLocation Specify whether or not to record the instance s location in the Compliance Guardian database If Yes is selected in the drop down list under the ListLocation attribute then every location of the instance found will be recorded in the Compliance Guardian database If No is selected in the drop down list under the ListLocation attribute the check continues but the locations of the instances found will not be recorded in the database ListLocStatus Specify the status for the instance that is found The status will be recorded in the Compliance Guardian database Note that if the status set for T
15. Compliance Guardian Manager System Requirements Compliance Guardian Manager consists of one service called the Compliance Guardian Timer Service a control service You can either run it on the same server as your Compliance Guardian Agent or ona separate server For more information on Compliance Guardian Manager refer to Installing Compliance Guardian Manager While it is possible to have the Compliance Guardian Manager and Agent on a single server it is not recommended To maximize performance AvePoint recommends you install the Manager Service on one server and install only the necessary agents on the agent servers Refer to System Requirements for Control Service Installation for the system requirements of the Compliance Guardian Control Service System Requirements for Control Service Installation Rules Requirements Total Physical Memory Required 512MB or above Recommended 2GB Available Disk Space Required 1GB or above Net Framework Version NET Framework 3 5 SP1 or above excluding NET Framework 4 0 Operating System Net Framework The Windows features including WCF Edition Features Activation HTTP Activation and Non HTTP Windows Server 2008 Activation must be installed Windows Server 2008 R2 Net Tcp Port Sharing Net Tcp Port Sharing Service is started Windows 7 Service Windows Server 2012 Windows Process e Windows Process Activation Service is Windows Server 2012 R2 Activation Service star
16. Creating and Editing Authentication Profile To create a new authentication profile select Create in the Manage group of the Authentication Profile page To modify an authentication profile select the authentication profile and then select Edit on the ribbon In the Create Authentication Profile or Edit Authentication Profile interface configure the following settings e Name and Description Enter a name and an optional description for the profile e Authentication Method Select an authentication method Username and Password Only or Certificate o Username and Password If this method is selected then enter the specified username and password to access the website Compliance Guardian supports Basic Digest NTLM Negotiation Authentications hast 139 Compliance Guardian Installation and Administration User Guide Note If you configure the authentication profile for scanning Gmail content you must select Username and Password Only For details about creating a plan to scan Gmail content refer to Scanning Gmail o Certificate If this method is selected upload a certificate and then enter the username and password to access the website o Form based Authentication This method is used for scanning the website that can be logged in after submitting the form You are required to enter the following information after selecting Form Based Authentication Login URL Enter the form URL Username Cla
17. Enter a database name for the Control Service if the database does not exist it will be created in the provided MS SQL server e Database Credentials Select the credentials for this Control Service database O Windows Authentication the default option Use this method when you want the user identity to be confirmed by Windows The specified account must have permission to access the SQL Server machine where you want to create the Control Service Database SQL Authentication SQL server will confirm the user identity itself according to the specified account and password The specified account must have the following permission DB Owner of the existing Compliance Guardian Control Database or DB Creator of the newly created Compliance Guardian Control Database e Passphrase Settings Enter the passphrase you want to use for protecting Compliance Guardian Manager data e Advanced Database Settings You can choose to associate the Compliance Guardian Control database with a specific failover SQL server that is used in conjunction with SQL Server database mirroring Select Next 11 Set up the Advanced Configuration e SSL Certification Specify the method for encrypting information and providing authentication for Compliance Guardian O Select Next Built in Certificate Uses the certificate provided by Compliance Guardian No additional configuration is necessary User defined Certificate Ena
18. In Server Usage you can register a new farm agent or remove a previously registered farm agent Select Server Usage on the ribbon or the server number agent number in the Registered Servers Registered Agents column of the License Details area to enter the Server Usage interface Refer to the instructions below to configure the settings Select a SharePoint File System tab and then modify its registered farms or agents You can perform the following actions e Register a farm agent Select the farm or agent you want to register in the Unregistered Farms Unregistered Agents list and select Add gt gt The farm or agent will be moved to the Registered Farms Registered Agents list e Unregister a farm Select the farm or agent you want to unregister in the Registered Farms Registered Agents list and select lt lt Remove button The farm or agent will be moved to the Unregistered Farms Unregistered Agents list Note If the number of servers in the Registered Farms Registered Agents list reaches the number of servers agents for which the license you have purchased allows Compliance Guardian will not allow you to register more farms or agents and the exclamation point 9 will appear left of the SharePoint File System name Select OK to save the changes or select Cancel to cancel the operation You will then be redirected to the License Manager interface Update Manager Compliance Guardian Update Manager provides you with information
19. Select Windows User Group to utilize the user s Windows authentication credentials for this new user Configure the following settings to add a Windows user Enter the username of the user group you want to add into the Windows User Group Name field and then select the check names amp button to verify that the username you entered is valid The users groups that are in the same domain as the Compliance Guardian Control server can be added to Compliance Guardian Alternatively you can select the browse Cl button to search for the desired user group In the pop up window enter the value to search for in the Find text box and then select the find name 8 button Select the desired user and then select Add Select OK to add the users or select Cancel to close the window without adding the users Enter an optional description for future reference Note In order to log on Compliance Guardian using the added user the corresponding user must have the permission to access the machine where the Compliance Guardian Control Service is installed 84 S F ae e E Compliance Guardian Installation and Administration User Guide Set the permissions for this user by adding the user to a previously configured Compliance Guardian user group or manually configure the user s permission levels Select the Add user to group s option and then select the desired user group from the drop down menu The user will have all of the permis
20. e Compliance Guardian Agent Host Specify the current server s hostname IP address or fully qualified domain name FQDN e Compliance Guardian Agent Port The port specified here is used by the Manager or other Agents for communication The default port number is 14104 e Control Service Host The hostname or IP address of the machine where the Control Service is installed Note If you want to configure the connection with Yammer for scanning posts you must enter the hostname of the machine where the Control Service is installed For more information on configuring the connection refer to Configuring Connections to Yammer e Control Service Port This is the port used for communication with Control Service and should match the information provided during the Manager configuration The default port number is 14100 e SSL Certification Specify the SSL Certification used for the specified Compliance Guardian Manager Select Next 11 Set up the Agent Configuration e Agent Authentication Enter the Manager Passphrase specified when configuring the Compliance Guardian Manager installation If you forget the passphrase you can view it by navigating to Compliance Guardian gt Control Panel gt System Options gt Security Settings For more information refer to Viewing Security Information e Agent Account Specify the Agent Account under which the agent activities are performed For more information on t
21. e Enter A B in the Value field Save the check Run a Compliance Scanner job The test suite used in this job contains the check configured above Review the LinkValidation check test logic e See the TextCompare section since we have entered A B in the Value field in this check it means that the link that contains A or B will be tested So the link that contains A in the selected file 1 will be tested by this check e See the LinkValidation section and ListLoc section we have selected Valid for the ValidWhen attribute in the LinkValidation section and have selected Invalid for the Type attribute in ListLoc section so the location of the link will not be recorded in the Compliance Guardian database 337 Compliance Guardian Installation and Administration User Guide e See the ValidateBookmarks attribute in the LinkValidation section since we have selected True for the ValidateBookmarks attribute the check will check whether the bookmarks in the file 1 work If one of the bookmarks in the file does not work this check is False Although the check result in other field is True if the check result of ValidateBookmarks attribute field is False the check result of this check is False FileProperty Type Check The FileProperty check is a check type that test for the file properties it is specifically designed for use with the MobileOK standard The following section provides a general introduction about configuring attribute
22. e Inthe Regex section o Select Found in the drop down list under the Truelf attribute o Select Yes in the drop down list under the SearchAll attribute o Select Yes in the drop down list under the ListLocation attribute o Select Note in the drop down list under the ListLocStatus attribute o Select No in the drop down list under the CaseSensitive attribute o Enter the regular expression lt 4 b d 3 d 3 1 d 3 b in the Value field The Social Insurance Number can match the regular expression Save the check Run a Compliance Scanner job The test suite used in this job contains the check configured above Review the Dictionary Check test logic e For the CompareType attribute in FindText section if MustEqual is selected for this attribute then the content must be exactly equal to the value we specified in order to be found If MustContain is selected for this attribute the content will be found if the content contains the value we specified For example if the tested file contains the word Front end and we select MustEqual for the CompareType attribute with the 327 Compliance Guardian Installation and Administration User Guide value specified as end then the word Front end will not be found but if we select MustContain for the CompareType attribute the word Front end will be found e See the logic set in the FindText section the value that will be searched for in the file is server so the result
23. interface You can perform the following actions e Create Create a new connection For detailed information on creating a plan refer to Creating or Editing Connections e View Details View detailed settings of the selected connection e Edit Edit the settings of the selected connection For detailed information on editing a plan refer to Creating or Editing Connections e Delete Delete the selected connections Creating or Editing Connections Refer to the following steps to create or edit a connection 1 Select Create in the Manage group on the Configure Connection interface To modify a connection select the connection and then select Edit on the ribbon 2 Configure the following settings e Name and Description Enter a name and an optional description for the connection e Yammer Client ID Enter the Client ID and Client Secret Register an application in Yammer to get the Client ID and Client Secret Note When you register the application in Yammer for the Client ID and Client Secret you must enter the Compliance Guardian Manager URL as the Redirect URI The format is https hostname port number For example https JohnSP13 14100 The hostname in the URL must be same as the value entered in the Control Service Host field of the Communication Configuration step when you install Compliance Guardian Agent Refer to Installing Compliance Guardian Agent 204 F ae e Compliance Guardi
24. s topic The expression can also be used to search a user or group s properties The format is SYammer Users macro expression Properties Property Name or SYammer Groups macro expression Properties Property Name The Property Name can be Id Name Networkld FullName Description and Privacy FullName is specifically used for searching user s full name Description and Privacy are specifically used for searching group s description and privacy properties For example SYammer Users SYammer Current Creatorld Properties Department use this macro expression to search the current scanned post s creator ID and finally search the creator s department SYammer Groups S Yammer Current SendToGroup Properties Description use this macro expression to search the group to which the post is sent and finally search the group s description e Operator Select AND or OR as the logical relationship e Adda Compare Select Add a Compare to configure a compare condition Select the delete x button to delete a compare condition The added compare conditions in one Condition group are using the logical relationship selected in Operator Select Add a Condition to add another condition and then configure the condition Select the delete toy button after each Condition to delete the Condition 348 F D e e Compliance Guardian Installation and Administration User Guide Operator Conditions If multiple Condi
25. 2 Select the Compliance Report to launch its interface 3 Alternatively you can select Report on the top left corner and select the corresponding Report tab on the appeared navigation bar to launch Compliance Scanner f Report wv Administration v Compliance Manager gt Website What dg you want to do next AA Q i Compliance Manager Le Compliance Scanner Compliance Report A Classification Manager Classification Scanner Classification Report n gt s A N A System Manager Control Panel Job Monitor Figure 19 Compliance Guardian module launch window 178 F e a e Compliance Guardian Installation and Administration User Guide User Interface Overview The Compliance Report Dashboard interface appears after you select Compliance Report in the home page fi Report v Administration v Compliance Report Export to Screenshot Scan Policy Filter e High Priority Medium Priority Low Priority Passed Files 0 Se Data Table Report 0 luewe avepoint com B File Errors Report 0 View All l http Awww avepoint com B File Type Report 1 Failed Files 2 PDF Exception Report 0 View All Link Validation Report 0 B Page Title Report 0 Trend Report gt View All gt Violation Report Section 508 1194 22 1 _v3 2 0 0 17 56 67 1files Success Criteria 3 2 1 _v3 2 0 0 10 33 33 files Section 508 1194 22 k _v3 2 0 0 1
26. Compliance Guardian Installation and Administration User Guide 211 Select OK in the interface to save the changes or select Cancel to return to the Create Action Policy interface or Edit Action Policy interface without saving any changes After you finished configuring the Conditions settings select the right arrow P after Conditions in the Create or Edit Action Policy interface to review the configured settings Actions Select an action to handle the non compliant files which are found by performing the classification jobs Then select Add an action Repeat the above step to add multiple actions The actions then will be added If the Configure button appears after the added action you must select it to configure the settings for the action Select the delete cz button after an action to deselect to add this action You can change the order of the action configuration by selecting the textbox before the added action to determine the priority of the action For details of each action refer to Classification Actions Select the right arrow after Actions to review the configured settings Alert Specify whether to send out an alert e mail This is optional Select Configure The Configure interface appears Configure the following settings o Alerts Configure the alert settings If the action failed to execute Specify whether to send out an alert e mail when a file failed to be affected by the specified ac
27. Create Scan Policy or Edit Scan Policy interface configure the following settings e Name and Description Enter a name for this scan policy You can also enter an optional description to distinguish this scan policy from the others e Select the Test Suites Specify the test suites that you want to include in this scan policy There are two tabs in this field o Tagging The test suites used for content classification with a variety of related actions such as embedding metadata quarantining documents and reacting content are displayed under this tab o Redaction The test suites used for redacting the specified content in a file are displayed under this tab You can refer to the description of each test suite for the introduction of its usage To add more desired test suites select Test Suite Manager in the Settings group on the ribbon For more information on configuring the test suites refer to Test Suite Manager After selecting some test suites if you want to clear the selection status select the Clear Selection link and then specify your desired test suites again To change the number of test suites displayed per page select the desired number from the Show rows drop down menu in the lower right hand corner To sort the test suites select a column heading such as Test Suite or Description You can also perform the following actions when selecting the test suites o Search Filter the test suites to be displayed
28. Guardian Scanner for SharePoint and Classification Scanner for SharePoint File System Common File Types is used for Compliance Guardian Scanner for File System and Classification Scanner for File Systems Common Website Content is used for Compliance Guardian Scanner for Website configured in advance The default filter policies will be selected if no other filter policies are configured Configuring Filter Policies To create a new filter policy select Create on the ribbon In the Create Filter Policy interface configure the following settings 1 Name Enter a Name for the filter policy 2 Description Enter an optional Description for future reference 3 Type Select a filter policy type There are three kinds of filter policy types SharePoint File System Website and Lync e SharePoint This type of filter policy is used in Compliance Guardian Scanner for SharePoint and Classification Scanner for SharePoint If this type is selected then select specific objects or data within each SharePoint level from site collection down to attachment Each level has a unique set of rules that can be applied to enhance configurations e File System This type of filter policy is used in Compliance Guardian Scanner for File System and Classification Scanner for File System If this type is selected then select the level Each level has a unique set of rules that can be applied to enhance configurations e Website This type of
29. ListLocation attribute the check continues but the locations of the instances found will not be recorded in the database e ListLocStatus Specify the status for the instance that is found The status will be recorded in the Compliance Guardian database Note that if the status set for True Result or False Result is Failed in the Report Text step the value for the ListLocStatus attribute will be Fail and the value cannot be changed e MustRepeat Specify the amount of times the value that matches the regular expression must be found before considering the condition to be True When configuring the check if you do not enter a value for this attribute the value for this attribute will be considered 1 in the test e CustomCheck Enter a CustomCheck name for this attribute The CustomCheck is used to calculate check digit on the result of the regular expressions in order to validate the result For more information on CustomCheck refer to Using CustomScan in Compliance Guardian This attribute is optional e MaxDistanceToPrimary Specify the number of the characters The scan engine extracts text as the scanning contents In the contents if the characters between a primary check instance instance found in the primary check and the secondary check instance instance found in the secondary check are less than the number specified here the secondary check is Found e Filter This is optional Select the checkbox before Filte
30. Select Add Another TextCompare to add another rule ChildElement This section is optional Select the checkbox before this element the following attributes appear O O Name Specify the name of the child element that will be tested CaseSensitive Specify whether the element name being tested for must match the case exactly MustExist Specify whether or not the child element must exist If True is selected then the test will fail if there is No child element The following elements with specific attributes are within the optional ChildElement section ElementRepeat This section is optional Select the checkbox before this element the following attributes appear Alert Specify whether to check for repeating elements Value Specify the maximum times the element can repeat before the check is determined False Attributes This section is optional Select the checkbox before this element the following attributes appear Name Specify the attribute name that will be tested Compliance Guardian Installation and Administration User Guide CaseSensitive Specify if the attribute name being tested for must match the case exactly AllowNull Specify whether the attribute that has no value will be tested MustExist Specify whether or not the attribute has to exist If True is selected then the test will fail if the specified attribute does not exist The following
31. Set up the time to start the plan and Time Zone can be changed under the Start time Note that the start time cannot be earlier than the current time No end date Select this option to repeat running the plan until being stopped manually 226 S e ae e Compliance Guardian Installation and Administration User Guide End after specified occurrence s Select this option to stop the plan after specified occurrences that you configure in the text box End by Set up the time to end the recurrence of plans Select OK to save the settings After configuring the schedule for this replication job select Calendar View to view the job in a calendar view 10 Select Next on the ribbon or on the lower right section of the screen The Advanced screen appears 11 Configure the following advanced settings e Agent Group Select the agent group for the Scheduled Classification Scan Plan For more information on working with agent groups refer to Agent Groups e Notification Configure the e mail notification settings o Scan Result Select this to send an e mail notification to the specified users The e mail contains the information of the failed files and or passed files Scope Level Select a scope level The scan result will be reported based on each level in the e mail Report Level Select to have the failed files and passed files included in the e mail Receiver Configure the receiver Se
32. The Advanced screen appears 10 Configure the following advanced settings e Alert Send an alert e mail when an error occurs during the process of scanning content Select an e mail profile and an e mail template The alert e mail will be sent to the recipients configured in the selected alert notification profile e Notification Select a Notification Profile from the drop down menu Select View beside the drop down menu to view details of the Notification Profile or select New Notification Profile from the drop down menu For information on creating a notification profile refer to User Notification Settings 11 Select Next on the ribbon or on the lower right section of the screen The Overview screen appears 12 To make changes select Edit 13 Select Finish or Finish and Run Now on ribbon or on the lower right section of the screen The plan is now listed in Plan Manager If you select Finish and Run Now the Run Now interface pops up to allow you to choose Options e Full Scan Scans all of the content in the scope defined in the plan 234 e e Compliance Guardian Installation and Administration User Guide e Incremental Scan Scans the content that has been modified Add Delete and Modify since the last incremental or full scan job If you select Incremental Scan the Reference Time option is enabled o Reference Time Choose whether to replicate contents created or modified at a specified i
33. amp Scan Policy Filter Policy Action Policy Database Manager Job Monitor Close E ooo ili Plan Management Settings Statistics Commit Ci Not config you report location Config it by Report Configuration Scope Q v What is the Scheduled Classification Scanner 2 Scheduled Classification Scanner a Farm 10_1 11 71 SHAREPOINT_CONFIG_S Scan the content in the selected scope according to the user defined rules and define the User Profile Service actions to the scanned content F Web Applications a Farm SEARCH SHAREPOINT_CONFIG XUYAO E Eg xyups_1 iweb Applications gt fj Farm SEARCH SHAREPOINT_CONFIG P Farm WAREHOUSE MSSS_2012 SHAREPOINT_CON Mu Registered Sites Figure 27 User Profile Service node in Scheduled Classification Scanner Performing a Scheduled Classification Scanner Plan in Wizard Mode To configure a Scheduled Classification Scanner plan using Wizard Mode complete the following steps 1 Select the scope of the content you want to scan a From the Scope panel on the left select the farm that contains the relevant SharePoint content You can enter a keyword into the Search box above the farm tree to filter out the relevant SharePoint content b Select the relevant content from which you want to perform further operations by selecting the checkboxes to the left of the content 2 Select Plan Builder from the Plan Management group on the ribbon select Wizard Mode from t
34. and select an e mail template You can also select the New E mail Template link to create a new e mail template Refer to Configuring E mail Templates for more information Note Even though there may be more than one error when scanning a rowina database table the alert e mail will only be sent when the first error occurs Select Next The Schedule page appears 4 Configure the schedule settings e No schedule Select this option to run the plan immediately and save the plan in Plan Manager e Configure the schedule myself Select this option to configure a customized schedule and run the Compliance Scanner job by schedule Select Add Schedule to set up a schedule The Add Schedule window appears In the Options section select a scan type from the drop down list For more information refer to Scan Schedule o Full Scan Runa full scan of all of the content in the selected table Unlike incremental scan all full scans are independent of one another and do not have any dependencies on the other s scan results However because each of the full scans are comprehensive full scan jobs take the longest to complete of the two available options o Incremental Scan Run a fractional scan It scans only the updated content since the last successful full scan or incremental scan This kind of scan requires less storage than a full scan and it reduces the execution time of the scan job However it is important to note that for
35. and then select the checkbox next to the column name in the drop down list 3 Search Filter the content displayed by the keyword you designate the keyword must be contained in a column value At the top of the viewing pane enter the keyword for the permission level you want to display You can select to Search all pages or Search current page F a e 63 Compliance Guardian Installation and Administration User Guide _ i Note The search function is not case sensitive 4 Filter the column T Allows users to filter the information in the List View Click the filter the column button next to the column and then select the checkbox next to the column name 5 Hide the column Allows users to hide the selected column 6 Change the number of items displayed per page select the desired number from 5 8 10 15 20 25 50 100 in the Show rows drop down menu at the lower right corner 7 Enter the page number in the Go to of text box at the lower right corner and press Enter to go to the specified page 8 Select the gt button at the lower right corner to go to the next page select the lt button at the lower right corner to return to the previous page 64 F sn e e EH Compliance Guardian Installation and Administration User Guide Control Panel The Compliance Guardian Control Panel is the central interface for managing Compliance Guardian and how it interacts with your SharePoint environmen
36. are also supported to be scanned Launching Scheduled Classification Scanner SharePoint Mode On the Scheduled Classification Scanner Home interface select Create on the ribbon a drop down list appears Select SharePoint from the drop down list then you will be brought to the Scheduled Classification SharePoint Mode Scanning User Profiles Compliance Guardian supports scanning user properties and social notes in user profiles Compliance Guardian accesses the user profiles through the personal site Select the related personal site node in the farm tree to scan user properties in the corresponding user profile However if the personal site is not created you cannot scan the corresponding user profile since there is no personal site node in the tree Compliance Guardian Scheduled Classification Scanner provides a method to scan the user profile when the personal site is not created The User Profile Services node is loaded on the farm tree by changing the UserProfile Used false change the value false to true node in the ComplianceSetting config file Refer to Configuring to Scan User Profiles for details Then select the corresponding User Profile Service node and configure the related plan settings to scan the user properties and notes e Greg f 223 Compliance Guardian Installation and Administration User Guide tt Report v Administration v Classification Manager gt Scheduled Classification Scanner SharePoint e Y E amp M
37. can target content more precisely By setting up and saving filter policies you can apply the same filter policies to different plans without having to recreate them each time 136 e ae e Compliance Guardian Installation and Administration User Guide To access Filter Policy for Compliance Guardian in the Control Panel interface select Filter Policy under the Filter Policy heading Select Close on the ribbon to close the Filter Policy interface Managing Filter Policies In Filter Policy you can create a new filter policy view details about a filter policy edit a previously configured filter policy or delete a previously configured filter policy For more information about creating a filter policy refer to Configuring Filter Policies For more information about editing configurations for filter policy refer to Editing Filter Policies To view a filter policy for Compliance Guardian select it from the list of previously configured filter policies and then select View Details on the ribbon To delete a filter policy for Compliance Guardian select it from the list of previously configured filter policies and then select Delete on the ribbon A confirmation window will pop up and ask if you are sure you want to proceed with the deletion Select OK to delete the selected filter policy or select Cancel to return without deleting it Note There are three default filter policies Common File Types and Items is used for Compliance
38. configure the following settings in the appeared Configure interface e Change Permission Configure the following settings o SharePoint Group Name Enter a group name If the group does not exist it will be created o Group Permissions Specify permissions for the group Users in the group will have the specified permissions to the files or items that are not compliant Delete Files Items The scanned files or items that are not compliant will be deleted to the Site Collection Recycle Bin Encrypt The scanned files or items that are not compliant will be encrypted After you select Configure after the Encrypt action in the Create Action Policy or Edit Action Policy interface configure the following settings in the appeared Configure interface e Manage Encrypted Files or Items Configure the following settings o Select one or more groups from the Select the groups that have permission to manage the encrypted data in Compliance Guardian drop down list The users in the selected groups can view and manage the scanned files or items that are not compliant in Compliance Guardian gt Classification Report gt Incident Manager gt Encryption o Select New Group to create a new group in Control Panel For more information refer to Account Manager e Security Profile Select a security profile for encrypting the non compliant files or items Select New Security Profile to create a new security profile For more informat
39. e Value Specify the maximum times the element can repeat before the check is determined False TextCompare If you want to configure the TextCompare section select the checkbox before the element this section is optional e CompareType Specify a compare type The attributes for CompareType are MustContain MustNotContain MustEqual MustNotEqual MustMatch and MustNotMatch e Separator Specify a separator if multiple values are specified e CaseSensitive Specify if the element being tested for must match the case exactly e Value Define one or more values for the test use the separator specified before to separate the values Attributes If you want to configure the Attributes section select the checkbox before the element this section is optional e Name Specify attribute name that will be tested e CaseSensitive Specify if the attribute name being tested for must match the case exactly e AllowNull Specify whether the attribute that has no value will be tested e MustExist Specify whether or not the attribute has to exist If it is set to True then the test will fail if the specified attribute does not exist Select the delete button 4 to delete this check rule The following elements with specific attributes appear within the optional Attributes section e Length This element is optional Select the checkbox before this element and the following attributes appear o CompareType
40. is Tag Name the priority of the column being added tag is Metadata type column Choice type column and then single line of text type column If there is no column Managed Metadata type Choice type single line of text type column named Tag Name in SharePoint a single line of text type column named Tag Name will be created for adding the tag value o Inthe file The tags will be added in the file Compliance Guardian Installation and Administration User Guide o In both the Tag Name column and the file The tags will be added in both the file and SharePoint Note Tags can only be added into the following file types DOCX XLSX PPTX HTM HTML PDF and ASPX If you define to add tags in the file in the check but the file type is not one of the above file types select OK the tags will not be added e If you select Cancel the current tag names and tag values will not be added Note If you do not have the Manage Lists or Edit Items permission to the corresponding site you can only view the scanned results the OK button will be greyed out Using Compliance Guardian Quarantine Manager in SharePoint Compliance Guardian Quarantine Manager allows you to manage the quarantined files Ensure that SP2007 QuarantineManager wsp or SP2010QuarantineManager wsp or SP2013QuarantineManager wsp is deployed before using this feature For more information on deploying the solution refer to Solution Manager This feature is supported in Sh
41. social gt Figure 18 Filtering user profiles template file To edit the template file complete the following steps 1 Open the template file using Notepad 2 Edit or both of the following nodes as necessary e Edit the value of the lt includelist gt node Specify the username in the format domain username The related user profile will be scanned You can enter multiple usernames use the semicolon as the separator e Edit the value of the lt excludelist gt node Specify the username in the format domain username The related user profile will be scanned You can enter multiple usernames use the semicolon as the separator 3 Save the file Compliance Guardian Scanner for File System The File System Mode allows you to configure a connection with a location and then perform a scan job using the defined scan policy to generate the compliance scan results of all of the files within that specified location The users in the specified Report Group can then view the compliance scan results in the Compliance Report module 158 F e D e e Compliance Guardian Installation and Administration User Guide Launching Compliance Guardian Scanner File System Mode On the Compliance Guardian Scanner Home interface select Create on the ribbon A drop down list appears Select File System from the drop down list and you will be brought to the Compliance Guardian Scanner File System Mode Selecting the Scan Scope Afte
42. the result of the check group will be the selected value under the corresponding check result attribute o SubCheck Field Configure the following attributes for this element CheckName Select a check Refer to the following steps for selecting the check Select the text field under the CheckName attribute A pop up window appears Inthe pop up window select the radio button before the desired check and select OK Truelf Select which check results will be considered True in this check group For example if you just select a check and then select Pass and HR for the Truelf attribute When the result of the check is Pass or HR the check result in this check group is considered True When all of the checks results in this check group are True the result of this check group is considered True Ifyou have selected AND in the Type field When you add multiple checks in the SubCheck field one of the checks results in this test suite is False and the check with a False check result is not the last check you added in the SubCheck field the result of the checks added in the SubCheck field is NA If the check with a False check result is the last check you added in the SubCheck field then the result of the checks added in the SubCheck field is False If you have selected Or in the Type field When you add multiple checks in the SubCheck field one of the checks results in this test suite is
43. you will see a list of previously configured connections In the Configure Database Connection interface you can create a new connection view details about a connection edit a previously configured connection or delete a previously configured connection For information about creating or editing a connection review Creating and Editing Database Connections Select Edit on the ribbon to change the configurations for the selected connection For information about editing configurations for the connection review Creating and Editing Database Connections To view a connection select it from the list of previously configured connections and then select View Details on the ribbon To delete a connection select it from the list of previously configured connections and then select Delete on the ribbon A confirmation window will pop up and ask if you are sure you want to proceed with the deletion Select OK to delete the selected connection or select Cancel to return without deleting it 146 F e D e e Compliance Guardian Installation and Administration User Guide Creating and Editing Database Connections To create a new connection select Create in the Manage group on the Configure Database Connection page To modify a previously configured connection select the connection and then select Edit on the ribbon In the Create Connection or Edit Connection interface configure the following settings e Name and Description Enter a nam
44. 0 Status A Tdfld LA Figure 67 Scanned result 3 Scan Files Using MCC To scan files using MCC complete the following steps 1 Combine TDFs according to the MCC XML file lt xml version 1 0 encoding UTF 8 gt lt Copyright 2001 2013 AvePoint All Rights Reserved gt lt metadata definition file Created By User via USES positive test to define tag value gt lt Classification gt lt Name gt Classification lt Name gt lt Description gt Classification Control lt Description gt lt TagName overrideuser True placetags 2 tag Sensitivity gt lt AllowedTagValues gt lt TagValue priority 0 gt Low lt TagValue gt lt TagValue priority 1 gt Medium lt TagValue gt lt TagValue priority 2 gt High lt TagValue gt lt AllowedTagValues gt lt automated gt lt tdfidgroup gt lt tdfid refine true na Low false Low true Medium id Eric_7 gt lt tdfid refine false na Low false Low true High id Eric_8 gt lt tdfidgroup gt lt automated gt lt TagName gt lt Classification gt Figure 68 The MCC XML file 372 F D F e Compliance Guardian Installation and Administration User Guide The related TDFs lt xml version 1 0 encoding UTF 8 gt lt Copyright 2001 2012 AvePoint All Rights Reserved gt lt Tdf TdfID Eric_7 gt lt ReportText gt lt Name gt PHI Check lt Name gt lt PolicyURL gt http www avepoint
45. 1 10 This is optional According to the formulas selected in the RiskFormula section the check will have three risk levels after the scan job ContentType Select the content types that will be scanned If you do not select the content types all the file content types that are supported to be scanned in Compliance Guardian will be scanned Refer to the following steps for selecting the content types Select the text field under the ContentType attribute A pop up window appears Inthe pop up window select the checkbox before the desired content types and select OK Select the delete button 4 to delete the SubCheck check rule Select Add Another Check to add another rule DoRunCheck The specified checks will not run as a group they scan files separately Select the checkbox before the RunAsTestGroup element and then configure the following attributes e ME 353 Compliance Guardian Installation and Administration User Guide e CheckName Select a check Select the text field under the CheckName attribute A pop up window appears In the pop up window select the radio button before the desired check and select OK e DatabaseField This is the location in the Compliance Guardian database where the scan result data is stored Compliance Guardian will automatically specify the location for storing data e RunCheck If True is selected for this attribute when running a Compliance Guardian jo
46. 209 Configuring Scan Policies icc svccescesaccceceesseeeSesaceea vies seeseZeene deans ceeds Seted venseusie E KE daaar sauces cease 209 Configuring Filter Policies EEN 210 Configuring Action Policies for SharePoint ccecsesscceceeeceesecneaeeececesseseeaeaeceeecesseaaaeceeeesessseseeaeass 210 Configuring Action Policies for File System 210 Configuring Action Policies for Social Network 215 Configuring Connections for File System 218 SERIES Ee ee ee ee es 220 Launching Scheduled Classification Scanner ccccesssssssccecececeeseaeaeceeeceseeaaeaeceescesseeaaeaeeeeseesseseaaeess 220 HOME Page e EE 221 Sel Chine Ve 221 Managing Scheduled Classification Scanner Plans sssnnssssesssennesssseserennrsssseserennnssssrnerennnssssrseneene 221 Scheduled Classification Scanner for SharePoint 0 0 cseesseceeececeneeeeneeeeeeeeceeeeeesaeeneaaeseeeeesaeeeeaaeeeeaeeees 223 Launching Scheduled Classification Scanner SharePoint Mode 223 ac ea Tae Compliance Guardian Installation and Administration User Guide Scanning User toeerst Ender does Eege 223 Performing a Scheduled Classification Scanner Plan in Wizard Mode ssssssssesssesssseresssssserrrees 224 Performing a Scheduled Classification Scanner Plan in Form Mode ssssssesssssssssssrserrrssssesrrrrres 228 Scheduled Classification Scanner for File System 228 Launching Compliance Guardian Scanner File System Mode 229 Performing a Scheduled Classi
47. 3 33 1files Success Criteria 1 1 1 Images 1 3 33 1files Success Criteria 3 2 2 Forms 1 3 33 1 files Roll over the pie chart to view the data Trend Report gt View All gt Figure 20 Compliance Report Dashboard interface This interface shows the scan results of the selected plan This content is dynamic it will often change depending on what kind of report is selected You can select Report on the left corner of the page and then select the kind of report that you want to view on the appeared navigation bar af d F 179 Compliance Guardian Installation and Administration User Guide Classification Manager Classification Manager enables you to define a scan scope and then it performs a job to scan out the related contents according to the scan policy at last it will perform the specified actions to the contents scanned out Note Compliance Guardian supports scanning Microsoft Office files that are in a 2003 or earlier format using iFilter in this version If you are using an earlier version of Compliance Guardian or if you updated to Compliance Guardian 3 SP 3 from an earlier version you must download a compatibility pack and download an update pack to scan the Microsoft Office files can keep the file s accessibility attributes If you prefer to scan these files through installing the compatibility pack but not through iFilter you can install Microsoft Office Compatibility Pack for W
48. Agent Service Installation Generating the Installation Answer File for Compliance Guardian Agent The Answer file is an XML file which provides configuration information required for the unattended installation Before performing the unattended installation the Answer file must be generated using the Compliance Guardian 6 Setup Manager Navigate to the Unattendedinstall SetupManager folder inside the unzipped Manager installation package and double select SetupManager exe to run it You will be guided through the following steps 1 On the welcome screen select Next 2 Select Create a new answer file for Compliance Guardian Agent e Modify an existing answer file If you want to reuse an existing Answer file select Modify an existing answer file If this is selected the path field will be enabled Enter the full path of the answer file or select Browse to browse for an answer file For example C AnswerFile xml Note We recommend you create a generic Answer file so that it can be reused later with modification 3 Select Next 4 Carefully review the Compliance Guardian License Agreement After you have read the terms in the license agreement select on the check box to select accept the terms in the license agreement Select Next 5 Enter your name and the organization into the provided field Select Next to continue the configuration Select Back to go back to the previous interface 6 Set up the installation locat
49. Check s History Version Refer to the following steps to go to the View Checks interface which displays all of the checks of a selected test suite 1 Select a test suite version and then select the down arrow after the test suite A drop down list appears Or you can select View on the ribbon A drop down list appears 2 Select View Checks in Test Suite in the appeared drop down list The View Checks interface appears Or you can select Checks in Test Suite in the drop down list appeared on the ribbon The View Checks interface also appears In the View Checks interface select the radio button before a check and then select All Versions The View Versions interface appears You can also select the check in the View Checks interface to go to the All Versions interface In the All Versions interface all of the versions of a check are displayed To review a check version select the down arrow after the check version and then select View from the appeared drop down list Then you can save the check version for your reference Alternatively you can select a check version select View on the ribbon and then save the check version for your reference To delete a check version select the down arrow after the check version and then select Delete from the appeared drop down list Alternatively you can select a check version and then select Delete on the ribbon 132 S e ae e Compliance Guardian Installation and Admini
50. Configuring Allowed Location 134 Beleeg IB 135 Managing Export Locations 136 Configuring Export LOCGtIONS s224c2 cacgeevesseedeetached asntesatenacdenvonrtadhtatechenvasatedttddocbeevaeatedtredeckedvaoatdetsstes 136 ale le 136 Managing Filter Policies cscs vcccceeessesieccctecccds ccgendeccedade de added ARE EAEE dee 137 Configuring Filter Policies ccccccccccccsssesssseceeececessessuaececeescessesaeaeeececeseeseuaeaeeseesesessauaeaeesesesesessnaees 137 Editing lge EE 138 Website Scanner Setuines creczecsccclice ssc cices nesneden aeaaeae e ee a eE EREE eE aR eira 139 Configuring Authentication Profile ccccccccccecsssssssececececesseneaeceeecescesesaeaeeeeesesseseeaeeeeeesesesesesaees 139 Configuring User Agent Profile 140 Compliance EE TEE 142 e Ree e E 143 CONFIBUNING Scan POM CIOS sceecciss 2csseceeeessdsaaaesueoneeenis iazceseaeedegsn taabsaloveteesedeaesandeueeesianseisi AE REEE 143 Configuring Filter Policies sinreteno e EREE E Ae dee deed ee 144 Configuring Database e 144 Configuring the Account Manager 144 Configuring Connections for File System 145 Configuring Connections for Database c cccccccssssssssecececscsssecseaecececesseseaaeaeeeeecesseseaaeaeeeeseessesnaaeeas 146 ent Eet TE 148 Launching Compliance Scanner 220c cazecevestececcckacg cass z scutes oBcevas NEEN ERAN 148 HOME Page OvervieW is caserie e enes een a a aa ees dee ee gEeg delice 150 Selecting UE 150 Managing Complianc
51. Configuring Attributes for LinkValidation Type Check Configure the attributes for the LinkValidation type check according to the instructions in the following sections LinkValidation Configure the following attributes under this element e ValidWhen This is used to indicate if the result is valid when the condition is one of two values True or False e Truelf There are two values for this attribute All and One If One is selected the scan will stop when one instance is found to save scan time If All is selected the scan will only stop when all instances are found e ResultNA Specify a result when no link is found If TrueResult is selected then if no link is found the True result will be returned If FalseResult is selected then if no link is found the False result will be returned If NAResult is selected then if no link is found e Gd 335 Compliance Guardian Installation and Administration User Guide ListLoc the status of the tested file will be Not Applicable which will be displayed in the Compliance Guardian report In other words you have the option to set the result to Not Applicable if none of the links are found ValidateBookmarks Select True or False for this attribute If True is selected the check will check whether the bookmarks work If False is selected the check will not check the bookmarks GetAllowCallHead Select True or False for this attribute If True is selected
52. Control Service so it is imperative that the machine you install the control service on is accessible by all agent machines Select Next 8 Compliance Guardian will perform a brief pre scan of the environment to ensure that all rules meet the requirements The status for each rule will be listed in the Status column Select the hyperlink of the status and the detailed information about the scan result will be listed in the pop up window You may select Details to view the detailed information of all of the requirements If any rules have failed the pre scan update your environment to meet the requirements and then select the Rescan button to check your environment again Once all the rules pass select Next 9 Set up the Control Service Configuration e Control Service Address Specify the current machine s hostname or IP address The Control Service manages internal configuration data user access control scheduling and job monitoring e IIS Website Settings Configure the IIS website settings for the Control Service You can select to use an existing IIS website or create a new IIS website The IIS website is used to access Compliance Guardian Manager o Use an existing IIS website Select an existing IIS website from the drop down list and if necessary you can adjust the Website Port used to access the Compliance Guardian Control Service o Create a new IIS website Enter the website name and create a new IIS we
53. Database Policy link in the drop down list Refer to Configuring Database Policy for more information e Report Group Select a Compliance Guardian group from the drop down list Once a group is specified as the Report Group all of the users in the specified group will be able to view and download the reports in the Compliance Report module Multiple groups can be specified here choose Select All to select all of the listed groups ze 159 Compliance Guardian Installation and Administration User Guide Select Next The Scan Settings page appears 3 Configure the scan files settings e Scan Policy Select a scan policy from the drop down list and it will be used to scan the contents in the specified scope Only one scan policy can be selected here e Scan Hidden Files Option Select whether or not to scan the hidden files in the specified file system e Filter Policy Specify a filter policy to filter the contents that will be scanned By default the default filter policy is used and all of the types of documents items supported by Compliance Guardian are included in this default filter policy If you want to set up a new filter policy select the New Filter Policy link in the drop down list Refer to Configuring Filter Policies for more information e Alert If you want Compliance Guardian to send an e mail when an error occurs during the file scan then select an e mail profile to specify the users who will rec
54. Element gt lt Tdf gt Figure 56 Related TDF 508 office a 1 xml 368 F D e e Compliance Guardian Installation and Administration User Guide lt xml version 1 0 encoding UTF 8 gt lt Copyright 2001 2012 AvePoint All Rights Reserved gt lt Tdf TdfID 508_office_17 gt lt ReportText gt lt Name gt J Page numbering codes must be used for multiple pages lt Name gt lt PolicyURL gt http www avepoint com support ComplianceGuardian TestSuites officeaccessibility html lt PolicyURL gt lt Description gt Page numbering codes must be used as opposed to manually typed page numbers lt Description gt lt True result Pass gt Automated Page numbering codes used lt True gt lt False result HR gt Did not find page numbers lt False gt lt ReportText gt lt Element ValidWhen True Truelf All ResultNA NAResult CaseSensitive No Name word gt lt ListLoc Status Warn Type Invalid gt lt Attributes gt lt Attribute CaseSensitive No Name ContainsPageNumber MustExist Yes AllowNull No gt lt TextCompare CaseSensitive No Separator CompareType MustContain gt true lt TextCompare gt lt Attribute gt lt Attributes gt lt Element gt lt Tdf gt Figure 57 Related TDF 508 office j xml With all CCC XML files and TDFs available by using the GetC3sDefinition method in ContentComplianceCollectionDefinitionUtility class the required argument string xml r
55. F e D e e Ell Compliance Guardian Installation and Administration User Guide 2 Select the Certificate Error button next to the address bar Compliance Starting Windows Internet Explorer go e E htips demo 14100 index htm 9 Certificate Error Figure 3 Certificate Error button 3 Select View certificates in the pop up The Certificate window appears x x Untrusted Certificate The security certificate presented by this website was notissued by a trusted certificate authority This problem might indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage About certificate errors View certificates Figure 4 View certificates link 4 Select the Install Certificate button to install the Compliance Guardian certificate The name of this certificate is the same as the hostname of the server that has Compliance Guardian Control Service installed r Certificate General Details Certification Path BR Certificate Information This CA Root certificate is not trusted To enable trust install this certificate in the Trusted Root Certification Authorities store Issued to Compliance Guardian Issued by Compliance Guardian Validfrom 1 1 2000 to 1 1 2036 Install Certificate Issuer Statement Learn more about certificates Cx Figure 5 Install Certificate bu
56. File System Search properties of a file in file system The format of the Source is File Properties Property Name The Property Name can be Name Created Time Modified Time Type Size or Owner o Website Properties Search website properties The format of the Source is SPSite Properties Property Name The Property Name can be Content Type Size URL Modified Time Host Domain or Title o AD Properties Search the AD properties The format of the Source is SAD Users User Display Name Properties Property Name User Display ee p 347 Compliance Guardian Installation and Administration User Guide Name is the AD user s display name Property Name is the AD user s properties like Department Company etc o File Properties Search a SharePoint file website content or file system file s own properties The format of the Source is Doc Properties Property Name Property Name is the file s own properties o Yammer Search properties in Yammer The format of the Source is SYammer Current Property Name This is used to search the current scanned content properties The Property Name can be Creatorlid Search the post s creator ID CreateTime Search the post s created time Privacy The value can be Public or Private SendToGroup Search the ID of the group to which the post is sent MessageType The value can be Message File or Note Topics Search the post
57. Filter policies are defined in Control Panel Note The filter policy still takes effect on scanning the recorded results in the transaction file Follow Robot Exclusion Protocol Select whether or not to follow Robot Exclusion Protocol By default the checkbox is selected which means that Compliance Guardian will not crawl any link that is forbidden to access in Robot txt Allow crawling redirections Maximum Redirections allowed Select whether or not to allow crawling redirections If you want to allow crawling redirections specify the maximum redirections allowed for one page By default the checkbox is selected and the default maximum allowed redirections are 10 In the What policy do you want to use for scanning this website field Select a Predefined Scan Policy Specify a scan policy for scanning the defined site Select View beside the drop down list to view details of the scan policy or select New Scan Policy from the drop down list For information on creating a scan policy refer to Creating or Editing Scan Policies In the How do you want to scan this website field User Agent Select the saved user agent profile to specify the user agent for the backend web server when scanning the website A pre defined user agent profile can be used directly Select New User Agent to create a new user agent profile Authentication Method Select the Authentication Profile used to connect to the website Maxi
58. Guardian to send an e mail when an error occurs during the file scan then select an e mail profile to specify the users who will receive the e mail and select an e mail template You can also select the New E mail Template link to create a new e mail template For more information refer to the Configuring E mail Templates section in this user guide Note Even though there may be more than one error when scanning a file the alert e mail will only be sent when the first error occurs Action Policy Select an action policy from the drop down list or create a new action policy to define the actions to the content that will be scanned out For more information on working with action policies refer to Managing Action Policies Select Next on the ribbon or on the lower right section of the screen The Schedule screen appears 229 Compliance Guardian Installation and Administration User Guide 8 Select a scheduling option e No schedule Select this option to configure the job to not run on a schedule the job must be manually initiated e Configure the schedule myself Configure a customized schedule and run the plan by schedule Select Add Schedule and the Add Schedule window pops up Configure the following settings for the schedule o Options Select the type of the scan for this plan Full Scan or Incremental Scan Full Scan scans all of the content in the scope defined in the plan while Incremental Scan only
59. MCC_yhli Scheduled Classification Scanner for ShareF 2013 12 05 16 45 57 E Encrypt_FS redact_aaa Scheduled Classification Scanner for File Sy 2013 12 05 13 15 22 E mark test b mark scan 2 Scheduled Classification Scanner for ShareF 2013 12 04 17 45 23 E mark test a mark scan 2 Scheduled Classification Scanner for ShareF 2013 12 04 17 35 49 ET leo_fs_qua scan_example Scheduled Classification Scanner for File Sy 2013 11 29 17 24 41 E leo_fs_enrypt scan_example Scheduled Classification Scanner for File Sy 2013 11 29 16 42 51 xy_ol_encrypt xy_find_aaa_scanpolicy Scheduled Classification Scanner for ShareF 2013 11 29 16 30 42 EI re ou None Scheduled Classification Scanner for File Sy 2013 11 29 11 15 21 E scan policy redact_aaa Scheduled Classification Scanner for ShareF 2013 11 29 10 53 35 sp_actioninfo None Scheduled Classification Scanner for ShareF 2013 11 27 15 07 00 o of 13 selected Show rows 15 Goto 1 of1 Figure 25 Launching Scheduled Classification Scanner 220 e Se e Compliance Guardian Installation and Administration User Guide Home Page Overview The Compliance Scanner home page displays a list of all of your previously created Scheduled Classification Scanner plans Also you can select Create to select the Scheduled Classification Scanner Mode SharePoint or File System and then create a plan ft Report Y Administration v Classification Manager gt Scheduled Classification Scanner Scheduled Classification Scan
60. Monitor on the ribbon For more information about Job Monitor refer to Job Monitor Note A Report Location must be configured in Job Monitor before you can use the Log Manager when Compliance Guardian Control Service High Availability is used To access Log Manager for Compliance Guardian go to the Control Panel interface and then select Log Manager under the Log Manager heading Select Close on the ribbon to close the Log Manager interface Configuring Log Settings To configure the log settings go to the Log Manager interface and then select Log Settings on the ribbon You can configure the log settings for the following services by selecting either the Control Service or Agent tab In each of the tabs you will see the name of the service For each service the following options can be configured e Log Level Logs could be configured to generate on each of the following levels o Information default Logs of this level record the basic information of Compliance Guardian such as the jobs that you have run the operations you have performed and important processes of jobs Information level logs also contain all of the logs from warning and error levels o Debug Logs of this level record the detailed information related to the internal operations such as the communication between Compliance Guardian Manager and Compliance Guardian Agent the operations in the database the output message of the data Logs of this l
61. Perform a Compliance Guardian Scanner Plan for Lync cceseesesseeeeeeeees 172 Compliance Guardian Scanner for Database s nssssssssesrrsessssrrenrnsnssesrrernnsssssrrennnssssesrnennnssnseeneenn 174 Launching Compliance Guardian Scanner in Database Mode ssessssssesssseserenrnsssseserennnssesesereene 174 Selecting the SCAN SCOP EE 174 Using Plan Builder to Perform a Compliance Guardian Scanner Plan for Database 174 Compliance REPOS wai Aegfee eet geen chs de desst E denge eet g eegent guef geess 178 G ttinge Started napase eege 178 Launching Compliance Report sice decssseseectedes cccadsnsecnbeuice deeida ia diaeta ai da eaaa aeaa aTi 178 User Interface Overvlew EEN 179 Classification Manager anderen EE 180 Real Time Classification Scanner ccecscecesececeeeeeeseeceeeceseeeeesaeceeaaeseaeeenaeeesaaeseeaaessaeesaaeeeeaaeseneaeeaes 181 Pre Confi guration c lt c scseesacetacdessssdedenacgdevexsvctes a a a eE a eae aee ae aaeoa ie eae aa Eis 181 Configuring Scan Policies ccccccccccecessessnsececececesseaaaeseceescessesaeaecececesecseuaeaeeeeecessesauaeaeesesssesessaaeass 181 Configuring Filter POlICIES wis iscstcticed ces o sek Stegen foloeeccd ugereegt I 183 Configuring Action PoliChes cscscisccecccecevexesseedenecuedaxessesedencceQivussedeet cecddcdasasdddeteaeudguasnantee ege een 183 Configuring Action Policies for Social Network 192 Getting Started eegene eege eege egee uerge 195 Compl
62. Risk Formula then will be created Test Suite Attributes e Tag Specify the name of the metadata element that will be created e PlaceTags Define where the tag will be placed There are four values for this attribute o O Do not add tag o 1 Add the tag to the file only o 2 Add the tag to the file and SharePoint or Yammer o 3 Add the tag to SharePoint or Yammer only e OverrideUser If the specified metadata already exists select whether or not to override the original metadata e OverrideCG If the value of OverrideUser is Yes the OverrideCG attribute will not take effect If the value of OverrideUser is No the OverrideCG attribute will take effect If the value of OverrideCG is True the tag value of this scan will be used to do the corresponding Classification action If the value of OverrideCG is False the original file s tag value will be used to do the corresponding Classification action In this case there are the following conditions o If there is one original tag value in the file or in SharePoint the value is used to do the Classification action o If there are two original values one is in file one is in SharePoint the one that will be used to do the action depends on the priority we specified for the AllowedTagValues attribute in this test suite If the two original values are also specified for the AllowedTagValues attribute of this test suite the one that will be used to do the action depends o
63. Scan File Item Versions Specify the method for scanning file item versions o Scan the current version Only the current versions of the files items defined in the job scope are supported to be scanned The files items that are not compliant will be treated according to actions defined in the action policy o Scan all versions The files items and all their previous versions defined in the job scope are supported to be scanned If the current version of a scanned file item or one of its previous versions is not compliant the entire file item the current version of the file item along with its previous versions will be treated according to actions defined in the action policy e Alert Specify whether to send out an alert e mail when an error occurs during the process of scanning a file or when a tag fails to be added to a file If you choose to send out alert e mails when an error occurs configure the recipients by selecting the corresponding checkboxes You must select a default e mail template before select the recipients Select the New Notification Template link to create a new template o Creator e mail template Select this checkbox to send an alert e mail to the creator of the specified file If this option is selected you must select an e mail template from the corresponding drop down list If you do not select an e mail template Compliance Guardian will use the default e mail template o Modifier e mail template
64. Scheduled Classification Scanner gt Create gt File System and select Configure Connections on the ribbon to enter the Configure Connection interface Managing Connections In the Configure Connection interface you will see a list of connections 218 S F D e e Compliance Guardian Installation and Administration User Guide In the Configure Connection interface you can create a new connection view details about a connection edit a previously configured connection or delete a previously configured connection For more information about creating or editing a connection refer to Creating and Editing Connections Select Edit on the ribbon to change the configurations for the selected connection For more information about editing configurations for the connection refer to Configuring Action Policies for Social Network To view a connection select it from the list of previously configured connections and then select View Details on the ribbon To delete a connection select it from the list of previously configured connections and then select Delete on the ribbon A confirmation window will pop up and ask if you are sure you want to proceed with the deletion Select OK to delete the selected connection or select Cancel to return without deleting it Creating and Editing Connections To create a new connection select Create in the Manage group of the Configure Connection page To modify a previously configured connection select
65. Select the desired column for Au 251 Compliance Guardian Installation and Administration User Guide this view by checking the checkbox next to its name in the drop down menu Select OK to save your choices or select Cancel to close the drop down menu without saving your choices e Calendar View Displays your jobs in a calendar You can configure Calendar View to display in Day Week or Month format by selecting the respective button in the upper right hand corner To see detailed information about a job place your mouse cursor over its time slot You can also configure the Time Zone in this toolbar by specifying one of the options below to display in the job information e Default Displays the time zone of the machine where the control service is installed In the Scheduled Job Monitor tab the default time zone is based on the time zone configured for each schedule e Local Displays the time zone that the Internet Explorer IE browser used to access Compliance Guardian By default the time zone of the job information is set to Default Note In Calendar View the time zone is set to Local and cannot be altered To change the time zone select the drop down menu and select Local The Filter Toolbar This toolbar allows you to filter the jobs listed in the viewing pane by Date Range or Module e Date Range Allows you to limit the jobs displayed by specifying a time frame e Module Allows y
66. Settings Configure the frequency for this schedule by entering a positive integer in 104 the text box If you want to set up a more specific schedule check the Advanced checkbox more options will appear depending on the Type you have selected in step 1 e If you selected By hour select one of the following options and configure its settings o Specify production time From to Specify the production time it will run the job pruning in the specified production time frame Note All pruning jobs that started within this time frame will finish even if the end time is reached o Select time below Specify the time you want to run the job pruning To add several time points select Add e lf you select By week configure the following settings o Run every _ week s Enter the frequency in terms of weeks in the text box o On__ Specify the days of the week to run the job pruning on e If you select By month select one of the following options and configure its settings o Onday__of__ Select the day of the specific months to run the pruning jobs For example if you select On day 3 of January and July the pruning jobs will run on the third of January and July o Day of every month s Select the day of the month and frequency to run the pruning jobs on For example if you select Day 3 of every 3 month s the pruning jobs will run every three months on the third of the month o The of ever mont
67. SharePoint site The formats of the Source can be SPWeb Properties Property Name The Property Name can be URL Title Modified Time Created Time Primary Administrator Template Name Template Id or the custom properties of the site SPWeb Redirect Relative Redirected URL Props Property Name Relative Redirected URL means the site s corresponding Web application s relative URL Compliance Guardian will search the properties of the redirected URL The Property Name can be URL Title Modified Time Created Time Primary Administrator Template Name Template Id or the custom properties of the site SPWebParent Properties Property Name Compliance Guardian will scan the item s corresponding site s properties as well as the parent sites properties For example There is a site collection Site Collection A The top level site of Site Collection A contains the site properties P1 there are two sites Site 1 and Site 2 under Site Collection A Site 1 contains the site properties P2 Site 2 contains the site properties P3 The scanned item is in Site 1 If Compliance Guardian is required to search site property P3 Site 1 and Site 1 s parent Site Collection A contains P2 and P1 but do not contain P3 In this case P3 is not found SPlItem Search properties of an item The format of the Source is SPitem Fields Field Name Field Name is the item s column names o Properties of Files in
68. The Dictionary type check groups FindText check and RegularExpression check in one check and take the AND operation on the search result The dictionary settings enable end users to define multiple checking in each FindText or RegularExpression section The following section provides a general introduction about configuring attributes for this type of check as well as a test example for you to understand the test logic Configuring Attributes for Dictionary Type Check Configure the attributes for the Dictionary type check according to the instructions in the following sections Dictionary Configure the following attribute e BreaklifFound Select Yes or No for this attribute If Yes is selected the scan will stop when one instance is found to save scan time If No is selected the scan will only stop when all instances are found FindText This section is optional Configure the following attributes e Select the checkbox before FindText the following attributes appear o Truelf Specify the condition when the check result is True If Found is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be True If NotFound is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be False o SearchAll Specify whether or not to check the comments and scripts o Usttocation Specify whether or
69. To go to the next page select the gt button at the lower right corner to return to the previous page select the lt button at the lower right corner After you are satisfied with the configuration of the scan policy select OK to save this scan policy If you do not want to save the current configuration select Cancel to cancel the configuration Configuring Filter Policies For more information refer to Filter Policy Configuring Database Policies For more information refer to Database Manager Configuring the Account Manager For more information refer to Account Manager 144 Compliance Guardian Installation and Administration User Guide Configuring Connections for File System A connection is used in the Compliance Guardian Scanner File System Mode Configure a connection with the file system then the files in the connected file system are supported to be scanned in Compliance Guardian Navigate to Compliance Scanner gt Create gt File System and select Configure Connection on the ribbon to enter the Configure Connection interface Managing Connections In the Configure Connection interface you will see a list of previously configured connections In the Configure Connection interface you can create a new connection view details about a connection edit a previously configured connection or delete a previously configured connection For information about creating or editing a connection review Creati
70. True and the check with a 352 e D e Compliance Guardian Installation and Administration User Guide True check result is not the last check you added in the SubCheck field the result of the checks added in the SubCheck field is NA If the check with a True check result is the last check you added in the SubCheck field the result of the checks added in the SubCheck field is True RunCheck If True is selected for this attribute when running a Compliance Guardian job using the test suite the files will be scanned according to the rule set in this check If False is selected for this attribute the corresponding check will not be used to scan the files RiskLevel r1 The Item Initial Risk value assigned on the initial occurrence of the compliance failure related to the check being tested for in the document or stream Allowed values for RiskLevel r1 are 1 10 RiskLevel r2 The Item Additional Risk Level factor that the risk level grows at for every additional failure at the check level for the same type found in the document or stream This number is optional where the integer 1 means ignore the value allowing to use the third value If the value is 1 then the factor will be 1 Allowed values are 1 to 10 This is optional RiskLevel r3 The Item risk in relation to other checks This Item is optional If this number is missing then it is assumed that its value is 1 Allowed values are
71. Truelf Specify the condition when the check result is True If Found is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be True If NotFound is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be False e ListLocation Specify whether or not to record the instance s location in the Compliance Guardian database If Yes is selected in the drop down list under the ListLocation attribute then every location of the instance found will be recorded in the Compliance Guardian database If No is selected in the drop down list under the ListLocation attribute the check continues but the locations of the instances found will not be recorded in the database hast 319 Compliance Guardian Installation and Administration User Guide e ListLocStatus Specify the status for the instance that is found The status will be recorded in the Compliance Guardian database Note that if the status set for True Result or False Result is Failed in the Report Text step the value for the ListLocStatus attribute will be Fail and the value cannot be changed e MustRepeat Specify the amount of times the value that matches the regular expression must be found before considering the condition to be True When configuring the check if you do not enter a value for this attribute the value for this attribu
72. User Guide o Failover database server Optionally select this checkbox and specify a failover database server In the event that the specified database collapses the data stored in the database can be transferred to this standby database e Agent Group Select a production Agent group from the drop down list to execute the jobs An Agent group can utilize multiple Agents for loading balancing and performance improvement After you are satisfied with the configuration of the connection select OK to save this connection If you do not want to save the current configuration select Cancel to cancel the configuration Compliance Scanner Compliance Scanner enables you to perform a scan job using the defined scan policy and generate the compliance scan results of all of the scanned files The users in the specified Report Group can then view the compliance scan results in the Compliance Report module Refer to the following sections for important information on getting started with Compliance Scanner Launching Compliance Scanner To launch Compliance Scanner complete the following steps 1 Log into Compliance Guardian If you are already in the software select the home page button ah go to the home page From the home page all of the products are displayed 2 Select Compliance Scanner to launch its interface 3 Alternatively you can select Administration on the top left corner and select the Compliance Scanner tab on the appeared
73. XML string e string url The original URL of the file that will be scanned e string filePath The physical storage path of the file that will be scanned e Dictionary lt string object gt metadata A dictionary which holds the scanned file s related metadata information e ME 8 367 Compliance Guardian Installation and Administration User Guide Usage Example Refer to the following examples to understand how to scan files using CCC the configuration file of TDF collection used for the Compliance Scanner and MCC the configuration file of TDF collection used for the Classification Scanner Scan Files Using CCC To combine files using CCC complete the following steps 1 Combine TDFs according to the CCC XML file lt xml version 1 0 encoding UTF 8 gt lt Copyright 2001 2012 AvePoint All Rights Reserv lt CCC IsAccessibility true gt lt Name gt Accessibility Validation for Office Documents 508 and WCAG lt Name gt lt Description gt Accessibility Validation for Office Documents lt Description gt lt TDFs gt lt DoRunTDF RiskLevel 3 RunCheck True DatabaseField TDFResult2 tdfID 508_office_1 gt lt DoRunTDF RiskLevel 3 RunCheck True DatabaseField TDFResult3 tdfID 508_office_17 gt lt TDFs gt lt CCC gt Figure 55 The CCC XML file lt ReportText gt lt Name gt A 1 All image objects require alternate text lt Name gt lt PolicyURL gt http www av
74. adecveuasesheds cadeedenaseeuueteed es 113 Exporting Auditor Data Report 114 Self e TE 114 Managing Self Checker Profiles 115 Managing Rules in a Self Checker Profile sssnennnssssnsssennnssssssnrenrnssssesrrennnssssesnneennssssenenennnsssseseneenn 118 Exporting Self Checker Report 119 Solution EE TEE 119 Managing Solutions 119 SOIWUtOM Descriptio BEE 121 R NNEN 122 Databasg uneegnen 122 REI El 123 Test Suite Manage tic ege eene SEENEN EE deen de 124 Background INfOnMmatiOniviisccseccczcesisesecetevcs decsaseseecbedes aaa deaa aea ia da eiea da aaa aeaa aE 124 WEE TER EI 125 Creating a New Gheck or Test Suite cece sssce Eden 125 Uploading Checks and Test Suites undeet eseeen Seege tide evident ove aa ees 127 Downloading a Test Suite sorciers ineeie aee ege Eege egen 128 Viewing Details about a Test Suite 128 Editing a Previously Configured Check or Test Suite ccccccccccccssssssssececeeecesseseaeseceeecssssssaeaeeeeeens 128 Deleting a Test Suite 2 cscs ccaseccs SEENEN eege ed ege e 130 Risk FOr Ula ss eege eged gees EE EEGEN 130 Viewing a Test Suite s or Check s Version History cccccccccccssssssssececececsssesseaececeesesesessaeeeeseeseesseaees 132 Compliance Guardian Installation and Administration User Guide SS Report CONPMBUFACION ssc gege EEN Eed Eer 133 Managing Report gg LTC 133 Configuring Report Settings siisii neee na a ieda a eie a E ie a veseseuee ARENS 133 Allowed MET E 134
75. all of the folders and configuration files generated by the Compliance Guardian Manager installation Note The Logs folder will not be removed whether you select the Remove configuration file option or not 5 Select Remove to start the Manager uninstallation process If the application pool created by Compliance Guardian Manager installation is still useful it will not be deleted during the Manager uninstallation If the application pool created by Compliance Guardian Manager installation is not used by any other applications it will be deleted during the Manager uninstallation Note The Manager uninstallation will not delete the Manager databases 6 Select Finish to complete the uninstallation 44 F e D e e C Compliance Guardian Installation and Administration User Guide Uninstalling Compliance Guardian Agent In order to uninstall Compliance Guardian Agent please ensure there are no current jobs running on the agent To uninstall Compliance Guardian Agent complete the following steps Note Once the uninstallation is in progress it cannot be cancelled and the uninstallation interface cannot be closed 1 Open the Start Menu in Windows on the Compliance Guardian Agent server and navigate to All Programs gt AvePoint Compliance Guardian 2 Open the Compliance Guardian Agent Tools folder and then select Agent Uninstall 3 Select the Remove option and then select Next 4 Inready to Remove Compliance Guardia
76. also an option to remove all of the users that are associated with the selected Active Directories from Compliance Guardian to do so check the Remove all users associated with the selected domain s checkbox Select OK to confirm the deletion or select Cancel to return to the AD Integration interface without deleting the selected Active Directories e Enable Select Enable to allow the use of credentials from the corresponding Active Directory to access Compliance Guardian hase 75 Compliance Guardian Installation and Administration User Guide EE e Disable Select Disable to not allow the use of credentials from the corresponding Active Directory to access Compliance Guardian This option is useful during the maintenance of the Domain Controller machine You can disable the integration with the domain to be maintained and enable the integration again after the maintenance After one Active Directory has been integrated with Compliance Guardian it will be shown in the Domain text box after you select AD Integration in the Log on to drop down list of the Compliance Guardian login page If a domain has father domain sub domain or trust domain when a user from these domains has been added to Compliance Guardian the corresponding domain will also be added into Compliance Guardian and you will be able to view this domain in Compliance Guardian login page Configuring ADFS Integration To leverage Active Directory Federation Servi
77. and Administration User Guide Using Detailed Risk Report Analysis Tool Compliance Guardian supports exports of detailed risk report information of all the files in a site collection level Compliance Guardian Scanner for SharePoint job Note The DocAve Auditor database must be connected so as to get the related auditing information Generating the Report To generate the report complete the following steps 1 Go to the machine with Compliance Guardian Agent installed and open the AvePoint Compliance Guardian Agent bin directory to find the CCR RiskReportTool exe config file 2 Open the CCR RiskReportTool exe config and configure the following attributes lt appSettings gt lt add key DBName value CCR20130626134715019767_000_ db gt lt add key ExcelLocation value C gt lt add key FileShowCount value 10 gt lt add key FileAuditDetai lount value 25 gt lt appSettings gt Figure 40 Attributes for generating the report e Database Name Specify the database file name as the value of the DBName attribute To get the database file name go to the report location and find the request s corresponding TXT file the name of the TXT file is the Request ID _ the Request Name Open the TXT file You will find all the plans contained in this request The database file name follows the corresponding plan Then go back to the report location basing on the database file name in the TXT file you will find
78. be generated under the specified path The files whose similarity is equal to or greater than the specified threshold will be grouped in one row in the CSV file F QvePoint Conpliance Guardian Agent bindCCE FingerPrintingTool exe o reportcluster G Similarity Test DataNnatrix csv t 96 output G Similarity Test t2 csv matrix Data repor Start analyzing the similarity and generating report Please go to G SimilarityNlIest Data report2 csv to view the report Figure 52 Using the o reportcluster command oe 271 Compliance Guardian Installation and Administration User Guide Appendix A Accessing Hot Key Mode In order to work faster and improve your productivity Compliance Guardian supports hot key mode for you to perform corresponding actions quickly using your keyboard To access hot key mode in the Compliance Guardian interface press Ctrl Alt Z on your keyboard The following table provides a list of hot keys for the top level Each time you want to go back to the top level after accessing the lower level interface press Ctrl Alt Z Operation Interface Hot Key Compliance Guardian 1 Report 2 Administration 3 User admin 4 Help and About Information 5 Compliance Guardian Official Website 6 Compliance Scanner Page The following table provides a list of hot keys for the functionalities on the ribbon of the Compliance Scanner page Functionality Name an
79. by the keyword you designate The keyword must be contained in a column value At the top of the viewing pane enter the keyword for the action policy you want to display You can select Search all pages or Search current page to define the search scope Search all pages means that the test suites in all of the pages whose names or descriptions contain the keywords will be displayed while Search current page means that only the test suites in the current page whose names or descriptions contain the keywords will be displayed Note The search function is not case sensitive 182 e D e e Compliance Guardian Installation and Administration User Guide o Manage columns Manage which columns are displayed in the list so that only information you want to see is shown Select the manage columns button and then check the checkbox next to the column name to have that column shown in the list o Hide the column Hover over a column name and then select the hide column button of the column you want to hide and the column will be hidden After you are satisfied with the configuration of the scan policy select OK to save this scan policy If you do not want to save the current configuration select Cancel to cancel the configuration Configuring Filter Policies For more information refer to Filter Policy Configuring Action Policies Action policies allow you to define the actions to be performed on the scanned
80. can be recorded e See the SecondaryElement section because we have set Yes for the MustNext attribute the node lt img src http www google com 1 jpeg alt this is a test test img gt in file A will be checked the node lt img src http www google com 2 jpeg alt this is a test img gt will not be checked o See the Attributes section under SecondaryElement we have specified 2 in the Number field under the WordsRepeat attribute the value in the node lt img src http www google com 1 jpeg alt this is a test test img gt contains two repeated words test so the check for Attributes is False o See the attributes under Element True has been selected in the drop down list under ValidWhen but the check result of this check is False so the result for ValidWhen field is Invalid o See the ListLoc section the result for ValidWhen is Invalid so the check status is Warn and this check status will be recorded in the Compliance Guardian database users cannot see the status in the Compliance Guardian GUI e For this type of check if there are nothing temporarily recorded in the EnhancedElement check section the SecondaryElement check will not start and the check result of this check will be True If there are something that are recorded in the EnhancedElement check section the SecondaryElement check will start If there are something recorded based on the SecondaryElement check the result of this check will be False O
81. com lt PolicyURL gt lt Description gt No Personal Health Information should be visible lt Description gt lt True result HR gt PHI found lt True gt lt False result Pass gt PHI not found lt False gt lt ReportText gt lt FindText SearchAll True CaseSensitive No ListLocStatus Warn ListLoc No Truelf Found gt HAV lt FindText gt lt Tdf gt Figure 69 HAV xml lt xml version 1 0 encoding UTF 8 gt lt Copyright 2001 2012 AvePoint All Rights Reserved gt lt Tdf TdfID Eric_8 gt lt ReportText gt lt Name gt PHI Check lt Name gt lt PolicyURL gt http www avepoint com lt PolicyURL gt lt Description gt No Personal Health Information should be visible lt Description gt lt True result HR gt PHI found lt True gt lt False result Pass gt PHI not found lt False gt lt ReportText gt lt FindText SearchAll True CaseSensitive No ListLocStatus Warn ListLoc No Truelf Found gt HIV lt FindText gt lt Tdf gt Figure 70 HIV xml With all MCC and TDF XMLs available by using the GetMCCDefinition method in ContentComplianceCollectionDefinitionUtility class the required argument string xml required by ScanEngine Scan can be returned string mccContent File ReadAllText C ScanEngine Test MetadataDefinition xml List lt string gt list new List lt string gt list Add File ReadAllText C ScanEgine Test HAV xml list Add File ReadAllText C Scan
82. connect to the Oracle database but the Change Data Capture publisher is another user for example user2 you must run the following command to grant the user1 the SELECT permission to the captured table or the result of querying the table will not return GRANT SELECT ON publisher user name captured table name to the user used to connect to the Oracle database For example GRANT SELECT ON user2 table1 to user2 e hast 395 Compliance Guardian Installation and Administration User Guide Limitation of Scanning SQL Server There are some limitation when scanning SQL server in Compliance Guardian The table must include primary key or unique index to be scanned in Compliance Guardian 396 The column whose type is CLR is not supported If the table contains multiple unique indexes and also contains the primary key the key has the priority to be picked up to identify the table row if the table does not have key Compliance Guardian will select the index whose size is the smallest one to identify the table row If you want to perform the incremental scan job Change Data Capture must be enabled For details about how to enable Change Data Capture refer to http msdn microsoft com en us library cc627369 aspx for details about the performance details after enabling Change Data Capture refer to technet microsoft com en us library dd266396 28v SQL 100 29 aspx for details about the increase of the disk
83. define the actions to the scanned contents in the specified file system To configure the action policies navigate to Scheduled Classification Scanner gt Create gt File System Under the File System tab select Action Policy on the ribbon to go to the Action Policy interface Managing Action Policies For more information about how to manage action policies refer to Managing Action Policies in the Real Time Classification Scanner section of this guide 210 F e D e e Compliance Guardian Installation and Administration User Guide Creating and Editing Action Policies To create a new action policy select Create on the ribbon of the Action Policy interface To modify a previously configured action policy select the action policy and then select Edit on the ribbon of the Action Policy interface In the Create Action Policy interface or Edit Action Policy interface enter a Name for the action policy and enter an optional Description for future reference Then configure the Set up the action rules section e Conditions Configure the action policy filter rules Select Configure The Configure interface appears Configure the following settings as necessary O Select a category select Add an Action Level Group to add a new rule of the specified category level Configure the following fields for the rule Rule Select the new rule you want to create from the drop down list Condition Select the condition fo
84. displays a list of all of your previously configured nodes with Real Time Classification Scanner rules applied You can also select Create to select the Real Time Classification Scanner Mode to SharePoint or Social Network and then create rules Report v Administration v Classification Manager gt Real Time Classification Scanner Scheduled Classification Scanner Real Time Classification Scanner Create Manage G Search all pages Search current page Fe D CC Source Mode Scan Policy Action Policy Filter Policy Modified Time EI SharePoint http win qev65pf198h emily find 2014 11 04 09 45 46 SharePoint https ccqa sharepoint com sites communit qjj mcc qij_move_changepermission 2014 11 03 15 39 08 SharePoint https ccqa sharepoint com sites Document qjjmccrcc qjj_move_redact 2014 11 03 16 22 17 E SharePoint https ccqa sharepoint com sites htao 01 wwww EncryptAndQuarantine_All 2014 11 04 09 06 36 SharePoint https ccqa sharepoint com sites htao Doc Emily Alert only 2014 11 03 15 58 55 E SharePoint https ccqa sharepoint com sites lyz01 List lyz mec2 lyz mec2 change and encrypt 2014 11 04 09 57 31 E SharePoint https ccqa sharepoint com sites lyz01 Sha lyz mcc2 lyz mcc2 change and encrypt 2014 11 04 09 53 04 SharePoint https ccqa sharepoint com sites Pis emily find emily encrypt filter site 2014 11 03 17 03 05 IT SharePoint https ccqa sharepoint com sites Pis Lists F emily find Lock 2014 11 03 17 37 15 SharePoin
85. e mail to the recipients configured in the selected alert notification profile If this option is selected you must select an alert notification profile from the drop down list Select OK to save the changes or select Cancel to exit the Configure interface without any changes ME 191 Compliance Guardian Installation and Administration User Guide Configuring Action Policies for Social Network Compliance Guardian allows you to take action on scanned contents in Yammer To configure the action policies navigate to Real Time Classification Scanner gt Create gt Social Network Under the Social Network tab select Action Policy on the ribbon to go to the Action Policy interface Managing Action Policies In the Action Policy interface you can change the number of action policies displayed per page and the order in which they are displayed You can perform the following actions e Create Select Create on the ribbon to create a new action policy For information about creating a new action policy refer to Creating and Editing Action Policies e View Select View on the ribbon and you will see the settings for the selected action policy Here you can also select Edit on the ribbon to make changes to the action policy s settings e Edit Select Edit on the ribbon to change the configurations for the selected action policy For information about editing configurations for an action policy refer to Creating and E
86. each incremental scan the latest full scan job in the full scan cycle must be available If the incremental scan is based ona former incremental scan job the former incremental scan must also be available hast 175 Compliance Guardian Installation and Administration User Guide If selecting Incremental Scan the Reference Time option is enabled Reference Time Choose whether to scan content generated or modified at a specified interval If you choose to use a reference time specify the time to scan contents generated or modified Enter an integer into the textbox and select Minute s Hour s Day s or Month s from the drop down list Note It is recommended that you specify a reference time when the recurrence schedule configured in Range of Recurrence is End after 1 occurrence After configuring the schedule for the Compliance Scanner plan select Calendar View to view the scheduled jobs by Day Week or Month All of the schedules will be displayed in the Summary table Select X to delete a schedule Select Next The Advanced page appears 5 Configure the advanced settings e Notification Configure the e mail notification settings Select a previously configured notification profile from the Select a profile with address only drop down list or choose to create a new e mail notification profile by selecting the New Notification Profile link Select View to view the detailed configuration of the selected no
87. element in the file the corresponding linked file s size the size of the data attribute s value in the object element in the file the corresponding image s size If the size is not in the range we specified in the Size section of this check this check result of this section will be False If the result of the Filter check or Size check is False the check result of this check is False If the check result of this check is False see the ValidWhen attribute in the FileProperty section We have selected Valid so the result of this attribute is Invalid In the ListLoc section the result for ValidWhen is Invalid so the check status will be Warn and this check status will be recorded in the Compliance Guardian database Users cannot see the status in the Compliance Guardian GUI According to the settings in False Result and Message in the Report Text step the returning status is User Review Required which will be displayed in the Compliance Guardian report Redaction Type Check The Redaction check is used to redact the specified content in a file Configuring Attributes for Redaction Type Check Configure the attributes for the Redaction type check according to the instructions in the following sections Redaction Configure the following attributes under this element FindText RedactType Select a value for this attribute Delete or Replace If Delete is selected the found instance will be deleted directly durin
88. elements with specific attributes are within the optional Attributes section o Length This section is optional Select the checkbox before this element the following attributes appear CompareType Specify a compare type for this length compare The attributes for CompareType are GreaterThan LessThan GreaterOrEqualThan LessOrEqualThan Equal and NotEqual Characters Specify the number of the characters used for the compare Select the delete button 4 to delete this check rule Select Add Another Length to add another rule Filter The content that meets the condition configured in this element field can be tested The following elements with specific attributes are available in the optional Filter section e Attributes For the details about the attributes refer to Attributes e ElementContent For the details about the attributes refer to ElementContent EnhancedElement Check Test Logic Example Refer to the following example to better understand the test logic of the EnhancedElement type check The following nodes are contained in the selected file A that will be tested lt a href http www google com lt http www google com gt gt google lt a gt lt img src http www google com 1 jpeg alt this is a test test img gt lt img src http www google com 2 jpeg alt this is a test img gt Create and configure the EnhancedElement check test logic 1 Create an EnhancedElement type c
89. engine found HAV TagValue will be set as Medium However as what was defined in the MCC since the value High for HIV has a higher priority when the scan engine found HIV in the document the final value for TagValue was overwritten by High In this case the scan result will be shown as the screenshot below 374 F e D e e Compliance Guardian Installation and Administration User Guide object result engine Scan xml url testingFile metadata result DocAve ContentCompliance Engine MetadataDefinitionResultCollection 7 ErrorMessage DocAve ContentCompliance Engine Errorlnfo yf mTagResultList Count 1 gt TagResultList Count 1 e 0 DocAve ContentCompliance Engine MetadataTagNameResult docx SIS Action E SF OverrideUser true 2 PlaceTags Q 2 e ProcessType Automated Q Sensitivity Q High Figure 77 Scanned result 4 Scan Metadata Regarding the TDF language the user is able to define a customized TDF to perform a customized scan according to their requirements Among all kinds of supported TDF types the SSL and Cookie Validation type TDFs will require the scan engine to test the SSL level or Cookie domain and expiration The Compliance Guardian SharePoint metadata test is supported in the installation package Therefore for Scan Engine API the scan method requires the SSL level Cookie information or SharePoint Metadata for the source document to be passed via an argument metadata
90. expression also matches the regular expression specified here this result will be filtered out Select Add Another Regex to add another Text check rule Select the delete button 4 to delete this Regex filter check rule Value Configuration Field If Replace is selected as the value of the RedactType attribute this field appears Configure the following attributes Type Select to redact a word or a section BeforeCount If you select Section for the Type attribute you must configure this attribute Specify the number of the characters before the value you specified The characters in the range of the specified number will also be redacted AfterCount If you select Section for the Type attribute you must configure this attribute Specify the number of the characters after the value you specified The characters in the range of the specified number will also be redacted Repeat Specify whether or not to repeat the specified value to make sure the replaced result keeping the same length as the original value Value Specify the value that is used to replace the found instance Compliance Guardian Installation and Administration User Guide 343 Redaction Check Test Logic Example Refer to the following example to better understand the test logic of the Redaction type check The selected file will be tested It contains the content Canadian Social Insurance Number 046 454 286 Create and configure the R
91. filter policy is used in Compliance Guardian Scanner for Website e Lync This type of filter policy is used in Compliance Guardian Scanner for Lync rel p 137 Compliance Guardian Installation and Administration User Guide After selecting the filter policy type configure the following settings a Select a criterion and then select Add a Filter Level Group to add a new rule of the specified level Select the delete button A to delete the rule that is no longer needed o Rule Select the new rule you want to create from the drop down list o Condition Select the condition for the rule o Value Enter a value you want the rule to use in the text box Note The File Content criterion for the SharePoint type filter policy and File System type filter policy is only for the HTML file you can specify which lines or columns are excluded in this scan by using the filter policy b Toadd more filters to the filter policy repeat the previous step Note Depending on the filters you enter you can change the logical relationships between the filter rules There are currently two logical relationships And and Or By default the logic is set to And To change the logical relationship select the logical relationship link The And logical relationship means that the content which meets all of the rules will be filtered and included in the result The Or logic means that the content which meets any one of the rules will be filter
92. for the files in SharePoint 2007 here we take the ccr sp2010riskananlyzer exe as an example Lea LSS Ee ey gt m Computer Local Disk CH Program Files AvePoint Compliance Guardian Agent bin Organize m Open New folder Hr Favorites Name Date modified Type Size EC Desktop 2 Castle McroKernel dil 3 6 2013 12 16 AM Application extension 172 KB E Downloads Castle Windsor di 3 8 2013 12 18 AM Application extension 72 KB Recent Places 2 CCE Engine dl 3 8 2013 12 18 AM Application extension 639 KB 1 CCE Engne dl config 2 16 2013 5 11 PM CONFIG File 2kKB LI Libraries e RICCEEronezeroeere 3 8 2013 12 17 AM Application 23 KB Documents Ah music CCE EngineWorker exe 3 8 2013 12 17 AM Application 21 KB E Pictures CCE ToFVaidator exe 3 8 2013 12 17 AM Application 187 KB Subversion 2 16 2013 5 11 PM CONFIG File Videos d A Be Computer Local Disk C Figure 42 The EXE file location On the machine navigate to Start gt All Programs gt Accessories gt Command Prompt In the command line interface enter the directory For example C Program Files AvePoint Compliance Guardian Agent bin and press Enter oft Windows Version 6 1 7601 Copyright lt c 2009 Microsoft Corporation All rights reserved C Users jbhliang gt cd rogram Files AvePoint Compliance Guardian Agent bin Figure 43 The command line overview 1 Compliance Guardian Installation and Ad
93. if the corresponding SSL Cookie Metadata checking is defined and used in MCC CCC Dictionary lt string object gt metadata new Dictionary lt string object gt For SSL Level information if the source site is under the HTTPS protocol and SSL level checking TDF is used the SSL level for the source site should be set in metadata The key for the scan engine to recognize SSL information is PublicKeySize and the security level value should be an Integer TSS 8 SS ee Sy Icowetiniu a metadata Count 3 d yaar e 0 PublicKeySize 2048 l FP Key 2 PublicKeySize fn i H 7 Value ic Dictionary 2 System String System String ti 2 a Non Public members k a ARA TantNanfiniti Figure 78 The key and value for SSL Level information For cookie information if the cookie validation TDF is used in the CCC the cookie collection should be passed via the metadata Dictionary The Key should be Cookie and the value should be a System Net CookieCollection object which contains all the cookie objects retrieved from the source environment e ME 375 Compliance Guardian Installation and Administration User Guide OI lata Taise TestDefiniti metadata Count 3 a 0 we DI eem ebe of Key A Value e Non Public members y TestNefiniti PublicKeySize 2048 iti Cookie System Net CookieCollection a System Net CookieCollection
94. in the drop down list under the IsFindText attribute e Select Yes in the drop down list under the SearchAll attribute e Select No in the drop down list under the CaseSensitive attribute e Select Found in the drop down list under the Truelf attribute e Select Yes in the drop down list under the ListLocation attribute e Select Warn in the drop down list under the ListLocStatus attribute 3 Select the checkbox before Filter and select the checkbox before Text Configure the following attributes in the Text section e Select No in the drop down list under the CaseSensitive attribute e Enter as the separator e Enter front end Server Side in the Value field 4 Enter the regular expression b a zA Z a zA Z b in the Value field A word that contains a hyphen can match the regular expression 5 Save the check 6 Run a Compliance Scanner job The test suite used in this job contains the check configured above Review the check test logic e In this case in the file A the words Server Side and front end match the specified regular expression but according to the logic we configured in the Filter section the 318 e sud e e Compliance Guardian Installation and Administration User Guide two words will be filtered out so the result is Not Found We set NotFound for the Truelf value so the check result of this check is True According to the setting in True Result and Message in the Report Text step the returning statu
95. information configured in the previous steps is listed Select Install to begin the installation Select Back to change any of the previous settings Select Cancel to abandon all of the configurations and exit the installation wizard 12 After the installation is complete select Finish to exit the installation wizard C Compliance Guardian Installation and Administration User Guide Uninstalling Compliance Guardian App for Real Time Classification To uninstall Compliance Guardian App for Real Time Classification complete the following steps Note Once you have initiated the uninstallation it cannot be cancelled and the uninstallation interface cannot be closed 1 Open the Start Menu in Windows on the Compliance Guardian Manager Server and navigate to All Programs gt AvePoint Compliance Guardian 2 Open the Compliance Guardian Manager Tools folder and then double click Compliance Guardian App for Real Time Classification Uninstall 3 Inthe appeared page select the Remove configuration file option if you want to remove all of the folders and configuration files generated by app installation 4 Select Remove to start the uninstallation process 5 Select Finish to complete the uninstallation oe 61 Compliance Guardian Installation and Administration User Guide Se Navigation Bar After you login to Compliance Guardian select Report or Administration on the top left corner of the home page The navig
96. is Found According to the logic of the Truelf attribute the result of the FindText section is True e According to the logic of the BreaklfFound attribute if one instance is found the scan will stop so the test of the Regex section will not be continued e So the result of this check is True According to the setting in True Result and Message in the Report Text step the returning status is Passed which will be displayed in the Compliance Guardian report Cookie Type Check The Cookie type check is used to validate cookie domain and expiration dates The following section provides a general introduction about configuring attributes for this type of check Configuring Attributes for Cookie Type Check Configure the attributes for the Cookie type check according to the instructions in the following sections Cookie Configure the following attributes under this element e ThirdParty Instruct the scan engine to check if the cookie is from a third party e PrivacyLinReq Instruct the scan engine based on the cookie condition to check for a privacy link e ResultNA Specify a result when the specified element is not found If TrueResult is selected then if the specified element is not found the True result will be returned if FalseResult is selected then if the specified element is not found the False result will be returned If NAResult is selected then if the specified element is not found the status of the te
97. is db_datareader for the database that will be scanned the Server Level Role is Public e The SELECT permission to the table columns e The SELECT permission to the captured table kel 8 27 Compliance Guardian Installation and Administration User Guide e The EXECUTE permission to the following functions or procedures 0 0 0 0 Procedure sys sp_cdc_help_change_data_capture Procedure sys sp_cdc_get_captured_columns Function SERVERPROPERTY Function COLLATIONPROPERTY Function DATEDIFF Function DATEADD Function sys fn_cdc_map_time_to_lsn Function SQL_VARIANT_PROPERTY Function GET_FILESTREAM_TRANSACTION_CONTEXT Function FileStreamColumn PathName e The SELECT permission to the following system views 0 o Overview of Compliance Guardian Manager and Agent Services After properly installing all of the services including Compliance Guardian Manager and Agent Services you are able to manage the compliance of your SharePoint data via the Compliance Guardian product Control Service receives the request from Compliance Guardian Manager and then sends the request to Agent Services which retrieves the data from SharePoint Agent Services then send the data to the Control Service for analyzing If an action should be performed on the SharePoint contents that are considered not compliant by Compliance Guardian those actions will be performed by the Agent Services The Agent Services will also b
98. is found to save scan time If All is selected the scan will only stop when all instances are found ValidWhen This is used to indicate if the result is valid when the condition is one of two values True or False e Attribute Configure the following attributes for this element O O Name Specify the name of the attribute to be tested CaseSensitive Specify if the attribute name being tested for must match the case exactly AllowNull Specify whether the attribute that has no value will be tested MustExist Specify whether or not the attribute has to exist If True is selected then the test will fail if the specified attribute does not exist e TextCompare Configure the following attributes for this element Q O MatchElementValue If the Attributes element under the MatchElement section has been configured this radio button will be selectable If this radio button is selected configure the following attributes Name All the attribute names configured under the MatchElement section will be loaded Select a name from the drop down list for the test CaseSensitive Specify if the attribute name being tested for must match the case exactly CompareType There are two values for this attribute MustContain and MustNotContain If MustContain is selected the test condition is the value of the attribute under the SecondaryMatch section must contain the value of the attribute un
99. logic determines whether a check result is false or true False Result and Message Select the returning status and message for this check when the checking result is False The checking logic determines whether a check result is false or true 4 Select Next on the ribbon or on the lower right corner of the screen The check attributes configuration screen appears 5 Configure the attributes for the check The attributes that are required to be configured for each type of check are different For more information about configuring attributes for each type of check refer to Configuring Check Type Attributes in Appendix B 6 Select Save on the ribbon or on the lower right corner of the screen to save the check If you want to preview the check before saving it select Preview on the ribbon or on the lower right corner of the screen A pop up window appears Enter the file name in the pop up window and select Save The check will be saved You can view the configuration information on the check and then save the check in Compliance Guardian after you have previewed the check and confirmed the check information Creating Test Suites To create a new test suite select Create on the ribbon of the Test Suite Manager interface When the drop down menu appears select Test Suite from the drop down menu To create a new test suite complete the following steps 1 Inthe Test Suite Type screen select the test suite type T
100. navigation bar to launch Compliance Scanner 148 F sn e e Compliance Guardian Installation and Administration User Guide ft Report v Administration v Welcome admin What do you want to do next Compliance Manager Ma RB Compliance Scanner Compliance Report Classification Manager ZC Ca Classification Scanner Classification Report a System Manager s mo Control Panel Job Monitor Figure 15 Compliance Guardian module launch window ai e F 149 Compliance Guardian Installation and Administration User Guide Home Page Overview The Compliance Scanner home page displays a list of all of your previously created Compliance Guardian Scanner plans You can also select Create to select the Compliance Guardian Mode SharePoint File System Website or Database and then create a plan Compliance Manager gt Compliance Scanner Report v Administration v Compliance Scanner Fassel Er Q HO Create Configure Archiving Search Manage Action Discovery Manager rs Search all pages Search current page 2 D Plan Name Description Scan Policy Scope Type Modified Time ERD site and ts Compliance Scanner for File System 2014 11 12 11 19 37 EI fsts ts Compliance Scanner for File System 2014 11 12 10 50 19 HI fs site Compliance Scanner for File System 2014 11 12 10 22 36 Show rows 15 Goto 1 of1 0 of 3 selected Figure 16 Compliance Scanner home page Selecting Mode Select
101. new group in Control Panel For more information refer to Account Manager e Quarantined Location Select a location for storing the backed up quarantined files or items Select New Export Location to create a new export location For more information refer to Configuring Export Locations Alert Only The files or items that meet the configured condition in the action policy can be recorded in an e mail and sent to users Navigate to the Create Action Policy or Edit Action Policy interface and select Alert Only gt Configure The Configure interface appears e Specify a default e mail template You must select a default e mail template before you can add recipients Select the New Notification Template link to create a new template e Creator e mail template Select this checkbox to send an alert e mail to the creator of the file or item If this option is selected you must select an e mail template from the corresponding drop down list If you do not select an e mail template Compliance Guardian will use the default e mail template e Modifier e mail template Select this checkbox to send an alert e mail to the modifier of the file or item If this option is selected you must select an e mail template from the corresponding drop down list If you do not select an e mail template Compliance Guardian will use the default e mail template e Userin the selected notification profile Select this checkbox to send an alert
102. not to record the instance s location in the Compliance Guardian database If Yes is selected in the drop down list under the ListLocation attribute then every location of the instance found will be 324 e S e e Compliance Guardian Installation and Administration User Guide O O recorded in the Compliance Guardian database If No is selected in the drop down list under the ListLocation attribute the check continues but the locations of the instances found will not be recorded in the database ListLocStatus Specify the status for the instance that is found The status will be recorded in the Compliance Guardian database Note that if the status set for True Result or False Result is Failed in the Report Text step the value for the ListLocStatus will be Fail and the value cannot be changed CaseSensitive Specify if the text being tested for must match the case exactly CompareType Select MustContain or MustEqual for this attribute e Dictionary Configure the following attributes O O Separator Specify a separator if multiple values are specified Value Define one or more values for the test use the separator specified before to separate the values Select the delete button 4 to delete this Dictionary check rule Select Add Another Dictionary to add another rule Regex This section is optional Configure the following attributes e Select the checkbox before Regex the following a
103. number is missing then it is assumed that its value is 1 Allowed values are 1 10 This is optional According to the formulas selected in the RiskFormula section the check will have three risk levels after the scan job ContentType Select the content types that will be scanned If you do not select the content types all the file content types that are supported to be scanned in Compliance Guardian will be scanned Refer to the following steps for selecting the content types Select the text field under the ContentType attribute a pop up window appears 351 Compliance Guardian Installation and Administration User Guide Inthe pop up window select the checkbox before the desired content types and select OK Select the delete button 4 to delete the SubCheck check rule Select Add Another Check to add another rule e Operator If you select the Operator checkbox the SubCheck checkbox above the Operator checkbox will be grayed out You can determine the condition of the check group s result Configure the following attributes for this element o Type Depending on the sub checks you added in the SubCheck field you can change the logical relationships between the sub check results There are currently two logical relationships AND and OR By default the logic is set to And o Result Field Specify the result of the check group according to the check result The check result will be True False or NA
104. number of jobs or jobs within a desired time frame Once you have configured the Job Pruning Rule for a module you may configure a schedule in the Settings tab to have Compliance Guardian prune jobs according to the Job Pruning Rules at a specified time with a specified notification or manually run pruning jobs by selecting a module by checking the corresponding checkbox and select Prune Now on the ribbon to prune jobs for the selected module based on the Job Pruning Rules you have configured for each module Job Pruning has Job Monitor integrated within the interface To see the progress of your pruning jobs select Job Monitor on the ribbon For more information about Job Monitor refer to Job Monitor To access Job Pruning for Compliance Guardian in the Control Panel interface select Job Pruning under the Job Pruning heading Select Save on the ribbon to save any changes made in Job Pruning Select Close on the ribbon to close the Job Pruning interface Configuring Pruning Rules In the Rules tab select a Compliance Guardian module by checking the corresponding checkbox then select Configure on the ribbon or select the corresponding Job Pruning Rule for a module The Configure interface will open in a pop up window The following options can be configured e No Pruning Select this option to not prune the job records of this module When configuring pruning rules you will be presented with the following options o Keep the last__ jo
105. o ElementContent This section is optional Select the checkbox before this element the following attribute appears ContentReq Specify whether the specified element must contain content If Yes is selected then the element must contain content or the check for this section will be False The following elements with specific attributes are within the optional ElementContent section Compliance Guardian Installation and Administration User Guide Length This section is optional Select the checkbox before this element the following attributes appear CompareType Specify a compare type for this length compare The attributes for CompareType are GreaterThan LessThan GreaterOrEqualThan LessOrEqualThan Equal and NotEqual Characters Specify the number of the characters used for the compare Select the delete button 4 to delete this check rule Select Add Another Length to add another check rule TextCompare This section is optional Select the checkbox before this element the following attributes appear CompareType Specify a compare type The attributes for CompareType are MustContain MustNotContain MustEqual MustNotEqual MustMatch and MustNotMatch Separator Specify a separator if multiple values are specified CaseSensitive Specify if the attribute being tested for must match the case exactly Value Define one or more values for the test
106. of all Web applications via the User Policy for Web Applications o Manage User Profiles of Shared Services Rights SharePoint Permissions for SharePoint 2010 o Member of the Farm Administrators group o Full Control permission to all zones of all Web applications via the User Policy for Web Applications o User Profile Service Application permissions Permissions gt Connection Permissions for User Profile Service Full Control Administrators gt Administrators for User Profile Service Application Manage Profiles Administrators gt Administrators for User Profile Service Application Manage Social Data Use Personal Features Create Personal Site Use Social Features o Managed Metadata Service Term Store Administrator o Business Data Connectivity Service Full Control o Search Service Full Control Compliance Guardian Installation and Administration User Guide SharePoint Permissions for SharePoint 2013 o Member of the Farm Administrators group o Full Control permission to all zones of all Web applications via the User Policy for Web Applications o User Profile Service Application permissions Permissions gt Connection Permissions for User Profile Service Full Control Administrators gt Administrators for User Profile Service Application Manage Profiles Administrators gt Administrators for User Profile Service Application Manage Social Data Use Personal Features Create Personal S
107. on a node if it inherits the rules of the higher level Inheritance must first be broken e The inherited Real Time Classification Scanner rule cannot be edited it can only be viewed e Once you have broken the rule inheritance on a node if you choose to inherit the rules of the higher level again all of the rules that are added after breaking the inheritance on this node will be removed from the following nodes o The node that inherits the higher level rules again o The nodes that inherit the rules from the node above Enabling Custom Upload Page To use this feature you must first deployed the SP2013CustomUploadPage wsp or SP2013CustomUploadPage wsp solution and enabled the custom upload page in an applied Real Time Classification Scanner rule When you upload a file in SharePoint Compliance Guardian s own upload page appears Compliance Guardian will execute the Real Time Classification Scanner rule immediately If the file has taken action according to the rule the page with the related action information will appear You can customize this page For more information on customizing the SharePoint page refer to Customizing SharePoint Page and Message If the file is uploaded successfully Compliance Guardian s Edit Properties page appears allowing you to edit the uploaded file properties Note For the Redact action the user can configure the key FilterRedactResult node in RTSv2 exe config apply to SharePoint 2007 or Share
108. open the Control Panel interface and select License Manager under the License Manager heading Select Close on the ribbon to close the License Manager interface Viewing License Information In the License Manager interface the License Details section displays the following information e License Type Whether you have a Trial license or an Enterprise license e Server Host IP The host IP of the server used to install Compliance Guardian Control Service e Maintenance Expiration Details The start time and expiration date of the Compliance Guardian maintenance service you have purchased e License Details The detailed license information for every SharePoint version in SharePoint mode File System mode Website mode or social networks by selecting the corresponding tab under License Details o SharePoint Select the SharePoint tab under License Details to see every SharePoint version or remote farm for SharePoint Online license information specific to Source The SharePoint version License Type The type of license purchased for the product Number of Servers The number of servers you have bought Registered Servers The number of servers you have used Expiration Time The expiration time of the license for this SharePoint Status The current status of the SharePoint which reflects proper licensing Number of User Seats The number of user seats for SharePoint Online displayed
109. parameter from the drop down menu then select Find Now to start the search Select Stop to stop the search Once you have selected your desired certificate select OK to save and exit the Select Certificate interface or select Cancel to exit the Select Certificate interface without saving specifying a certificate When you are finished configuring the Security Token Settings select Next to configure the Claim Configuration 3 Claim Configuration Configure the mappings between the Claim Name displayed in Compliance Guardian and the Claim Type displayed in ADFS You can perform the following actions to your claims e You can change the order of the claims in the Order column of the table If a user can be identified using several claims Compliance Guardian will use the Claim Name of the first claim listed here as the display name for each respective user e Select Ato delete the selected claim e Select Automatically to have the claim type be specified automatically after you select the claim name from the Claim Name drop down menu Select Manu to add the claims manually Select Auto to switch back to the default option 4 Overview Review the settings you have configured in the previous steps To make changes select Edit in the corresponding section and you will be brought back to that step so you can make changes 5 Finish Provides you with three options to import the relying party data for Compliance Guardian in ADFS u
110. regarding Compliance Guardian versions You can check whether you are running the most up to date version of Compliance Guardian download updates view download and installation history and configure download and update 92 e e i e E Compliance Guardian Installation and Administration User Guide settings Update Manager allows you to update the current version of Compliance Guardian within the Compliance Guardian GUI to reduce the time and risk of a manual update Before performing an update if multiple Compliance Guardian Control Services are installed in the Windows Network Load Balance environment the Download Location must be configured before you can perform the update operation successfully To access Update Manager for Compliance Guardian navigate to the Control Panel interface and then select Update Manager under the Update Manager heading Select Close on the ribbon to close the Update Manager interface Configuring Update Settings In Update Manager you can configure settings for custom locations to download updates set Update Manager to download or check for updates automatically and configure a proxy server for downloading Compliance Guardian updates To configure these settings select Update Settings on the ribbon You will be brought to the Update Settings interface where you can configure the following settings e Download Location Download Compliance Guardian updates to a net share path and store them for f
111. requirements for the password o Minimum number of alpha Enter a positive integer There must be at least the specified number of letters in the password o Minimum number of numeric Enter a positive integer There must be at least the specified number of numbers in the password o Minimum number of special characters Enter a positive integer there must be at least the specified number of special characters in the password The special characters include amp and o Password cannot contain user ID Select this option and the password cannot contain the user s name o Password cannot contain space Select this option and the password cannot contain spaces e Password Expiration Warning Send out warnings if the password of a user will expire in the specified time period Set the period by entering a positive integer using the Day s or Month s option You can choose the forms of the warning by selecting the Pop up message or E mail notification 72 F e D e e KE Compliance Guardian Installation and Administration User Guide Viewing Security Information Compliance Guardian uses a passphrase to protect the Compliance Guardian databases and secure the communication Before connecting to the Compliance Guardian Manager when installing the Compliance Guardian Agents the passphrase must be entered to verify the access The default passphrase is generated automatically at the end of the Man
112. scans the content that has been modified since the last incremental or full scan job If selecting Incremental Scan the Reference Time option is enabled Reference Time Choose whether to scan contents created or modified at a specified interval If you choose to use a reference time specify the time to scan contents created or modified Enter an integer into the textbox and select Minute s Hour s or Day s from the drop down list Note It is recommended specifying a reference time when the recurrence schedule configured in Range of Recurrence is End after 1 occurrence o Schedule Settings Specify the frequency to run the rerunning schedule Enter an integer into the text box and select Minute s Hour s Day s Week s or Month s from the drop down list o Range of Recurrence Specify when to start and end the running recurring schedule Start time Set up the time to start the plan and Time Zone can be changed under the Start time Note that the start time cannot be earlier than the current time No end date Select this option to repeat running the plan until being stopped manually End after specified occurrence s Select this option to stop the plan after specified occurrences that you configure in the text box End by Set up the time to end the recurrence of plans Select OK to save the settings After configuring the schedule for this replication job select Calendar View to vie
113. scr sct shb shs shtm shtml soap stm svc url vb vbe vbs vsix ws wsc wsf wsh xamlx lt Blacklists gt lt IMSAttachmentSetting gt lt settings gt Figure 83 The IMSAttachmentSetting node in the configuration file 5 Save the file 380 F S sn e e Compliance Guardian Installation and Administration User Guide Appendix G Displaying Only Violations in the Error Highlight Report This function is used for Compliance Guardian Scan Result gt Failed Files gt Error Highlight Report If a file size is quite large it may affect the performance to display the whole file in the Error Highlight Report Compliance Guardian provides you with a way to control whether the whole file with the violations non compliant content is displayed in the Error Highlight Report or just the file s violations non compliant content are displayed in the report The configuration file ContentComplianceConfig xml provides you with a node to provide this function The configuration file resides in Compliance Guardian Agent Bin Open the file and find the node lt ViolationSummaryThreshold aCount 20 bCount 40 gt 600 lt ViolationSummaryThreshold gt e aCount The value of this attribute means the number of the characters after the non compliant content that can be displayed in the error highlight report The default value is 20 You can customize the value e bCount The value of this attribute means the number of th
114. section e Select All in the drop down list under the Truelf attribute e Select True in the drop down list under the ValidWhen attribute Configure the ListLoc section e Select Invalid in the drop down list under the Type attribute e Select Warn in the drop down list under the Status attribute Configure the Size section 359 Compliance Guardian Installation and Administration User Guide e Enter 10 in the MinValue field select KB as the unit e Enter 20 in the MaxValue field select KB as the unit 5 Configure the Type section e Select MustContain in the drop down list under the CompareType attribute e Enter as the separator e Select No in the drop down list under the CaseSensitive attribute e Enter text html text xml mage gif image jpeg in the Value field 6 Select the checkbox before Filter configure the Filter section e Select MustNotContain in the drop down list under the CompareType attribute e Enter as the separator e Select No in the drop down list under the CaseSensitive attribute e Enter A B in the Value field 7 Save the check Run a Compliance Scanner job the test suite used in this job contains the check configured above Review the FileProperty check test logic e Inthe Filter section we only compare the values specified with the src attribute s value in the img element the href attribute s value in the link element and the data attribute s value in the object element in the selected fi
115. server can be added to Compliance Guardian Alternatively select the browse name button to search for the desired user group in the pop up window enter the value to search for in the Find text box and then select the find name button Select the desired user and then select Add Select OK to add the users or select Cancel to close the window without adding the users Enter an optional Description for future reference Note In order to log into Compliance Guardian Manager using the added user the corresponding user must have the permission to access the machine where the Compliance Guardian Control service is installed Group Set the permissions for this user by adding the user to a previously configured Compliance Guardian user group the user will have all of the permissions of the specified group ME 85 Compliance Guardian Installation and Administration User Guide lt lt 7 When you are finished select Save to add the user and return to the Users interface or select Cancel to return to the Users interface without saving the configurations for this new user e Edit User To edit a user for Compliance Guardian select the user by checking the corresponding checkbox and then select Edit User on the ribbon or select the username You will be brought to the Edit User interface where you can configure the following settings for a user o Edit Information Edit the user information for t
116. set to false the CCE EngineWorker exe process will run on the machine where the agent that creates the engine object The values of the Remotelp node and the RemotePort node are invalid and do not need to be specified ScanTimeOut The attribute will take effect when the value of the IsSingleProcess attribute is false It is used to configure the timeout period The default value is 180 The unit is seconds RetryTimes The attribute will take effect when the value of the IsSingleProcess attribute is false It is used to define the times of retrying when an error occurred during scanning a file The default value is 3 Checkinterval The attribute will take effect when the value of the IsSingleProcess attribute is false It is used to define the interval of checking the Keepalive thread The default value is 60 The unit is seconds Compliance Guardian Installation and Administration User Guide Appendix F Using the ComplianceSetting config file The ComplianceSetting config file can be used to realize the following functions Configuring to Scan User Profiles Compliance Guardian supports scanning user properties and social notes in user profiles Compliance Guardian accesses the user profiles through the personal site However if the personal site is not created you cannot scan the corresponding user profile since there is no personal site node in the tree Compliance Guardian provides a method to scan the user profile in C
117. the Office 365 The Office 365 Login interface appears Enter the username and password The Office 365 appears Select the Trust it button The status displayed on the Activate App for Real Time Classification interface is Activated e Alert Select a notification profile to send an alert that the token will expire Enter the value to define when to send the e mail before the token expires Select OK to save your changes or select Cancel to exit this interface Then the site collections are supported scanning using the Real Time Classification Scanner rule For more information on configuring Real Time Classification Scanner refer to Real Time Classification Scanner Office 365 Account Profile Manager Use Office 365 Account Profile Manager to manage all of the Office 365 accounts which will be used to scan all of the site collections on the SharePoint admin center site 110 S e ae Compliance Guardian Installation and Administration User Guide To access Office 365 Account Profile Manager for Compliance Guardian in the Control Panel interface select Office 365 Account Profile Manager under the SharePoint Sites heading Select Close on the ribbon to close the Office 365 Account Profile Manager interface Managing the Office 365 Account Profiles In the Office 365 Account Profile Manager interface you will see a list of previously configured Office 365 account profiles The following settings can be configured in the Off
118. the database file s full name the database name db of the desired plan whose detailed risk information is going to be exported e Export Location Specify the location as the value of the excelLocation attribute The report will be generated into this location e File Show Count Specify the number of the files as the value of the fileSshowCount attribute The files are displayed according to their risk scores calculated by the Raw type risk formula For example if you specify 10 as the value then the risk information of 10 files that have the top 10 risk scores calculated by the Raw type risk formula will be displayed in the report Each file s risk information is displayed in one sheet in the report excel e Auditing Item Count Specify the number of the Auditing items that will be displayed in the report The information of the most recent activities to the file will be displayed in the report After configuring the attributes save the configuration file hast F 259 Compliance Guardian Installation and Administration User Guide 3 Under the same directory AvePoint Compliance Guardian Agent bin find the CCR RiskReportTool exe file and select to Run As Administrator After the CCR RiskReportTool exe file has been opened wait until the following message appears indicating the report has been generated into the specified location The report has been generated Press any key to exit Code Conten
119. the e mail Receiver Configure the receiver Select E mail Address and then select Add a Notification Address Enter the address to which the e mail will be sent and select a corresponding e mail template Select SharePoint Group and then select Add a SharePoint Group Enter the SharePoint group whose users will receive the e mail and then enter the corresponding e mail template Note that the SharePoint group must exist in the selected SharePoint scope Select Add a Notification Address or Add a SharePoint Group again to add more addresses or groups Select the delete i button to delete an address or group o Job Report Select this checkbox to configure to send an e mail with the job information Then Select a previously configured notification profile from the Select a profile with address only drop down list or choose to create a new e mail notification profile by selecting the New Notification Profile link Select View to view the detailed configuration of the selected notification profile For more information on configuring the e mail notification profiles refer to Configuring Receive E Mail Settings e User Profiles Filter This option appears only when you select the User Profile Service node in the tree Configure this option if you want to filter the user profiles Select download a template to download the template file which is used for filtering user profiles Edit the file according to your own requirem
120. the following information e Name The name entered here will be displayed in the Server drop down menu on the login page You can select the corresponding name to log on Compliance Guardian using the trusted ADFS e URL The identifier of the trusted ADFS Select Add to add the new record or select x to delete a selected ADFS trust Configuring Client Certificate Authentication In the Authentication Manager interface configure Client Certificate Authentication in any of the following ways e Select Enable in the Action column of the Client Certificate Authentication row to enable the Client Certificate Authentication e Select Disable to disable this authentication e Select Set as default to set this authentication as the default 78 F e D e e EH Compliance Guardian Installation and Administration User Guide Account Manager Account Manager allows you to view and manage users and configure user groups with custom permission levels for Compliance Guardian This module allows you to give specific people or groups of people your desired level of access to Compliance Guardian In Account Manager you can give specified permissions to Compliance Guardian users to limit which Compliance Guardian module a user is able to access and which farms specific Compliance Guardian users can access A user can belong to multiple groups Note If you would like to leverage authentication credentials from Windows Authentication AD or ADF
121. the users to log onto Compliance Guardian using their Active Directory authentication credentials ADFS Integration Allows the users to access Compliance Guardian as long as they have logged into the local machine using their ADFS credentials Client Certificate Authentication Allows the users to access Compliance Guardian using Client Certificate Mapping Services To access Authentication Manager for Compliance Guardian open the Control Panel interface select Authentication Manager under the Authentication Manager heading Select Close on the ribbon to close the Authentication Manager interface Configuring Windows Authentication To leverage Windows Authentication credentials to access Compliance Guardian complete the following steps 1 2 In the Authentication Manager interface select Windows Authentication on the ribbon Select the Authentication Type from the drop down menu NTLM Negotiate Kerberos Note Kerberos authentication method must be previously configured in the operating system before you select the Negotiate Kerberos option when enabling the integration with Windows Authentication Otherwise the NTLM authentication method will be enabled Select OK to save any changes made and close the Windows Authentication interface or select Cancel to close the Windows Authentication interface without saving any changes made Configuring AD Integration To leverage Active Directory authentication c
122. to Internet Explorer gt Tools gt Internet Options Switch to the Security tab and select a zone Select the Custom level button inside the Security level for this zone field Scroll down to the Downloads setting 253 Compliance Guardian Installation and Administration User Guide 5 Change the detailed settings according to the screenshot below ef Downloads Da Automatic prompting for file downloads Disable Enable ef File download Disable Enable ef Font download Disable Enable Si Prompt Figure 35 IE security settings The Actions Toolbar When you select one or more jobs the toolbar appears This toolbar provides you with the Stop action to stop the selected in progress job immediately The job status will change to Stopped but the job information will be retained as well as any data aggregated by the job Note Once a job is stopped in order to run it again you must launch the respective module you used to run that job Select the Plan Manager tab and then select the plan by checking the checkbox and select Run Now When you run the same job again it will be considered a new job so the previous data is retained The Settings Toolbar This toolbar provides access to the Report Location tool that allows you to specify a location for storing the reports generated after running the jobs If you do not configure this tool the job reports will be stored in the default location AvePoint Compliance Guar
123. to the action policy o Notification A notification is sent to let you know the job report information after the job finished If Alert is selected configure the following settings e Name and Description Enter a Name for the Receive E mail Notification profile and an optional Description for future reference e Notification Address Configure the recipients for this alert o E mail Address If the E mail Address radio button is selected select Add a Notification Address enter a recipient s e mail address in the Recipient column and then select a corresponding e mail template Select Add a Notification Address again to add another recipient Select the delete 7 button to delete a recipient o SharePoint Group If the SharePoint Group button is selected select Add a SharePoint Group enter a SharePoint group name in the Recipient column and then select a corresponding e mail template Select Add a SharePoint Group again to add another group Select the delete 7 button to delete a group If Notification is selected configure the following settings e Name and Description Enter a Name for this Receive E mail Notification profile and an optional Description for future reference e Notification Address Configure the recipients for this notification Select Add a Notification Address and then configure the settings below to add a recipient o Only for Notification Choose the detail level for the not
124. to the following steps to export the Lync data 1 Select the searched Lync conversations that you want to export the Export button is enabled on the ribbon 2 Select Export then select Export to EDRM Export to Concordance or Export to HTML A window appears Enter a request name and then select OK For more information on the export requests refer to Export Requests Configuring Export Settings Select Configure Export Settings on the ribbon to configure the location where the searched Lync content will be stored and to configure the pruning rules in the location e Report Location Select a location to store the exported Lync content from the drop down list You can select New Export Location to create a new export location e Pruning Rules Configure the pruning rules 170 S F ae e Compliance Guardian Installation and Administration User Guide o No Pruning Select this radio button all of the exported Lync content files will not be pruned o Keep the latest _ reports Select this radio button and enter the number of reports that you want to keep in the location the other files will be pruned o Keep the latest _ Days Weeks Months of reports Select this radio button and then enter a time range the files exported during the entered time range will be kept Select Save to save the settings in the Configure Export Settings window or select Cancel to exit the window without saving any changes E
125. with its own IPO02 Hostname eg Compliance Guardian Manager Installation Wizard Compliance Guardian Pieter intoracalion Control Service Configuration License Agreement Database Saftings e g Database Type Installation Location d Services Installation Database Server CGSP13PUB SQLIRAUL Control Service Database Name CGControlDB_CLB Installation Rule Scanning gt Control Service Configuration Database Credentials Control Database Settings 5 Windows Authentication Advanced Configuration 5 SQL Authentication Installation Summary Username QAROOTDC yangjian tong Installation Progress 8 Password aaeaeenes Complete Passphrase Settings Please enter the passphrase you want to use Passphrase 123 Advanced Database Scttings E Failover Database Server Figure 86 Control Service Configuration 3 Install Compliance Guardian Manager Control service Control02 on node B with its own IPO3 Hostname Note Make sure that the Database Server and Control Service database names entered in the Control Database Server and Control Service Database Name fields are the ones used when installing Compliance Guardian Manager Control service Control01 and the passphrase is the one used when installing Compliance Guardian Manager service Control01 e af d F 387 Compliance Guardian Installation and Administration User Guide we Compliance Guardian Manager Installation Wiza
126. with so many products it is important that it is easily accessible but not disruptive of your current task For this reason while there are many ways to access Control Panel the interface opens as a pop up window so that you can remain on whichever page you are on and when you are finished configuring settings in Control Panel closing it will return you to the page you were on To access Control Panel select the Compliance Guardian tab and then select Control Panel While in the interface of a certain product if the product utilizes a feature in Control Panel selecting on that feature on the ribbon of the product page will bring up the Control Panel pop up window with the appropriate tab open Whenever you are finished configuring settings in Control Panel close the window to return to the previous screen you were on Monitor The monitor features in the Control Panel of Compliance Guardian allow you to view and manage Compliance Guardian Control Service and Compliance Guardian Agents e Manager Monitor Here you can view details about your Compliance Guardian Control Service e Agent Monitor Here you can view and configure your Compliance Guardian Agents currently installed on your SharePoint environment This can be useful if there is a change in personnel and the SharePoint account that the Agent uses to communicate with SharePoint needs to be changed With Agent Monitor you can also perform basic maintenance operations on y
127. without saving any changes 5 Click Add Schedule to add more schedules for your profile 6 Click Calendar View to view the overall schedules Managing Rules in a Self Checker Profile In the Self Checker interface you can perform the following actions e Profile Manager Manages all of the Self Checker profiles For more information refer to Managing Self Checker Profiles e Export Report Exports a report for all of the rules in the selected profile e View Details Views the detailed information of the selected rule Select a rule and then click View Details on the ribbon e Stop Scanning Stops scanning the selected rules Select one or more rules and then click Stop Scanning on the ribbon e Rescan Rescans the selected rules Select one or more rules and then click Rescan on the ribbon e Job Monitor Monitors all of the Self Checker jobs 118 F e D e e Compliance Guardian Installation and Administration User Guide Exporting Self Checker Report To export a Self Checker report which will allow you to view detailed information about the rules included in a specific profile complete the following steps 1 In the Self Checker interface select a profile from the Profile Name drop down list 2 Select a collection time from the Collection Time drop down list By default the latest collection time of the selected profile is displayed 3 To export all of the scan results click Export Report T
128. you want to view information about all of the selected files you must download the details to a CSV file using Download Details Select the checkbox before the file you want to manage select next to the file name a drop down list appears and then you can select how to manage the file by selecting the corresponding action View Content View Properties Download Details Restore Upload Content and Delete Restoring Files in Quarantine Manager You can restore a quarantined file or item by selecting Restore Restoring the SharePoint Files or Items that Are Affected by the In Place Quarantine Method After you select a SharePoint file or item that is affected by the In place quarantine method configure the following settings in the Restore interface Ignore this File Until the File or Policies Change Select this checkbox the file or item will not be scanned until the action policy or scan policy is changed or until the file or item is changed Change Classification Result If you have selected the Ignore this file until the file or the scan action policy is changed checkbox this field appears You can then select to change the classification result by selecting the Change classification result checkbox A table listing all the tags that have been added to the file or item appears You can change the tags based on your own requirement Conflict Resolution If there is a file this function will not be taken effect ona Shar
129. you want To use the Check Validator complete the following steps 1 Goto the machine with Compliance Guardian Agent installed and open the AvePoint Compliance Guardian Agent bin directory to find the CCE TDFValidator exe file 2 Open the CCE TDFValidator exe to start this tool Check Validator loj x Check and File Selection Check Test Suite T Test File F Scan 5 Export Report E Figure 36 Check Validator interface 3 Select the Check Test Suite T button or you can press T on your keyboard a pop up window appears select the check or test suite that you want to validate and then select Open in the pop up window The full path of the selected check test suite will be displayed on the tool interface 4 Select the Test File F button or you can press F on your keyboard a pop up window appears select the file you want to test and then select Open in the pop up window The full path of the selected file will be displayed on the tool interface 256 e F Pa Compliance Guardian Installation and Administration User Guide 5 Select the Scan button the file then will be tested according to the rules defined in the selected check or test suite 6 The scan results will be displayed in the Scan Result field of this tool In the Scan Result field the Check ID Check Name the count of the instances that are found and the status of each check will be displayed If one of the statuses
130. 128 for the MinLevel attribute e Select the checkbox before TextCompare and configure the following attributes o Select MustContain in the drop down list under the CompareType attribute o Enter as the separator o Select No in the drop down list under the CaseSensitive attribute o Enter Pass in the Value field 3 Save the check 4 Run a Compliance Scanner job The test suite used in this job contains the check configured above Review the TextCompare check test logic e The webpage contains the node lt input type password name Passwd id Passwd gt the value of the attribute id contains the value Pass so the webpage meets the condition e Ifthe minimum HTTPS protocol encryption level of the webpage is higher than 128 the result of this check will be True or the result will be False WebBeacons Type Check The WebBeacons type check is used to detect if Web Beacons are present on a webpage The following section provides a general introduction about configuring attributes for this type of check as well as a test example for you to understand the test logic e ME 331 Compliance Guardian Installation and Administration User Guide Configuring Attributes for WebBeacons Type Check Configure the attributes for the WebBeacons type check according to the instructions in the following sections WebBeacons Configure the following attributes under this element e ElementName Specify the element name that
131. 17 2014 SHARE 2 45 57 2 45 57 PM PM Sco e Wem Im D Lists Tasks 1 17 2014 SHAREPOINT system 1 17 2014 SHARE p 2 45 44 2 45 44 PM PM discussion_in_1 Lists Discussion 1 17 2014 SHAREPOINT system 1 17 2014 SHARE Board1017 2 45 51 2 45 51 PM PM discussion_out_0 Lists Discussion 1 17 2014 SHAREPOINT system 1 17 2014 SHARE Board1017 2 45 58 2 45 58 PM PM discussion_out_1 Lists Discussion 1 17 2014 SHAREPOINT system 1 17 2014 SHARE Board1017 2 46 00 2 46 00 PM i File Details File Name item_out_0 Fi D H File Location 10 1 53 80 c MoveUse ile Details Violation Matches the rules Document Name Contains out Hem Title Contains out Figure 30 SharePoint 2013 Compliance Guardian Quarantine Manager Interface 4 To manage the quarantined files complete the following steps a Inthe scope field of the screen select the site collection to expand to the node in which the files you want to manage are D 245 Compliance Guardian Installation and Administration User Guide Select the node and then you will see all of the files will list in the Files field to the right of the Scope field Select the specific files by checking the checkbox in front of the file in the Files field The file details will display in the File Details field Note The File Details field can only display information on one file at a time If you select several files only the last selected file s details can display on the screen If
132. 3 Classification Scan x 8 i pen Event 106 ComplianceGuardian General Details ActionGroup bt Original Location http hyw2012 1986 sites Team Shared Documents ActionGroup tt Scan Time 2014 7 3 9 58 52 Action Type Encrypt New Location http hyw2012 1986 sites Team Shared Documents ActionGroup bt asf Status Successful Reason Matches the rules Document Name Contains ActionGroup Log Name ComplianceGuardian Source ComplianceGuardian Logged 2014 7 8 9 13 59 Event ID 106 Task Category Classification Scan Level Information Keywords Classic User N A Computer ywhe pe OpCode More Information Event Log Online Help Figure 48 Event Viewer interface ai e 267 Compliance Guardian Installation and Administration User Guide E Monitoring Compliance Guardian Job Performance in Performance Monitor Compliance Guardian allows you to monitor the Compliance Guardian job performance in Performance Monitor 1 On the machine where Compliance Guardian agent is installed select Start gt Administrative Tools gt Performance Monitor 2 Select Performance Monitor in the left pane and then select the Add SF button in the right pane The Add Counters window appears 3 Find the Compliance Guardian category then add the corresponding counters 4 Then you can view the Compliance Guardian job performance 5 You can also create a new data set and then view the Compliance Guardian job pe
133. 365 Account Profile Manager interface without saving any configurations e Select Delete on the ribbon to delete the selected Office 365 account profiles A prompt message appears to inform you whether or not you want to delete the selected account profiles select OK to delete them or select Cancel to go back to the Office 365 Account Profile Manager interface hast 111 Compliance Guardian Installation and Administration User Guide e Select Close on the ribbon to exit the Office 365 Account Profile Manager interface and go back to the Control Panel interface Profile Manager Use Profile Manager to manage the Compliance Guardian related profile Security Profile Security profile can protect your backup data using the security keys generated by the specified encryption method In the Security Profile pane there is a default security profile named Default Security Profile The default profile is not able to be edited or deleted and only the users in the System groups and Administrators group are able to view it Profile Setting To create a new security profile select Create on the ribbon and then configure the following settings e Name Enter a profile name and an optional Description When configuring encryption options while creating plans for different Compliance Guardian modules security profile names are listed for you to select from e Encryption Method Select encryption method and encryption length to be use
134. 49 Using the o registerfile command To compare a file with other files in a folder refer to the following steps 1 Enter the o comparefile command 2 Enter the file command and then enter the file path hast 8 269 Compliance Guardian Installation and Administration User Guide 3 Enter the folder command after the file path and then enter the folder path The files in the first level of the folder will be used to compare with the specified file the files in the sub folders of the specified folder will not be used to compare with the specified file 4 Enter the type command and then enter RAW TEXT or EXACT to specify the matching form For more information on the matching form refer to Fingerprinting 5 Enter the output command and then enter the full path of the generated CSV report 6 Press Enter The specified CSV report will be generated in the specified path F AvePoint Conpliance Guardian Agent bin CCE PingerPrintingTool exe o comparefile file G S imilarity Test Data CG OnlineJAction Policy Copy docx txt folder G Simila rity Test Data type text output G SimilarityNlIest Data reporti csv Start generating fingerprint and calculating similarity Start analyzing the similarity and generating report Please go to G Similarity Test Data reporti csvy to view the report Figure 50 Using the o comparefile command To compare files in a folder and generate a matrix file reportin
135. 5 Select Edit The Add Edit Port Rule window appears 6 Edit the following settings in the Add Edit Port Rule window e Deselect the checkbox before All in the Cluster IP address field e Select TCP in the Protocols field e Select None for Affinity in the Filtering mode field 7 Select OK in the Add Edit Port Rule window 8 Select OK in the Cluster Properties window Configuring File Share Locations File share locations must be configured for storing the files that will be scanned temporarily All of the Compliance Guardian Agents must configure the file share locations To configure file share locations on the Compliance Guardian Agent servers complete the following steps Find the ContentComplianceConfig xml file under the path Compliance Guardian Agent Bin Open the ContentComplianceConfig xml file with Notepad 1 2 3 Find the lt FileShares gt node 4 Specify the username and password to access the file share location 5 Specify the file share path For example lt FileShares gt lt FS gt lt User gt bj administrator lt User gt lt Password gt encrypted password lt Password gt PE f 383 Compliance Guardian Installation and Administration User Guide lt Path gt BJ shared lt Path gt lt FS gt lt FileShares gt You can configure several file share locations for the consideration of performance by adding more lt FS gt nodes Also you can add edit or delete the nodes through
136. 66 Monitoring Compliance Guardian Job Performance in Performance Monitor 268 Using the Fingerprinting Tool 269 Appendix A Accessing Hot Key MOde ccssccccccsssssssnsaeceeececsssnesseeeeecesseeaaeseeeeecessesaaaeseseeecesseeaaeaeeeesens 272 Compliance Scanner Pages s ivcscecces ecseeteeencsecssesedeiebe sewece ee eeh EES EEN 272 Compliance Scanner for LYN Page wsccccccsccesetecacccevescceseUecncgease see descscccwessevcedscectevenssbuce NENNEN NEEN tenes 279 Classification Scanner bage niae a e a a Ee E E EEEE EEEa EEEE 281 Scheduled Classification Scanner Page 282 Scheduled Classification Scanner for Social Network Page ccccccccccsssssssssseceeecessesscseseeeesesssesesaeees 285 Real Time Classification Scanner page 286 JOD Monitor ET 289 Scheduled Job Monitor H ge seneigefeetuet deed edeeeen Seege Aide tories sete eles eevee a ae ens 290 Control Panel Page sic ccceesseccectencicdecdaeeaR deceeees seeke ee addea a e a a a AR e Ea E ee 290 Appendix B Configuring Checks and Test Suttes 291 Configuring Check Type Attributes sssri cirenean ane e aaa E a eE E E EA REK 291 Element Typ Ch k rroia a e e e a a a Ee EEE e E E ee 292 EnhancedElement Type Check 299 MatchedElement Type Check zeegt deeEnEdeegta eege iee tne ee dees AN 305 10 e Ge e O Compliance Guardian Installation and Administration User Guide Find Text TY e 311 ComiplexFindText Type Check E 313 RegularExpression Type Check isisisi eiaa
137. A AvePoint User Guide Compliance Guardian 3 Installation and Administration User Guide Service Pack 3 Cumulative Update 2 Issued July 2015 Table of Contents What s New in this Guide 14 About Compliance Guardian 15 Complementary Products lt 3 essssicccccccdocssaseces SSES dE EREEEACEE 16 Submitting Documentation Feedback to AVEPOINE cccceceesssseceeecesessessesecesecsseeseauaeeeeecsseeseaeaeeeesenseesegs 17 Accessibility Information for Screen Reading Software 18 Preparations Before the Installati n sisseseade aina iE aaee E E dE EEG EE REESE 19 Ports Used by Compliance Guardian cccccscccccccessesssneseceeecessesesaeeeceeecesseeaaeaeeeescussesesaeeeeeeecessessaaeess 19 Compliance Guardian Manager System Reguirements 20 System Requirements for Control Service Installation 20 Compliance Guardian Agent System Reouirements 23 Where to Install Compliance Guardian Agent 24 System Requirements for Agent Service Installation 25 SQL Server Requirements for Compliance Guardian Database cccesssscceeecessessnneceeeeseessessaaeees 25 SharePoint Environment Requirements for Compliance Guardian Agents 25 Required Permissions for Scanning Lync Content cccccccccecsssssensececececesseseaeeeeeescesseseaaeseeeeseesseseaaeeas 26 Required Permissions for Scanning Oracle Database ccccccscssssscecececessessaeeeeeescessesesaeeeeeesesssessaaees 26 Required Permissions for Scanning SQL Da
138. AvePoint and may not be used without prior written consent Microsoft MS DOS Internet Explorer Office Office 365 SharePoint Windows PowerShell SQL Server Outlook Windows Server Active Directory and Dynamics CRM 2013 are either registered trademarks or trademarks of Microsoft Corporation in the United States and or other countries Adobe Acrobat and Acrobat Reader are trademarks of Adobe Systems Inc All other trademarks contained in this publication are the property of their respective owners and may not be used without such party s consent Changes The material in this publication is for information purposes only and is subject to change without notice While reasonable efforts have been made in the preparation of this publication to ensure its accuracy AvePoint makes no representation or warranty expressed or implied as to its completeness accuracy or suitability and assumes no liability resulting from errors or omissions in this publication or from the use of the information contained herein AvePoint reserves the right to make changes in the Graphical User Interface of the AvePoint software without reservation and without notification to its users AvePoint Inc Harborside Financial Center Plaza 10 3 Second Street 9th Floor Jersey City New Jersey 07311 USA 400 F e D e e Compliance Guardian Installation and Administration User Guide
139. Check the Enable report retention checkbox to activate this feature and then enter an integer in the right pane to define how to prune the reports in the specified database Select Save to finish and save the configuration or select Cancel to return to the Database Policy page without saving any configurations Test Suite Manager Test Suite Manager allows you to manage test suites and create checks and test suites To access the Test Suite Manager in the Control Panel interface select Test Suite Manager under the Common Settings heading Select Close on the ribbon to close the Test Suite Manager interface Background Information In order to provide a flexible and customizable compliance solution AvePoint developed the AvePoint Testing Language ATL to provide organizations with the ability to rapidly respond to new compliance threats and requirements ATL is an XML structured language that is used to validate and classify content related to compliance to standards or guidelines including but not limited to security privacy accessibility and content classification Because it is open and modifiable ATL allows for coverage to specifically match an organization s needs ATL uses test definition files checks to match your 124 e e e Compliance Guardian Installation and Administration User Guide environment and standards test your framework and repair issues validate that your content complies with organizational standards
140. Classification Scanner Enables the Real Time Classification Scanner module e Scheduled Classification Scanner Enables the Scheduled Classification Scanner module e Compliance Report Enables the Compliance Report module e Compliance Scanner Enables the Compliance Scanner module e Action Report Enables the Action Report in Classification Report module e Human Auditor Enables the Human Auditor in Compliance Report module e Encryption Enables the Encryption in Classification Report gt Incident Manager module e Quarantine Enables the Quarantine in Classification Report gt Incident Manager module e Redaction Enables the Redaction in Classification Report gt Incident Manager module e Yammer Enables the Yammer Report in Classification Report module Managing User Groups User groups allow you to apply the same permission levels to all users within the same user group This way you can change the permission levels of multiple users by editing your user group rather than individually configuring permission levels for each user You can also change the permission levels of a user by changing the group they belong to with pre configured permission levels To access your user group configurations go the Account Manager interface and then select Groups on the ribbon In the Groups configuration interface you will see a list of previously configured user groups The Administrators group comes pre c
141. Classification Scanner refer to Real Time Classification Scanner Note Microsoft NET Framework 4 5 or above version must be installed before installing this app The user who installs the app must have local system permissions The user will be granted Full Control permission to the following groups and folders automatically during the Compliance Guardian Manager App installation e IIS_IUSRS for IIS 7 0 e Full Control to HKEY_LOCAL_MACHINE SOFTWARE AvePoint ComplianceGuardian App e Full Control to Compliance Guardian App folder e Member of the Performance Monitor Users group e Full Control to Compliance Guardian Certificate private keys The application pool account needs to be added to the local Administrators group to meet the required permissions Refer to the following steps to install the app 1 Download the ComplianceGuardian_O365APP_Serial_Number zip file to a machine by contacting your AvePoint representative Unzip the package and then open the extracted directory Run the Setup exe file The Compliance Guardian App for Real Time Classification Installation Wizard interface appears Select Next Enter your Name and Organization into the provided fields Select Next Carefully review the Compliance Guardian License Agreement After you have read the agreement check the I accept the terms in the license agreement checkbox and select Next Select Browse and then select the location for the app instal
142. Compliance Guardian Installation and Administration User Guide Functionality Name and Hot Key Cancel Configure N Create C Connectio View V n Detail s Edit Delete Close Scan S Create dek Ae fan Policy View Detail s Edit Delete Export Close Filter F Create lt Z xX gjojm Policy View Detail s Edit Delete Close Database D Create dek Ale nn Manager View Detail S Edit m el Delete Close X Compliance Guardian Installation and Administration User Guide 275 Functionality Name and Hot Key Account A Group G Add Group AG Manager S Edit Group E Show Users S Delete Group D Permission P Level Authenticatio AM n Manager Close X Users U Add User AU Edit User E Delete User DU Activate AC Deactivate DA Permission P Level Authenticatio AM n Manager Close X Job J Monitor Close X Website W Create Plan Tab W Scan Policy S Create C View Details V Edit E Delete D Export W Close X Compliance Guardian Installation and Administration User Guide Functionality Name and Hot Key Filter
143. Compliance Guardian Manager installation package Sie e e e i Compliance Guardian Installation and Administration User Guide Parameter Type Description Manager ZIP file The format of the path is C package Quote the path if it contains any special character or space AnswerFilePath Required The local path where you saved the Answer file The path must be detailed to the name of the Answer file For example C AnswerFile xml RemoteTempPath Required A local path on the destination machine that the Compliance Guardian Manager is installed to The format of the path is C temp The path will be used to store the temporary files generated during the Compliance Guardian Manager unattended installation The temporary files will be deleted as soon as the unattended installation finishes Log Optional This is an optional parameter If used the logs of the unattended installation will be saved to the txt file in the specified path The path specified in this parameter must be detailed to the name of the log file For example C Log txt If the specified log file does not exist it will be generated automatically UselPv6forCommunication Optional This is an optional parameter used to specify the communication method between the machine where the command is run and the destination machine that the Compliance Guardian Manager is installed If an IPv6 address is entered in Tar
144. Create on the ribbon A drop down list appears Select the corresponding mode from the drop down list SharePoint File System Lync Website or Database Then you can enter the corresponding mode and configure a plan to scan objects in SharePoint a file system or a website Managing Compliance Guardian Scanner Plans The Compliance Scanner home page displays a list of all of your previously created Compliance Guardian Scanner plans Also it displays the scan policy that is selected in the plan You can also see the plan type in the Scope Type column You may perform any of the following actions on a selected plan 150 F D e e Compliance Guardian Installation and Administration User Guide e View Details Select View Details on the ribbon to see the details of the selected plan Here you can also select Edit on the ribbon to make changes to the plan s settings You will be brought to the Edit page where you can change the settings for this plan After editing the settings select Save on the ribbon to save the plan To save a changed plan as a new one select Save As on the ribbon At any time select Cancel on the ribbon to return to the Plan Manager without saving any of your changes e Edit Select Edit on the ribbon to make changes to the selected plan s settings You will be brought to the Edit page where you can change the settings for this plan Select Save on the ribbon to save the plan To save a changed plan as a
145. Egine Test HIV xml ContentComplianceCollectionDefinitionUtility utility new ContentComplianceCollectionDefinitionUtility string xml utility GetMCCDefinition mccContent list Figure 71 Coding sample 3 2 Set the original URL of the file that will be scanned string url http www avepoint com CG Document MCCExample docx Figure 72 Set the original URL e Af d 373 Compliance Guardian Installation and Administration User Guide 3 Set the physical storage path of the file that will be scanned string testingFile C ScanEqine Test MCCExample docx Figure 73 Set the physical storage path 4 Set the scanned file s related metadata information Dictionary lt string object gt metadata new Dictionary lt string object gt metadata Cookie no cookie information metadata Key key value Figure 74 Set the scanned file s related metadata information 5 Call the ScanEngine Scan method object result engine Scan xml url testingFile metadata Figure 75 Call the ScanEngine Scan method Result Explanation Refer to the following screenshot for a sample of the Microsoft Word document HIV HAV Figure 76 Screenshot of the sample Microsoft Word document 3 The screen shows the sample word document containing sensitive information HIV and HAV According to the Language defined in the MCC s TDF HAV xml the true result for HAV xml was set with the value Medium when the scan
146. Extension gt lt NeedConvert gt lt Excel gt lt PowerPoint gt lt OfficeFileMapping gt Figure 14 NeedConvert node The value in the Extension attribute is the extension of the file that you want to scan through the compatibility pack 142 F e D e e Compliance Guardian Installation and Administration User Guide Pre Configurations Make sure the settings in the following sections have been configured prior to creating a Compliance Scanner plan Configuring Scan Policies Ascan policy defines the compliance rules to be used when scanning the contents in the specified scope To configure the scan policies select Scan Policy on the ribbon of the Compliance Scanner gt Create gt SharePoint File System Website page to enter the Scan Policy interface Managing Scan Policies In the Scan Policy interface you will see a list of previously configured scan policies In the Scan Policy interface you can create a new scan policy view details about a scan policy edit a previously configured scan policy delete a previously configured scan policy or export the check information for the test suites included in the selected scan policy For more information about creating or editing a scan policy refer to Creating or Editing Scan Policies Select Edit on the ribbon to change the configurations for the selected scan policy For more information about editing configurations for the scan policy refer to Creating or Editing S
147. Extension gt xItx lt Extension gt lt Supported gt lt NeedConvert gt lt Extension gt xIs lt Extension gt lt Extension gt xIisb lt Extension gt lt Extension gt xit lt Extension gt lt Extension gt xla lt Extension gt lt NeedConvert gt lt Excel gt lt PowerPoint gt lt OfficeFileMapping gt Figure 1 NeedConvert node The value in the Extension attribute is the extension of the file that you want to scan through the compatibility pack Where to Install Compliance Guardian Agent In order to install Compliance Guardian Agents the following requirements must be met to make all of the functions and configurations of the product available e All ofthe installed Compliance Guardian Agents must be properly licensed in the modules you want to use e In order to use Compliance Scanner Compliance Guardian Agent must be installed on at least one of the front end Web servers e In order to use the Scheduled Classification Scanner Compliance Guardian Agent must be installed on at least one of the front end Web servers e In order to use the Real Time Classification Scanner Compliance Guardian Agents must be installed on all of the front end Web servers 24 F e D e e E Compliance Guardian Installation and Administration User Guide System Requirements for Agent Service Installation Rules Requirements Operating System Edition Windows Server 2003 Windows Server 2003 R2 Total Physic
148. Guardian_Agent AnswerFilePath C AnswerFile xmI RemoteTempPath C TempFolder Detailed information about the parameters is listed in the following table Parameter Type Description TargetName Required The name or IP address of the destination machine where you want to install the Compliance Guardian Agent Note If the hostname is used ensure that the specified computer name can be resolved through the local Hosts file by using Domain Name System DNS queries or through NetBIOS name resolution techniques ee p 55 Compliance Guardian Installation and Administration User Guide R Parameter Type Description Username Required The username of the user used to access the destination machine where you want to install the Compliance Guardian Agent The format of the username is domain username The permissions of the user specified here are as follows e Ifthe specified user is the local administrator of the destination machine it can be used directly Enter administrator for the Username parameter e Ifthe specified user is from the domain which the destination machine belongs to the domain user must be added to the Administrators group on the destination machine e The user specified here must have the Full Control permission to the path specified in RemoteTempPath parameter Password Required The password of the user specified above Quote the password if it contai
149. Next N Finish R Finish and Run O Now Cancel C Form Mode Save R Save and Run O Now Cancel C Compliance Guardian Installation and Administration User Guide 285 Real Time Classification Scanner page The following table provides a list of hot keys for the functionalities on the ribbon of the Real Time Classification Scanner page 286 Configure Create C Connection View Details W Edit E Delete D Close X Scan Policy Create C View Details V Edit E Delete D Export W Close X Action Create C Policy View Details V Edit E Delete D Close X Database Create C Manager View Details V Edit E Delete D Close X Job Monitor Close Compliance Guardian Installation and Administration User Guide Functionality Name and Hot Key Real Time Classification Scanner Create C SharePoint S SharePoint Tab S Stop Inheriting T Inheriting Scan Policy S Create C View Details V Edit E Delete D Export W Close X Filter Policy F Create N View Details V Edit E Delete D Close X Action Policy A Create C View V Edit E Delete D Close X Database Manager D Create C View Details V Edit E Delete D Close X Apply P Create Rule R Job Monitor J Close X C Social Network L Compliance Guardian Installation and Adminis
150. OS Finished 2012 11 11 19 03 42 UTC 08 C20121111185819137460 Test 1 Compliance Scanner 100 Finished 2012 11 11 18 58 19 UTC 08 CT20121109010131784320 CG_Report_2 Compliance Scanner 100 Finished 2012 11 09 01 01 31 UTC 08 t__ CC20121109005838431273 Test 3 Compliance Scanner 100 Finished 2012 11 09 00 58 38 UTC 08 1 d DI D 0 of 21 selected Show rows 15 Goto of 2 gt Figure 34 Job Monitor user interface Job Monitor vs Scheduled Job Monitor The Job Monitor module interface contains two tabs e Job Monitor Allows you to access all of the current and previous jobs e Scheduled Job Monitor Allows you to exclusively access jobs that are scheduled to run in the future Note Differentiate between scheduled jobs jobs scheduled to run in the future and recurring jobs Scheduled jobs will only show up on the Scheduled Job Monitor tab Recurring jobs will show up on both tabs Configuring the Viewing Pane In both the Job Monitor and Scheduled Job Monitor tabs there is a View toolbar and a Filter toolbar on the ribbon with further configurable options to help you more efficiently manage your current and previous jobs The View Toolbar This toolbar allows you to choose to have your jobs displayed in List View or Calendar View e List View Displays your jobs in a table You can add or remove a column to customize your view by selecting the manage columns button
151. Overview View the detailed information of your profile 9 Click Finish to save the profile or click Finish and Run Now to save and run the profile Configuring Scan Schedule Settings for the Self Checker Profile In the appeared Schedule Settings field after selecting Configure the schedule myself click the Add Schedule link to add a new schedule for the profile The Add Schedule interface appears Complete the following steps to configure the scan settings 1 Type Select a type of recurring schedule for the schedule you are about to add from the following four options e By hour e By day e By week e By month 2 Schedule Settings Select how frequently the recurring schedule is used e Every _ hours Enter a positive integer in the text box This option appeared when you select By hour in the Type field Select Advanced to configure more specific settings o Specify production time Select the start hour and the end hour in this field o Select time below Select when you will scan the rules Click Add to add more time point e Every _ day s Enter a positive integer in the text box This option only appears when you select By day in the Type field e Every _ week s Enter a positive integer in the text box This option only appears when you select By week in the Type field Select Advanced to configure more specific settings o Run every _ week s Enter a positive integer in the text box o On_ S
152. Perform the following actions in the Scan Policy interface e Create Select Create on the ribbon to create a new scan policy For information about creating a new action policy refer to Creating and Editing Scan Policies e View Details Select View Details on the ribbon and you will see the previously configured settings for the selected scan policy Here you can also select Edit on the ribbon to make changes to the scan policy s settings You will be brought to the Edit Scan Policy interface where you can change this scan policy e Edit Select Edit on the ribbon to change the configurations for the selected scan policy For information about editing configurations for a scan policy refer to Creating and Editing Scan Policies A hast 181 Compliance Guardian Installation and Administration User Guide e Delete Select Delete on the ribbon A confirmation window will pop up and ask if you are sure you want to proceed with the deletion Select OK to delete the selected scan policies or select Cancel to return to the Scan Policy interface without deleting the selected scan policies e Export Export the check information for the test suites included in the selected scan policy Creating and Editing Scan Policies To create a new scan policy select Create in the Manage group of the Scan Policy page To modify a previously configured scan policy select the scan policy and then select Edit on the ribbon In the
153. Point 2010 or RTSv4 exe config apply to ae p F 201 Compliance Guardian Installation and Administration User Guide SharePoint 2013 in AvePoint Compliance Guardian Agent bin If the value of the node is True the page with the file s redaction information will not appear after a file is uploaded and redacted if the value of the node is False the page with the file s redaction information will appear Note For SharePoint 2013 the solution does not support uploading files by dragging files to SharePoint For SharePoint 2010 and SharePoint 2013 the solution does not support uploading files in bulk The solution does not work on newly created sites or libraries You must deploy the SP2007InstallEventReceiver wsp or SP2010InstallEventReceiver wsp solution if you want the newly created sites inheriting their parent sites to apply the custom upload page function Compliance Guardian allows users to use SharePoint native pages when uploading files to a library Complete the following settings to edit the library settings 1 Navigate to the corresponding library and then select Library Settings 2 Youcan find the Compliance Guardian page settings for SharePoint 2010 or Compliance Guardian page settings for SharePoint 2013 settings 3 Select the setting and then select whether to use Compliance Guardian upload page or the edit properties page 4 Select OK to save the settings The SharePoint native pages will appear if t
154. Policy F Create N View Details V Edit E Delete D Close X Database Manager D Create C View Details V Edit E Delete D Close X Save R Save and Run Now O Cancel C Database Database Tab D Plan Builder Wizard Mode Form Mode Configure Create C Database View Details V Connection Edit E Delete D Close X Scan Policy Create C View Details V Edit E Delete D Export W Close X Create C Compliance Guardian Installation and Administration User Guide 277 Functionality Name and Hot Key Database View Details V Manager Edit E Delete D Close X Account A Group G Add Group AG Manager S Edit Group E Show Users S Delete Group D Permission Level P Authentication AM Manager Close X Users U Add User AU Edit User E Delete User DU Activate AC Deactivate DA Permission Level P Authentication AM Manager Close X Job Monitor J Close X View Details Edit Delete Run Now 278 Compliance Guardian Installation and Administration User Guide Functionality Name and Hot Key Configu A Create C Lync L Save O re Save and Run Now R Archivi Cancel C ng View Details Edit Delete Enable Disable Run Now Job Monitor Close Search S Lync Export mi x L Dies Bian Kiel E Export to EDRM E Export to Concordance Export to HTML H
155. Right click on Windows PowerShell and select Run as administrator to run it 54 S e ae e EH Compliance Guardian Installation and Administration User Guide 3 Enter the following command Import Module UnattendedInstall PowerShellModules Unattendedinstallation dll 4 Press Enter to import the UnattendediInstallation dll file To automatically import the UnattendedInstallation dll file complete the following steps 1 Navigate to the Unattendedinstall PowerShellModules folder inside the unzipped Manager installation package 2 Right click on the UnattendedInstallationLauncher bat file and select Run as administrator to run it Note The value of the Set ExecutionPolicy of the Powershell must be set as AllSigned Now that you have imported the UnattendedInstallation dll file you can use the commands in the following sections to check your environment perform the agent installation and configure settings Commands and Command Parameters for Compliance Guardian Agent Unattended Installation To perform the Compliance Guardian Agent unattended installation run the commands in the following sections Installation Command The Compliance Guardian Agent Unattended Installation command for installing Compliance Guardian Agent remotely is Install CGAgent For example Install CGAgent TargetName hostmachine Username AvePoint Compliance Guardian Password Ave PackageFilesFolder C Compliance
156. S you must first configure the relevant integration settings in the Authentication Manager To access Account Manager for Compliance Guardian open the Control Panel interface and then select Account Manager under the Account Manager heading Select Close on the ribbon to close the Account Manager interface Managing Permission Levels The Permission Level module allows you to create pre configured permissions that can be applied to user groups or users to quickly and easily apply the same permission configuration for multiple users To configure permission levels for Compliance Guardian open the Account Manager interface and then select Permission Level on the ribbon In the Permission Level interface previously configured Permission Levels will be displayed To manage your permission levels you can perform the following actions e Add To create a new permission level select Add on the ribbon After selecting to add the corresponding permission level you will be redirected to the configuration page to perform the following actions o Name and Description Enter a name for the new system permission level and an optional Description for future reference o Module Select the modules you want to grant permission to for all groups and users using this permission level Select Save to save the configuration Select Cancel to return to the Permission Level Interface without saving changes e Edit To edit a previously configure
157. SL Certification Built in Certificate User defined Certificate Figure 88 Communication Configuration The installed Compliance Guardian Manager Control Service Load Balancing environment is based on the load balancing of the Windows Network Load Balancing environment Compliance Guardian Manager Control Service Load Balancing fulfills Load Balancing and Control Service High Availability Compliance Guardian Manager Control Service Load Balancing supports to access and operate Compliance Guardian Manager by using the public IP address IP01 Windows Network Load Balancing will automatically handle the received requests and send them to the optimal node The Compliance Guardian Manager Control service of the node that is chosen by Windows Network Load Balancing will then handle the request When turning off the network of one node that has installed Compliance Guardian Manager Control Service other Control Services will continue working as usual Note In a Compliance Guardian Manager Control Service Load Balancing environment all of the Control services will operate cooperatively and are regarded as one Control service for the end users so issues may occur when involving the local files and local machine s memory status Therefore it is recommended configuring a UNC path as the Job Report Path before running any job e PE 389 Compliance Guardian Installation and Administration User Guide Appendix I Compliance Guar
158. Select this checkbox to send an alert e mail to the last modifier of the specified file If this option is selected you must select an e mail template from the corresponding drop down list If you do not select an e mail template Compliance Guardian will use the default e mail template o User in the selected notification file Select this checkbox to send an alert e mail to the recipients configured in the selected alert notification profile If this option is selected you must select an alert notification profile from the appeared drop down list You can also select the New Notification Profile link to create a new notification profile For more information refer to User Notification Settings Note Even though there may be more than one error when scanning a file the alert e mail will only be sent when the first error occurs ee 225 Compliance Guardian Installation and Administration User Guide After configuring the recipients choose one e mail template from the E mail template drop down list You can also select the New E mail template link to create a new e mail template For more information refer to Configuring E mail Templates e Filter Policy Select a filter policy from the drop down list or create a new policy to limit the scope of the job For more information on working with filter policies refer to Filter Policy 8 Select Next on the ribbon or on the lower right section of the screen The Schedul
159. Server 2008 R2 Windows 7 make sure the Server Manager is not being used to add or remove Windows features during the rule scanning otherwise the scanning result will be affected Installing Compliance Guardian Manager To install Compliance Guardian Manager complete the following steps 1 Download the Manager ZIP file either by requesting a demo version or by contacting an AvePoint representative for links to this package 2 Unzip the package and then open the unpacked Compliance Guardian Manager directory Run the Setup exe file 3 After the welcome screen appears select Next 4 Enter your Name and Organization into the provided fields Select Next 5 Carefully review the Compliance Guardian License Agreement After you have read the agreement check the I accept the terms in the license agreement checkbox and select Next 6 Select Browse and then select the location for the Manager installation By default the installation location is C Program Files AvePoint Select Next hast 29 Compliance Guardian Installation and Administration User Guide as 7 Select the Compliance Guardian Manager Service you want to install by checking the corresponding checkbox There is only one service to install Control Service Manage all Compliance Guardian operations and achieve the Web based Compliance Guardian platform allowing users to interact with the software All agents can communicate with the manager through the
160. This kind of scan requires less storage than a full scan and it reduces the execution time of the scan job However it is important to note that for each incremental scan the latest full scan job in the full scan cycle must be available If the incremental scan is based on a former incremental scan job the former incremental scan must also be available If selecting Incremental Scan the Reference Time option is available for configuration Reference Time Choose whether to scan contents created or modified at a specified interval If you choose to use a reference time specify the time to scan contents created or modified Enter an integer into the textbox and select Minute s Hour s Day s or Month s from the drop down list Note It is recommended that you specify a reference time when the recurrence schedule configured in Range of Recurrence is End after 1 occurrence e Schedule Settings Set up the frequency for the scheduled Compliance Scanner job Select one time unit from Minute s Hour s Day s Week s and Month s and then enter an integer into the text box The scheduled Compliance Scanner job will be run according to the interval configured here e Range of Recurrence Select the start time and end time for the schedule o Start time Set up the time to start the Compliance Scanner plan and modify the time zone as required Note The start time cannot be earlier than the current time o No end d
161. User Guide e DefaultRiskValue_Stepped Enter a value as the stepped risk score of the file The attribute will take effect when the value of OverrideUser is No When the original file s metadata is not overridden the risk score is not calculated by the Stepped type risk formula that is selected in the RiskFormula element field of the test suite The risk core is the value you specified here e DefaultRiskValue_Weighted Enter a value as the weighted risk score of the file The attribute will take effect when the value of OverrideUser is No When the original file s metadata is not overridden the risk score is not calculated by the Weighted type risk formula that is selected in the RiskFormula element field of the test suite The risk core is the value you specified here Select the delete button 4 to delete the rule Select Add Another Tag Value to add another tag value CheckldGroup Configure the following attributes for this element e CheckName Select a check Select the text field under the CheckName attribute a pop up window appears In the pop up window select the radio button before the desired check and then select OK e True Select a value If the test of this check evaluates to True then the tag value will be this one e False Select a value If the test of this check evaluates to False then the tag value will be this one e N A Select a value If the test of this check evaluates to N A then the t
162. a group name If the group does not exist it will be created Group Permissions Specify permissions for the group Users in the group will have the specified permissions to view and manage the data that are quarantined in Compliance Guardian Quarantine Manager in SharePoint Select the groups that have the permission to manage the quarantined data in Compliance Guardian Specify who can view and manage the quarantined data in Compliance Guardian gt Classification Report gt Incident Manager gt Quarantine Select New Group to create a new group in Control Panel For more information refer to Account Manager o Quarantine Method Select a Quarantine Method In place quarantine The non compliant files will be quarantined but they are still in SharePoint Out of place quarantine The non compliant files will be quarantined to the specified location Quarantine Location If the Out of place quarantine option is selected you must select a location for storing the quarantined files Select New Export Location to create a new export location For more information refer to Configuring Export Locations ME 189 Compliance Guardian Installation and Administration User Guide Permanently Delete The scanned Newsfeed the replies of the Newsfeed and notes in Note Board that are not compliant will be permanently deleted Quarantine Files Items The scanned files or items that are not complia
163. a schedule for Compliance Guardian to run pruning jobs or select to manually run pruning jobs e No Schedule Select this option if you want to manually run pruning jobs e Configure the schedule myself Select this option to have Compliance Guardian run pruning jobs at a designated time If this is selected the Schedule Settings configuration will appear Here you will see a list of all of your previously configured schedules To add a new schedule select Add Schedule To edit a previously configured schedule select the text in the Summary column To delete a schedule select Ce L To preview the added schedules in a calendar select Calendar View For more information about adding or editing a schedule refer to Configuring a Schedule 2 Notification Select an e mail notification profile you have previously configured or select New Notification to set up a new e mail notification profile For more information about how to configure the notification profile refer to User Notification Settings Configuring a Schedule To add or edit a schedule complete the following steps 1 Type Select the time unit of the time interval for this schedule e By hour Configure the schedule by hour e By day Configure the schedule by day e By week Configure the schedule by week e By month Configure the schedule by month hast 8 103 Compliance Guardian Installation and Administration User Guide 2 Schedule
164. abase policy is configured for a Compliance Scan job you can select a database and set up a retention policy for saving data in this database In the Database Manager interface you will see the Report Database and Report Database Policy tabs Database Database Manager allows you to store the scanned results of Compliance and Classification Scanners and the archived Lync data To access the Database settings for Compliance Guardian in the Control Panel interface select Database Manager under the Common Settings heading Select Close on the ribbon to close the Database interface Managing Database In Database Manager you can create a database view details about a database edit a previously configured database or delete a location For more information about creating or editing a database refer to Configuring Database To view details about a report database select it from the list of databases select View Details on the ribbon then select Database in the drop down menu You will see the settings for this database Select Edit on the ribbon to change the configurations for this database For more information about editing configurations for a report database refer to Configuring Database To delete a database from Compliance Guardian select it from the list of databases and select Delete on the ribbon and then select Database from the drop down list A confirmation window will appear and ask if you are sure you want to proceed wi
165. ad Sotedeenebesee de a E iE aan aE 316 ComplexRegEx Type CHECK sssreeisersrerenisstrseie iea eana e ei nnana aE EAEE EE er aR aaa EEEn 319 Dictionary TY Pe Che CK ic seeen ee aaee aae aaaea aee eaaa E aaia aariaa sadeede 324 Cookie Type Chetki mcsir iaee ee a ee EES 328 SS EATS CHECK EE 330 WebBeacons TYPE CHECK E 331 alte Gu ge ee EE 334 Link Validation Typ EE 335 FileProperty Type Check 338 Redaction Type Cech EE 341 E UebOttaabt ugeet Sekt cats Su cele doce ch be REESEN ENEE 345 BIV d ll Te EE 345 CON OX EE 346 Configuring Test Suite File Attributes EEN An 350 Test Suite for Compliance Reporting File Body Confieuratton 350 Test Suite for Classification and Tagging File Body Confieuration 355 Test Suite for REAaCtON siseieccssie cose eaectts cus EEN aisdeceevbece ss aveleesevausevesadeieesevauerseaneedey EES AE EE 359 Using CustomScan in Compliance Guardian 360 E OG EE 360 ES Eet beleen ee ee nee E 362 Using CustOMCNneck cesera diaaa aa dea Ea Ea Ea e eae aa aaa aea aai 362 E Lee e E e suse A e E a ateseates 362 ln Ee EEN 363 E Erleis Ee ee dee ees 363 Related Configuration UE 364 Appendix C Supported File Types in Compliance Guardian 365 Appendix D Compliance Guardian Configuration File ccccsssccccecessesenseseceeecessesssaeaeeeeeesssessneaeeeeeens 366 Appendix E Using the Scan Engine AP 367 Initialize the ScanEngine Class ccsscccccececsesessececeeeceseesesececececeeseeeaeseeeescesseauaeeeeeess
166. ag value will be this one e RiskLevel r1 The Item Initial Risk value assigned on the initial occurrence of the compliance failure related to the check being tested for in the document or stream Allowed values for RiskLevel r1 are 1 10 e RiskLevel r2 The Item Additional Risk Level factor that the risk level grows at for every additional failure at the check level for the same type found in the document or stream This number is optional where the integer 1 means ignore the value allowing to use the third value If the value is 1 then the factor will be 1 Allowed values are 1 to 10 This is optional e RiskLevel r3 The Item risk in relation to other checks This Item is optional If this number is missing then it is assumed that its value is 1 Allowed values are 1 10 This is optional According to the formulas selected in the RiskFormula section the check will have three risk levels after the scan job Select the delete button 4 to delete a rule Select Add Another Check to another rule e ME 357 Compliance Guardian Installation and Administration User Guide Operator Select the checkbox before Operator and configure the attributes for this element You can determine the condition of the check group s result e Type Depending on the sub checks you added in the SubCheck field you can change the logical relationships between the sub check results There are currently two logic
167. ager s Installation To manage the passphrase open the System Options tab and then select Security Information on the ribbon to perform the following actions e Back Up Select this button to back up the passphrase to the following path AvePoint Compliance Guardian Manager KeysBak It is strongly recommended that you back up the security keys and save the backup in a safe place e Manage Passphrase Select this button to view and modify the passphrase The Modify option will be displayed By default the password cannot be modified You can select this button to enable the modification of the default password Enter a new passphrase in the corresponding text box and select OK to save it Note Only the users of Administrators group have the permission to modify the passphrase For more information about adding users into Administrators group refer to Managing Users oe 73 Compliance Guardian Installation and Administration User Guide SSS Authentication Manager Authentication Manager allows you to view and manage integrated authentication methods usable by Compliance Guardian This means that Compliance Guardian can leverage your pre existing authentication methods and customize it for access to Compliance Guardian These authentication methods include Windows Authentication Allows the users to log onto Compliance Guardian using their Windows Authentication credentials AD Integration Allows
168. al relationships AND and OR By default the logic is set to And e Result Field Specify the result of the check group according to the check result The check result will be True False or NA the result of the check group will be the selected value under the corresponding check result attribute e SubCheck Field Configure the following attributes for this element o CheckName Select a check Refer to the following steps for selecting the check Select the text field under the CheckName attribute A pop up window appears Inthe pop up window select the radio button before the desired check and select OK o Truelf Select which check results will be considered True in this check group For example if you just select a check and then select Pass and HR for the Truelf attribute When the result of the check is Pass or HR the check result in this check group is considered True When all of the checks results in this check group are True the result of this check group is considered True If you have selected AND in the Type field When you add multiple checks in the SubCheck field one of the checks results in this test suite is False and the check with a False check result is not the last check you added in the SubCheck field the result of the checks added in the SubCheck field is NA If the check with a False check result is the last check you added in the SubCheck field the result of the checks add
169. al Memory Required 512MB or above Recommended 2GB Available Disk Space Required 1GB or above NET Framework Version NET Framework 3 5 SP1 or above Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 excluding NET Framework 4 0 The Windows features including HTTP Activation and Non HTTP Activation are installed Net Framework Features only in Windows Server 2008 Windows Server 2008 R2 and Windows Server 2012 environments Net Tcp Port Sharing Service SharePoint Version Net Tcp Port Sharing Service has started SharePoint Server 2007 SharePoint Server 2010 or SharePoint 2013 is installed SQL Server Requirements for Compliance Guardian Databases SQL Server Edition Microsoft SQL Server 2005 Databases Control Database Report Database Microsoft SQL Server 2008 R2 Microsoft SQL Server 2012 RTM SharePoint Environment Requirements for Compliance Guardian Agents Compliance Guardian Agents can be installed and used in the following SharePoint environments Microsoft Office SharePoint Server 2007 with SP2 Windows SharePoint Services 3 0 with SP2 Microsoft SharePoint Server 2010 with SP1 Microsoft SharePoint Foundation 2010 with SP1 Microsoft SharePoint Server 2010 RTM Microsoft SharePoint Foundation 2010 RTM Microsoft SharePoint Server 2013 with SP1 Microsoft SharePoint Foundation 2013 with SP1 Microsoft SharePoin
170. allation and Administration User Guide The behavior of Text matching is different from the other two forms in this form of matching Compliance Guardian detects only the file contents that are indexed as the template in the Fingerprinting check For example consider a situation where you define a one page document in the Fingerprinting check as the template and that one page document is included as part of another 100 page document The 100 page document is considered a 100 match because its content matches the one page document This form can be used to find a PDF file that is converted from the template file Select the files that will be used as the templates for searching Select Add Another File and then select Browse to select a file Select Add Another File to add another file Select the delete x button to delete a selected template file Fingerprinting Check Test Logic Example If you want to find the filled forms from multiple files you can use this type of check Select Raw matching and enter 75 in the Minimum percentage of context matches field in the check Then select a new form as the template file Configure the related test suite for classification and tagging attributes and action policy to have the passed files check result is True moved to another location For details about configuring the test suite for classification and tagging refer to Test Suite for Classification and Tagging File Body Configuration The sca
171. alue Display the tag values that are added for the file in the last scan If you have not added any tag values in the last scan there will be no value in this column e Current Value Display the file s current tag value based on the checks The current values can be modified according to your own requirements You can select to check the checkbox to the right of the tag value to determine which tag include the tag name and tag value can be added to this file Selecting the checkbox after the Current Value column will select all of the tags 3 Select OK or Cancel and the Compliance Guardian Tag Assist Manager window will be closed e Ifyou select OK the current tags will be added in the locations that are defined in the corresponding checks There are three locations where the tags will be o In SharePoint The single line of text column named Tag Name will be added for the file in SharePoint the tag values will be added in this column If a single line of text column named Tag Name already exists in SharePoint then the tag values will be added in this column If a column named Tag Name already exists in SharePoint but it is not a single line of text column then a single line of text column named Tag Name will also be created in SharePoint for displaying the tag values o Inthe file The tags will be added in the file o In both the Tag Name column and the file The tags will be added in both the file and SharePoint
172. an automatically after the specified occurrences that you configure in the text box o End by Set up the time to end the recurrence of scheduled Compliance Scanner plans Performing a Compliance Scanner Plan in Form Mode Form Mode is recommended for users who are familiar with building Compliance Scanner plans To build a Compliance Scanner plan in Form Mode select the scan scope and then select Plan Builder gt Form Mode Refer to Performing a Compliance Scanner Plan in Wizard Mode for detailed information regarding each option Note If this is your first time building a plan or if you think you would benefit from descriptions of each plan component it is recommended that you use the Wizard Mode Compliance Guardian Scanner for Website The Website Mode allows you to perform a scan job using the defined scan policy to generate the compliance scan results of all of the scanned websites The users in the specified Report Group can then view the compliance scan results in the Compliance Report module Launching Compliance Guardian Scanner in Website Mode On the Compliance Guardian Scanner Home interface select Create on the ribbon and a drop down list appears Select Website from the drop down list and you will be brought to the Compliance Guardian Scanner Website Create Plan interface Using Plan Builder to Perform a Compliance Guardian Scanner Plan for Website In the Create Plan interface configure the following setting
173. an Installation and Administration User Guide e Connect to Yammer Select the Connect to Yammer link The Yammer Log In interface appears Enter the admin account username and password to log into Yammer to get permissions to scan all Yammer messages and execute specific actions If a user connects to multiple networks on Yammer for example the user is an admin in one network but is also an external user of another network In this case all of the associated networks will be loaded You must choose which network you want to register in Compliance Guardian Manager After the connection is saved the selected network cannot be changed If you want to connect to another one you must create a new connection e Report Database Select a Report Database for storing the Real Time Classification Scanner result e Report Group Select a Compliance Guardian group from the drop down list Once a group is designated a Report Group all of the users in the group will be able to view and download the reports in Classification Report gt Social Report Multiple groups can be used here choose Select All to select all of the listed groups e Storage Location Select an export location and a storage database The posted content will be backed up and stored in the export location before taking the classification actions The storage database is used to store the data records and then combined with the content backed up in the export location to di
174. an directly modify the tag values for the scanned file without modifying the checks Ensure that SP2007AssistManager wsp or SP2010AssistManager wsp or SP2013AssistManager wsp is deployed before using this feature For more information on deploying the solution refer to Solution Manager Note This feature is supported in SharePoint 2007 SharePoint 2010 and SharePoint 2013 Refer to the following steps to use Compliance Guardian Tag Assist Manager in SharePoint 2007 1 Navigate to the corresponding SharePoint site where the content you want to scan is gt Site Settings gt Site features and activate the Compliance Guardian Tag Assist Manager feature Note At a minimum to use the Compliance Guardian Tag Assist Manager feature in a site the user must have the following required six site permissions assigned e Manage Lists e Edit Items e View Items e View Application Pages e View Pages e Open 2 Navigate to the corresponding document library Select the down arrow button gt before the file you want to scan and select Compliance Guardian Tag Assist Manager from the appeared 236 e S o e e Compliance Guardian Installation and Administration User Guide drop down list The Compliance Guardian Tag Assist Manager interface appears There are three columns in the table of this interface e Tag Name Display the tag names defined in the corresponding checks The values in this column cannot be changed e Original V
175. an only access the Compliance Report module 82 P D e Ree Compliance Guardian Installation and Administration User Guide e Compliance_Scan The permission scope is Global permission The users in this group can only access the Compliance Scanner module e Action Report The permission scope is Global permission The users in this group have the permission to use Classification Report gt Action Report e Human Auditor The permission scope is Global permission The users in this group have the permission to use Compliance Report gt Human Auditor e Encryption The permission scope is Global permission The users in this group have the permission to use Classification Report gt Incident Manager gt Encryption e Redaction The permission scope is Global permission The users in this group have the permission to use Classification Report gt Incident Manager gt Redaction e Quarantine The permission scope is Global permission The users in this group have the permission to use Classification Report gt Incident Manager gt Quarantine e Yammer The permission scope is Global permission The users in this group have the permission to use Classification Report gt Yammer Report Managing Users Note If a domain is integrated with Compliance Guardian and a user from its parent domain subdomain or trust domain is added in Compliance Guardian Account Manager the corresponding parent domain subdomain
176. an to run pruning jobs or select to manually run pruning jobs o No Schedule Select this option if you want to manually run pruning jobs o Configure the schedule myself Select this option to have Compliance Guardian run pruning jobs at a designated time If this is selected the Schedule Settings configuration will appear Here you will see a list of all of your previously configured schedules To add a new schedule select Add Schedule To edit a previously configured schedule select the text in the Summary column To delete a schedule select the delete A button To preview the added schedules in a calendar select Calendar View For more information about adding or editing a schedule refer to Configuring a Schedule 3 Select Prune Now at the lower right corner or on the ribbon to prune the data according to the settings immediately after the pruning job finishes the kept items will be displayed in the Compliance Guardian Auditor interface Select Save to save the configured pruning settings but the data will not be pruned The next time you navigate into this Configure Pruning Settings interface the configured settings will be loaded Select Cancel to return to the Compliance Guardian Auditor interface without saving any changes Exporting Auditor Data Report The auditor data displayed in Compliance Guardian Auditor is supported exporting to a datasheet for your conveniently review Select Export to Datasheet on th
177. an until being stopped manually o End after specified occurrence s Select this option to stop the plan automatically after the specified occurrences that you configure in the text box o End by Set up the time to end the recurrence of scheduled Compliance Scanner plans Performing a Compliance Scanner Plan in Form Mode Form Mode is recommended for users who are familiar with building Compliance Scanner plans To build a Compliance Scanner plan in Form Mode select the scan scope and then select Plan Builder gt Form Mode Refer to Performing a Compliance Scanner Plan in Wizard Mode for detailed information regarding each option Note If this is your first time building a plan or if you think you would benefit from descriptions of each plan component it is recommended that you use the Wizard Mode P f 177 Compliance Guardian Installation and Administration User Guide Compliance Reports For details about Compliance Guardian reports and procedures for how to use them refer to the Compliance Guardian User Guide Getting Started Refer to the sections below for important information on getting started with Compliance Report Launching Compliance Report To launch Compliance Report complete the following steps 1 Login to Compliance Guardian If you are already in the software select the home page button ah on the top left corner go to the home page From the home page all of the products are displayed
178. an will also automatically update its version when it is saved In the Test Suite Manager interface you can create upload download view details about edit or delete checks and test suites Review the following sections for information about each of these available actions Creating a New Check or Test Suite Review the following two procedures for information about creating either a new check or test suite Creating Checks To create a new check select Create on the ribbon of the Test Suite Manager interface When the drop down menu appears select Check from the drop down menu To create a new check complete the following steps 1 Inthe Check Template screen select the desired check template in the check template list by selecting the radio button before the check template 2 Select Next on the ribbon or on the lower right corner of the screen The Report Text screen appears hast 125 Compliance Guardian Installation and Administration User Guide 3 Configure the following settings in the Report Text screen Name and Description Enter a name for the check The description is optional URL Enter a hyperlink to provide additional information about this check including any official rules or articles of law that specify how the check will test files This field is optional True Result and Message Select the returning status and message for this check when the checking result is True The checking
179. anager Applying Real Time Classification Scanner Rules in SharePoint Mode After creating a Real Time Classification Scanner rule on the selected node select Apply on the ribbon or on the right lower section of the screen to apply the rule Note By default the newly created site will not inherit its parent s Real Time Classification Scanner rule You must first deploy the SP2007InstallEventReceiver wsp or SP2010InstallEventReceiver wsp solution on SharePoint For more information on deploying the solution refer to Solution Manager After the SP2007InstallEventReceiver wsp or SP2010InstallEventReceiver wsp solution is deployed the Compliance Guardian Newly Created Sites Real Time Scan feature will be enabled on the Web application automatically The newly created site s corresponding Compliance Guardian Real Time Scan feature will also be enabled then the newly created site will apply its parent s Real Time Classification rule if the parent has applied a rule Inheriting and Stop Inheriting Parents Rule in SharePoint Mode After applied a Real Time Classification Scanner rule on the selected node the sub nodes automatically inherit this rule On the SharePoint tree if a node inherits its parent node s rule only the inherit button CSS is displayed before this node if a node does not inherit its parent node s rule but has its own rule the stop inherit button 3 icon is also displayed before this node Stop Inheriting Par
180. ance Guardian the ZIP file of the checks or test suites will be temporarily unzipped to a default directory The default directory is Compliance Guardian Manager Work The full path of the checks or test suites that will be uploaded is Compliance Guardian Manager Work Test Suite Name Check Name or Compliance Guardian Manager Work Test Suite Name Due to the limitation of Microsoft Windows the length of the check or test suite s full path cannot exceed 260 characters or the check or test suite will not be uploaded to Compliance Guardian Compliance Guardian has a configuration file named ComplianceSetting config that allows you to customize the directory where the checks or test suites will be temporarily unzipped through the customized directory to reduce the length of the check or test suite s full path To change the default directory where the checks or test suites will be temporarily unzipped complete the following steps 1 Goto the machines with Compliance Guardian Manager installed and open the Compliance Guardian Manager Control Config directory to find the ComplianceSetting config file 2 Open the ComplianceSetting config file and find the ConfigureFilePath node 3 Change the value of the IsConfigured attribute to True Then specify a path for the path attribute Restart the Compliance Guardian Timer Service The checks or test suites will be temporarily unzipped under the specified path Note The path that y
181. ance Guardian Installation and Administration User Guide Job Monitor S Ei Job Monitor Scheduled Job Monitor Time Zone Fal 9 Fo kipea S Si IO HO Default m List View Calendar PA Range Module Report Location View View Manage Filter Settings Job ID Plan Name Status Start Time CC20121113184456838015 Test 5 Compliance Scanner 100 Finished 2012 11 13 18 44 56 UTC 08 1 C C20121113173340714586 111 Compliance Scanner 100 Finished 2012 11 13 17 33 39 UTC 08 1 0CT20121113005344714630 CG_Report_2 Compliance Scanner 100 Finished 2012 11 13 00 53 44 UTC 08 1 CC20121113004708854866 Test 4 Compliance Scanner 100 Finished 2012 11 13 00 47 08 UTC 08 t C CT20121112185516722073 CG_Report_2 Compliance Scanner 100 Finished 2012 11 12 18 55 16 UTC 08 1 0C20121112185338511147 HTML OPSEC Compliance Scanner 100 Finished 2012 11 12 18 53 37 UTC 08 C20121112165001092121 Test 1 Compliance Scanner 100 Finished 2012 11 12 16 50 00 UTC 08 1 CC20121112110658232367 sss Compliance nner 100 Finished 2012 11 12 11 06 58 UTC 08 CCT20121112010038637043 CG_Report_2 Compliance Scanner 100 Finished 2012 11 12 01 00 38 UTC 08 t C20121112005957072413 PDF Compliance Scanner 100 Finished 2012 11 12 00 59 56 UTC 08 1 CRT20121112134158526740 Instance Plan Real Time Classification Scanner 100 Finished 2012 11 12 13 41 58 UTC 08 C20121111190343296341 Test 1 Compliance Scanner LL D
182. and identify all content that requires user review and distribute a list of items to the appropriate parties A check is an XML file that defines the logic that Compliance Guardian uses to check files Checks identify the purpose for the check the type of check to run such as a pattern of characters the condition for the check such as social security number pattern and the possible result of the check true or false Users can change the values in the checks to determine the check conditions but the elements specific format defined by Compliance Guardian in the checks must stay the same A test suite is a logical grouping of test definition files or a set of checks that define how to present the scanned data Test suites allow you to build scan plans for your specific regulations and requirements These collections are the basis of Compliance Guardian scans A test suite contains one or more checks and a configuration file that is used to define how to combine these checks and set risk levels for scan results Managing Test Suites In the Test Suite Manager interface you will see a list of the configured test suites including the built in test suites Note You can view the version of a test suite When a test suite is uploaded to Compliance Guardian or created through Compliance Guardian Compliance Guardian will automatically assign a version for this test suite If a test suite is updated via Test Suite Manager Compliance Guardi
183. and will not be scanned After configuring the recipients choose one e mail template from the E mail template drop down list you can also select the New E mail template link to create a new e mail template For more information refer to Configuring E mail Templates Select Next The Schedule page appears 4 Configure the schedule settings e No schedule Select this option to run the plan immediately and save the plan in Plan Manager e Configure the schedule myself Select this option to configure a customized schedule and run the Compliance Scanner job by schedule Select Add Schedule to set up a schedule The Add Schedule window appears In the Options section select a scan type from the drop down list For more information refer to Scan Schedule Select Next The Advanced page appears 5 Configure the advanced settings e Agent Group Select the agent group that will perform the Compliance Scanner job e Notification Configure the e mail notification settings hast 155 Compliance Guardian Installation and Administration User Guide o Scan Result Select this checkbox to configure to send an e mail to the specified users The e mail contains the scan result including the failed files and or passed files Scope Level Select a scope level The scan result will be reported based on each level in the e mail Report Level Select to have the failed files and passed files included in
184. ane enter the keyword for the notification you want to display You can select to Search all pages or Search current page e Manage columns Manage which columns are displayed in the list so that only the information you want to see is shown Select manage columns button then check the checkbox next to the column name to have that column shown in the list e Hide the column Hover over a column name and then select the hide the column button in the column name to hide the column e Filter the column T Filter which item in the list is displayed Unlike Search you can filter whichever item you want rather than search based on a keyword Hover over a column name and then select the filter the column button U of the column you want Compliance Guardian Installation and Administration User Guide ne to filter then check the checkbox next to the item name to have that item shown in the list To remove all of the filters select Clear Filter Configuring Receive E Mail Notification The receive e mail notification profile allows you to specify e mail address to receive reports from Compliance Guardian plans and services To create a receive e mail notification profile select Create on the ribbon and complete the following settings e Type Select a type for the profile you are about to create o Alert An alert is sent to let you know that the file cannot be scanned or operation has been made according
185. ardian e Dictionary Configure the following attributes o Separator Specify a separator if multiple values are specified o Value Define one or more values for the test use the separator specified before to separate the values Select the delete button 4 to delete this Dictionary check rule Select Add Another Dictionary to add another rule 342 S e ae e Compliance Guardian Installation and Administration User Guide e Filter This is optional Select the checkbox before Filter the Text section and the Regex section appear o Text Select the checkbox before Text and configure the following attributes CaseSensitive Specify if the element being tested for must match the case exactly Separator Specify a separator if multiple values are specified Value Define one or more values for the test and use the separator specified before to separate the values If the scanned result that matches the specified regular expression exactly matches the value specified here this result will be filtered out Select Add Another Text to add another Text filter check rule Select the delete button 4 to delete this filter check rule o Regex Select the checkbox before Regex and configure the following attributes CaseSensitive Specify if the element being tested for must match the case exactly Value Define a regular expression If the scanned result that matches the specified regular
186. arePoint 2007 SharePoint 2010 and SharePoint 2013 To use this feature in SharePoint 2007 complete the following steps 1 Navigate to the corresponding SharePoint site gt Site Settings gt Site features activate the Compliance Guardian Quarantine Manager feature Note At a minimum to use the Compliance Guardian Quarantine Manager feature in a site the user must have the following required seven site permissions assigned e Manage Lists e Edit Items e View Items e View Application Pages e View Pages e Open e Browse User Information Return to the Site Settings and then select Compliance Guardian Quarantine Manager in the Compliance Guardian Tools and Services group You will be brought to the Compliance Guardian Quarantine Manager interface In the Compliance Guardian Quarantine Manager interface select Quarantine Manager tab you will see the following areas 239 Compliance Guardian Installation and Administration User Guide 240 Tool Field Use the tool field to manage the quarantined files You can download the files details restore the files or delete the files in bulk through the corresponding buttons in this field o View Content View the selected file s content For the SharePoint files or items that are affected by the In place quarantine method after you select View Content You can view the files on SharePoint site webpage You can directly edit the content of the fil
187. ate Select this option to repeat running the plan until being stopped manually o End after specified occurrence s Select this option to stop the plan automatically after the specified occurrences that you configure in the text box o End by Set up the time to end the recurrence of scheduled Compliance Scanner plans ME 157 Compliance Guardian Installation and Administration User Guide Performing a Compliance Scanner Plan in Form Mode Form Mode is recommended for users who are familiar with building Compliance Scanner plans To build a Compliance Scanner plan in Form Mode select the scan scope and then select Plan Builder gt Form Mode Refer to Performing a Compliance Scanner Plan in Wizard Mode for detailed information regarding each option Note If this is your first time building a plan or if you think you would benefit from descriptions of each plan component it is recommended that you use the Wizard Mode Editing Template File for Filtering User Profiles The following is the template file used for filtering the user profiles I Template xml Notepad lt n g k gt S s o s h H File Edit Format View Help ksocial gt a lt includelist gt domain username domain username lt includelist gt lt includelist gt domain username lt includelist gt lt exc ludelist gt domain username lt excludelist gt lt exc ludelist gt domain username domain username lt excludelist gt lt
188. ated By Properties Department in the Source text box o Select AND in the drop down list under the Operator attribute o Select Add a Compare Select MustEqual as the Compare Type and enter HR as the Value 4 Inthe Operator Conditions field enter 1 AND 2 5 Save the check Run a Compliance Scanner job the test suite used in this job contains the check configured above Review the Context check test logic 349 Compliance Guardian Installation and Administration User Guide e According to the Condition 1 if the files or items are created before 2014 10 20 and after 2014 1 20 The Condition is true e According to the Condition 2 if the files or items whose creators belong to the HR department the Condition will be true e According to the Operator Conditions field the logical relationship is AND so if both of the two Conditions are true the check result will be true If the matching instance in Condition 1 or Condition 2 is not found the result will be the value selected in the NA attribute Configuring Test Suite File Attributes Refer to the following sections for configuring the test suite file attributes Test Suite for Compliance Reporting File Body Configuration Configure the following attributes for the test suite for compliance reporting file RiskFormula Select a Raw Risk Formula Stepped Risk Formula and a Weighted Risk Formula in the corresponding drop down list You can create a new Risk Formu
189. ation bar appears You can navigate to your desired module by selecting the corresponding tab in the navigation bar fal Report Y Administration v Welcome admin A Ba SS Job Monitor Control Panel Compliance Scanner Classification Scanner Figure 10 Navigation bar 62 F S sn e e C Compliance Guardian Installation and Administration User Guide Navigating Compliance Guardian Compliance Guardian mimics the look and feel of many Windows products making for an intuitive and familiar working environment While there are many windows pop up displays and messages within Compliance Guardian they share similar features and are navigated in the same ways Below is a sample window in Compliance Guardian It features a familiar dynamic ribbon and a searchable content list view ei Report v Administration v Compliance Manager gt Compliance Scanner Compliance Scanner eem EO Create 3 anan tans 5 ES S Search all pages Search cument Age p La Plan Name Description Scan Policy Y Modified Time E Marta test Privacy Test Compliance Scanner for Lync 2014 11 06 15 33 16 0 of 1 selected Show Ss y Goto a EE Figure 11 Navigating Compliance Guardian 1 Ribbon Buttons Allows users to access the functionality of the active Compliance Guardian functions 2 Manage columns L Allows users to manage which columns are displayed in the list Select the manage columns Li button
190. ation of the selected notification profile For more information on configuring the e mail notification profiles refer to Configuring Receive E Mail Settings Select Next The Overview page appears 6 Review and edit the plan configurations To make changes select the Edit button next to the name of the setting you wish to edit Select Finish to save the configuration of the plan without running it or Finish and Run Now to save the configuration and then run the saved plan immediately Performing a Compliance Scanner Plan in Form Mode Form Mode is recommended for users who are familiar with building Compliance Scanner plans To build a Compliance Scanner plan in Form Mode select the scan scope and then select Plan Builder gt Form Mode Refer to Performing a Compliance Scanner Plan in Wizard Mode for detailed information regarding each option Note If this is your first time building a plan or if you think you would benefit from descriptions of each plan component it is recommended that you use the Wizard Mode e Greg f 173 Compliance Guardian Installation and Administration User Guide Compliance Guardian Scanner for Database The Database Mode allows you to configure a connection with a database and then perform a scan job using the defined scan policy to generate the compliance scan results of the scanned content in the database The users in the specified Report Group can then view the compliance scan results in the Comp
191. b s Select this option to keep only the desired number of most recent jobs for this module Set the number of jobs to keep by entering a 102 F 8 e i e Compliance Guardian Installation and Administration User Guide positive integer into the text box For example if you enter 5 in the text box only the 5 most recent jobs for this module will be kept All other job records for this module will be deleted o Keepthe last Day s Week s Month s of job s Select this option to keep only the jobs within the desired time frame for this module Set the time frame for the jobs you want to keep by entering a positive integer into the text box then select Day s Week s or Month s from the drop down menu For example if you enter 7 in the text box and select Day s only jobs performed within the last 7 days by this module will be kept All of the previous job records of this module will be deleted When you are finished select OK to save your configurations and return to the Job Pruning interface or select Cancel to return to the Job Pruning interface without saving any changes Configuring Settings Once you have configured Job Pruning Rules for Compliance Guardian modules you can set up a schedule for Compliance Guardian to run pruning jobs and notify the designated users with reports about the pruning jobs In the Settings tab of the Job Pruning interface configure the following settings 1 Schedule Selection Set up
192. b using the test suite the files will be scanned according to the rule set in this check If False is selected for this attribute the check will not be used to scan the files e RiskLevel r1 The Item Initial Risk value assigned on the initial occurrence of the compliance failure related to the check being tested for in the document or stream Allowed values for RiskLevel r1 are 1 10 e RiskLevel r2 The Item Additional Risk Level factor that the risk level grows at for every additional failure at the check level for the same type found in the document or stream This number is optional where the integer 1 means ignore the value allowing to use the third value If the value is 1 then the factor will be 1 Allowed values are 1 to 10 This is optional e RiskLevel r3 The Item risk in relation to other checks This Item is optional If this number is missing then it is assumed that its value is 1 Allowed values are 1 10 This is optional According to the formulas selected in the RiskFormula section the check will have three risk levels after the scan job e ContentType Select the content types that will be scanned If you do not select the content types all the file content types that are supported to be scanned in Compliance Guardian will be scanned Select the text field under the ContentType attribute a pop up window appears In the pop up window select the radio button before the desired check and
193. ber 046 454 286 in the tested file match the specified regular expression We have set Yes for the ListLocation attribute so the location of the instance is recorded in the Compliance Guardian database The status of the instance in the database is Warn o Inthe Value Configuration field the found instance is the Canadian Social Insurance Number 046 454 286 And we have set True for the Repeat 344 e Se e e Compliance Guardian Installation and Administration User Guide attribute So the Canadian Social Insurance Number 046 454 286 is redacted to ERE KARR KEE e Detailed logic introduction about the Value Configuration field o If we select Word as the Type and select False as the Repeat attribute The found instance 046 454 286 will be redacted to o If we select Section as the Type enter 9 as the value of the BeforeCount attribute and select True as the Repeat attribute The found instance 046 454 286 will be redacted 9 characters before the instance will also be redacted So the content in the tested file Canadian Social Insurance Number 046 454 286 will be redacted to Canadian Social Insurance FH EEA K EAE CustomScan The CustomScan type check is used to implement a customized check method on the check level and works as an extension of current check types It is used in combination with other checks to find information on a file and act on it Configuring Attributes for CustomScan Type Check Only the a
194. ble If the incremental scan is based on a former incremental scan job the former incremental scan must also be available If selecting Incremental Scan the Reference Time option is available for configuration Reference Time Choose whether to scan contents created or modified at a specified interval If you choose to use a reference time specify the time to scan contents created or modified Enter an integer into the textbox and select Minute s Hour s Day s or Month s from the drop down list Note It is recommended that you specify a reference time when the recurrence schedule configured in Range of Recurrence is End after 1 occurrence e Schedule Settings Set up the frequency for the scheduled Compliance Scanner job Select one time unit from Minute s Hour s Day s Week s and Month s and then enter an integer into the text box The scheduled Compliance Scanner job will be run according to the interval configured here e Range of Recurrence Select the start time and end time for the schedule O Start time Set up the time to start the Compliance Scanner plan and modify the time zone as required Note The start time cannot be earlier than the current time 161 Compliance Guardian Installation and Administration User Guide o No end date Select this option to repeat running the plan until being stopped manually o End after specified occurrence s Select this option to stop the pl
195. bling this option allows you to select a certificate from your local machine It will use the Certificate Authentication server of the current machine to check whether the certificate is revoked After the certificates are filtered only the certificates that are not revoked will be displayed ME 31 Compliance Guardian Installation and Administration User Guide as 12 In the Ready to install Compliance Guardian Manager page all of the information configured in the previous steps is listed Select Install to begin the installation Select Back to change any of the previous settings Select Cancel to abandon all of the configurations and exit the installation wizard 13 When the Manager installation is completed the Manager Passphrase you specified to protect Compliance Guardian Manager data will be displayed on the Install Completed page Save this passphrase to enter it during the Agent installation After the installation is complete select Finish to exit the installation wizard Compliance Guardian Agent Make sure the system requirements are met before starting the Compliance Guardian Agent installation For more information refer to System Requirements for Agent Service Installation Check that the Compliance Guardian Manager services have started before installing the Compliance Guardian Agents Installing Compliance Guardian Agent After the Manager s services have started complete the following steps to install
196. board to access the hot key mode and then press S on the keyboard to enter the Scheduled Job Monitor page The following table provides a list of hot keys for the functionalities on the ribbon of the Scheduled Job Monitor page For example continue pressing L to enter the List View interface Functionality Name and Hot Key List View L Calendar View C Time Zone TZ Enable E Disable D Date Range R Module M Control Panel Page The following table provides a list of hot keys for the functionalities on the ribbon of the Control Panel page Functionality Name and Hot Key Control Panel P 290 z BC Compliance Guardian Installation and Administration User Guide Appendix B Configuring Checks and Test Suites When editing checks and test suites in the Test Suite Manager in Compliance Guardian you will use detailed configuration screens to set the attributes and values If you are editing a single check per the Editing a Check section earlier in this document refer to Configuring Check Type Attributes in this Appendix to configure the details according to the specific test definition file type If you are editing a test suite per the Editing Test Suite section earlier in this document refer to Configuring Test Suite File Attributes in this Appendix to configure the details according to the specific type of test suite file Configuring Check Type Attributes Based on the di
197. bsite for the Control Service The default Website Port used to access Compliance Guardian Control Service is 14100 you do not need to change it unless a known port conflict exists o Website Port Control Service communication port The default port is 14100 e Application Pool Settings Configure the IIS application pool settings for the corresponding website You can select to use an existing application pool or create a new application pool The application pool is used to handle the requests sent to the corresponding website The following settings can be configured o Use an existing application pool not recommended Select an existing application pool from the drop down list If you choose to use an existing application pool the Application Pool Account settings are greyed out and cannot be changed EI S e ae e E Compliance Guardian Installation and Administration User Guide Create a new application pool Enter the application pool name and application pool account settings to create a new IIS application pool for the corresponding website By default the new application pool s name is ComplianceGuardian Select Next to continue to configure the database settings for Control Service 10 In this page MS SQL is selected in the Database Type drop down menu The following information must be configured for the MS SQL database e Database Server The MS SQL server name e Control Service Database Name
198. butes under this element Filter e CompareType Specify a compare type The attributes for CompareType are MustContain and MustEqual e Separator Specify a separator if multiple values are specified e CaseSensitive Specify if the element being tested for must match the case exactly e Value Define one or more Content types for the test use the separator specified before to separate the values This element is optional Select the checkbox before Filter and configure the following attributes under this element e CompareType Specify a compare type The attributes for CompareType are MustNotContain and MustNotEqual e Separator Specify a separator if multiple values are specified e CaseSensitive Specify if the element being tested for must match the case exactly e Value Define one or more values for the test use the separator specified before to separate the values Select the delete button 4 to delete this check rule Select Add Another Filter to add another rule FileProperty Check Test Logic Example Refer to the following example to better understand the test logic of the FileProperty type check In this example we are testing file 1 Create and configure the FileProperty check test logic 1 Create a FileProperty type check In the Report Text step in the False Result and Message field select User Review Required in the False Result drop down list Configure the FileProperty
199. can Policies Select Export on the ribbon to export the check information for the test suites in the selected scan policy To view a scan policy select it from the list of previously configured scan policies and then select View Details on the ribbon To delete a scan policy select it from the list of previously configured scan policies and then select Delete on the ribbon A confirmation window will pop up and ask if you are sure you want to proceed with the deletion Select OK to delete the selected scan policy or select Cancel to return without deleting it Creating or Editing Scan Policies To create a new scan policy select Create in the Manage group of the Scan Policy page To modify a previously configured scan policy select the scan policy and then select Edit on the ribbon In the Create Scan Policy or Edit Scan Policy interface configure the following settings e Name and Description Enter a name for this scan policy You can also enter an optional description to distinguish this scan policy from the others e Select the Test Suites Specify the test suites that you want to include in this scan policy There are some predefined test suites in this page you can refer to the description of each test suite for the introduction of its usage To add more desired test suites select Test Suite Manager in the Settings group on the ribbon For more information on configuring test suites refer to Test Suite Manager a
200. can all of the content in the scope defined in the plan while ee i 233 Compliance Guardian Installation and Administration User Guide an Incremental Scan only scans the content that has been modified since the last incremental or full scan job If you select Incremental Scan the Reference Time option is enabled Reference Time Scans content created or modified during a selected interval If you choose to use a reference time select the time to scan contents created or modified Enter an integer into the text box and select Minute s Hour s or Day s from the drop down list o Schedule Settings Select the frequency to which you want to run the scan Enter an integer into the text box and select Minute s Hour s Day s Week s or Month s from the drop down list o Range of Recurrence Specify the Start time for the scan job Select one of the following options for the end time and configure its settings No end date Select this option to continue running the job according to the schedule until you manually stop it End after specified occurrence s Select this option to stop the plan after a selected number of times End by Set up the time to end the recurrence of plans Select OK to save the settings After configuring the schedule for this replication job select Calendar View to view the job in a calendar view 9 Select Next on the ribbon or on the lower right section of the screen
201. can be recorded in an e mail and sent to users Navigate to the Create Action Policy or Edit Action Policy interface and select Alert Only gt Configure The Configure interface appears e Specify a default e mail template You must select a default e mail template before you can add recipients Select the New Notification Template link to create a new template e Creator e mail template Select this checkbox to send an alert e mail to the creator of the post content If this option is selected you must select an e mail template from the corresponding drop down list If you do not select an e mail template Compliance Guardian will use the default e mail template e Userin the selected notification profile Select this checkbox to send an alert e mail to the recipients configured in the selected alert notification profile If this option is selected you must select an alert notification profile from the appeared drop down list Select OK to save the changes or select Cancel to exit the Configure interface without any changes Delete The posts that meet the condition configured in the action policy will be deleted Configuring Connections for File System A connection is configured to be used in the Scheduled Classification Scanner File System Mode If you configure a connection with the file system then the files in the connected file system are supported to be scanned and have actions taken in Compliance Guardian Navigate to
202. can method will be called and the CCE EngineWorker exe will start to scan files Administrator Administrator acrotray exe 32 AdobeARM exe 32 CCE EngineWorker exe Administrator CCS exe Administrator 00 78 74 CISVC EXE 1640 SYSTEM 00 172 communicator exe 32 8944 Administrator 00 179 96C Figure 82 The CCE EngineWorker exe starts If the value of this attribute is set to true The CCE EngineWorker exe will not be started for scanning files e IsRemote The attribute will take affect when the value of IsSingleProcess is set to false It is used to configure whether the CCE EngineWorker exe process and the user process that is creating the engine object are running in a same machine where the corresponding agent is installed O If the value of this attribute is set to true the CCE EngineWorker exe process can run on another machine where another agent this agent and the agent that is used to create engine object must connect to a same server is installed The values of the Remotelp node and the RemotePort node must be specified The default values are the IP and port of the machine where the agent that creates the engine object is installed The CCE EngineWorker exe process will run on 377 Compliance Guardian Installation and Administration User Guide 378 the specified machine according to the values you specified for the Remotelp node and the RemotePort node o Ifthe value of this attribute is
203. ccurrence You can see the review details about the plan s execution in Job Monitor Compliance Guardian Scanner for SharePoint The SharePoint Mode allows you to define a SharePoint scope and then perform a scan job using the defined scan policy to generate the compliance scan results of all of the files within that SharePoint scope The users in the specified Report Group can then view the compliance scan results in the Compliance Report module Note The posts and replies in SharePoint 2013 Newsfeed and the notes in Note Board in SharePoint are also supported to be scanned hast 151 Compliance Guardian Installation and Administration User Guide Launching Compliance Guardian Scanner SharePoint Mode On the Compliance Guardian Scanner Home interface select Create on the ribbon a drop down list appears Select SharePoint from the drop down list and you will be brought to the Compliance Guardian Scanner SharePoint Mode Selecting the Scan Scope After launching the Compliance Scanner SharePoint mode the Scope panel on the left of the screen displays the root node of the farm To select the scan scope complete the following steps 1 Select the farm node to expand the tree The tree can be loaded down to the list level 2 Select the scope where you want to perform the scan job on the tree Scanning User Profiles Compliance Guardian supports scanning user properties and social notes in user profiles Compliance G
204. ces ADFS authentication credentials to access Compliance Guardian configure your ADFS integration in the ADFS Integration interface To access your ADFS integration configurations in the Authentication Manager interface select ADFS Integration on the ribbon then select ADFS Integration in the drop down menu You will be brought to the ADFS Integration Configure Wizard Complete the following steps in the wizard to set up ADFS integration 1 ADFS Information Specify the following general information of the ADFS you want to integrate e ADFS Integration Method Select Manually to configure the settings yourself or select Automatically to get the required information by using a federation metadata trust XML file o Manual configuration Enter the URL of the security token service STS in the ADFS Issuer text box in the following format https full qualified domain name adfs Is o Automatic configuration Enter the URL of the federation metadata trust XML file in the Federation Metadata Trust text box in the following format https full qualified domain name FederationMetadata 2007 06 FederationMetadata xml e Relying Party Identifier Enter Compliance Guardian s Relying Party Identifier which must first be configured in ADFS in the Relying Party Identifier text box When you are finished configuring the ADFS Information select Next to configure the Security Token Settings 2 Security Token Settings Config
205. ch is used for scanning the content post to Yammer You must configure a Real Time Classification Scanner rule and Compliance Guardian will scan the content according to the scan policy in the rule The scanned report can be viewed in Compliance Guardian gt Classification Report gt Social Report Ensure that YammerConnector wsp is deployed before using this feature For more information on deploying the solution refer to Solution Manager Note This feature is supported in both SharePoint 2010 and SharePoint 2013 Enable the AvePoint Yammer Connector Feature Navigate to the corresponding SharePoint site where you want to add the AvePoint Yammer Connector Web part gt Site Settings gt Site features and activate the AvePoint Yammer Connector feature Adding the AvePoint Yammer Connector Web Part To add the AvePoint Yammer Connector Web Part complete the following steps 1 Navigate a SharePoint page select the Page tab 2 Select Edit on the ribbon And then select Edit from the drop down list The Insert tab appears 3 Select the Insert tab And then select Web Part on the ribbon 4 Select Custom in the Categories field of the left pane The AvePoint Yammer Connector Web part appears 5 Select Add in the right pane The AvePoint Yammer Connector Web part is added Posting Messages to Yammer through the AvePoint Yammer Connector Web Part After adding the AvePoint Yammer Connector Web part to a SharePoint page complete t
206. change the logical relationships between the rules There are currently two logical relationships And and Or By default the logic is set to And To change the logical relationship select the logical relationship link The And logical relationship means that the content which meets all of the rules will be filtered and included in the result The Or logic means that the content which meets any one of the rules will be filtered and included in the result Select OK in the interface to save the changes or select Cancel to return to the Create Action Policy interface or Edit Action Policy interface without saving any changes After you finished configuring the Conditions settings select the right arrow P after Conditions in the Create or Edit Action Policy interface to review the configured settings e Actions Select an action to handle the non compliant files which are found by performing the classification jobs Then select Add an action Repeat the above step to add multiple actions The actions then will be added If the Configure button appears after the added action you must select it to configure the settings for the action Select the delete E button after an action to deselect to add this action You can change the order of the action configuration by selecting the textbox before the added action to determine the priority of the action For details of each action refer to Classification Actions Select the right arrow b af
207. choose Select All to select all of the listed groups Note Users who are not part of the search group cannot search archived content Select Advanced to configure the advanced settings e Notification Select a notification profile from the Select a profile with address only drop down list or choose to create a new e mail notification profile by selecting the New Notification Profile link Select View to view the detailed configuration of the selected notification profile e Agent Group Select the agent group that will perform the job e Security Profile Select a security profile for encrypting the archived content Select New Security Profile to create a new security profile For more information refer to Security Profile e Data Compression Select the checkbox to enable data compression then choose a compression level using the slider A low compression level results in a faster compression rate but a larger data set while a high compression level results in a slower compression rate but a smaller better quality data set e Schedule Configure a schedule o No schedule Select this option to configure the job and run manually o Configure the schedule myself Select this option to configure a customized schedule Select Add Schedule to set up a schedule The Add Schedule window appears In the Options section select a scan type from the drop down list For more information refer to Scan Schedule 4 Sele
208. configuration file will replace the old one Select OK to change the configuration files as you have configured or select Cancel to exit the interface without saving the configuration If you select OK you will be asked to restart the Agent Service Select Auto to automatically restart the Agent Service immediately or select Manual to manually restart the Agent Service later e View Details Select View Details on the ribbon to bring up the View Details page with information about the selected Compliance Guardian Agent e Restart Select Restart on the ribbon to restart the selected Compliance Guardian Agent This is useful in situations where the agent is sluggish or if a job it is running hangs You can restart the agent and try again Note Any jobs that are running when you restart the agent will fail e Remove Select Remove on the ribbon to remove the selected Compliance Guardian Agent from the Agent Monitor The removed agent will no longer be used by the Control Service You can only remove agents that have a down arrow in the Status column Removing an agent does not uninstall the agent Note When removing the last agent of one farm in Agent Monitor the associated farm and plans will also be deleted from the Compliance Guardian databases e Deactivate Select Deactivate on the ribbon to deactivate the selected Compliance Guardian Agent Once the agent is deactivated it is marked as Inactive and will not be use
209. contents in the specified scope To configure the action policies select the Real Time Classification Scanner select a data source then select Edit on the ribbon or select Create and select SharePoint or Social Network from the drop down list Then select Action Policy Managing Action Policies The Action Policy interface displays all of the action policies that you have previously created In this interface you can change the number of action policies displayed per page and the order in which they are displayed To change the number of action policies displayed per page select the desired number from the Show rows drop down menu in the lower right hand corner To sort the action policies select a column heading such as Action Policy Name Description or Last Modified Time Perform the following actions in the Action Policy interface e Create Select Create on the ribbon to create a new action policy For information about creating a new action policy refer to Creating and Editing Action Policies e View Select View on the ribbon and you will see the previously configured settings for the selected action policy Here you can also select Edit on the ribbon to make changes to the action policy s settings You will be brought to the Edit Action Policy interface where you can change this action policy e Edit Select Edit on the ribbon to change the configurations for the selected action policy For information about editi
210. corded in the Compliance Guardian database e According to the setting in True Result and Message in the Report Text step the returning status is Passed which will be displayed in the Compliance Guardian report FindFile Type Check The FindFile type check is used to find a specified file The following section provides a general introduction about configuring attributes for this type of check as well as a test example for you to understand the test logic Configuring Attributes for FindFile Type Check Configure the following attributes e Truelf Specify the condition when the check result is True If Yes is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be True If No is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be False e Path Enter the file s relative path or full path FindFile Check Test Logic Example Refer to the following example to better understand the test logic of the FindFile type check Create and configure the FindFile check test logic 1 Create a FindFile type check In the Report Text step in the True Result and Message field select Passed in the True Result drop down list 334 e ae e Compliance Guardian Installation and Administration User Guide 2 Configure the elements in the check e Select Yes in the drop down list under the Truelf a
211. ct Save to save the archiving plan select Save and Run Now to save the plan and run immediately select Cancel to exit the interface without saving any changes If you edit a plan select Save As to save the updated plan Searching Lync Content Compliance Guardian allows you to scan Lync content archived in the archiving plans 168 F ae e Compliance Guardian Installation and Administration User Guide Select the Search button on the ribbon of the Compliance Scanner home page to go to the Search interface Refer to the following steps to search the Lync content 1 Select the archiving plans you want to search in the left pane 2 Enter the keyword in the search box of the right pane and then select Search 3 You can also use the Advanced search by selecting Advanced The Configure Advanced Search Settings window appears Select Add a Criterion to add a new rule of the selected category level Configure the following fields for the rule e Rule Select the new rule you want to create from the drop down list e Condition Select the condition for the rule e Value Specify a value you want the rule to use in the text box Select the delete cz button to delete a rule that is no longer needed The filter rule contains the following rule levels e Initiator Filter according to the initiator of the Lync conversation If you select Initiator as the rule after you select the value link a window appears You ca
212. ct and mitigate their risk By identifying classifying and taking action on compliance risks and presenting this information in easily digestible formats for various stakeholders organizations can more effectively build and maintain a compliant framework oe 15 Compliance Guardian Installation and Administration User Guide EN Complementary Products Many products and product suites on the Compliance Guardian platform work in conjunction with one another The DocAve Auditor Reports are recommended for use with Compliance Guardian Auditor Reports are available in DocAve 6 Report Center under Compliance Reports 16 F sn e e E Compliance Guardian Installation and Administration User Guide Submitting Documentation Feedback to AvePoint AvePoint encourages customers to provide feedback regarding our product documentation You can Submit Your Feedback on our website oe 17 Compliance Guardian Installation and Administration User Guide EM Accessibility Information for Screen Reading Software Ensure that the following requirements are met before you use Job Access with Speech JAWS or NonVisual Desktop Access NVDA to read Microsoft Silverlight 1 JAWS does not read ActiveX controls In order to enable JAWS to read Silverlight the following text must be added to the FsDomSrv ini file and JAWS must be restarted Add this text to the FsDomSrv ini file MS Silverlight Embedded in Internet Explore
213. ct the radio button to add users Select the Select Users link the Add specified users window appears In the left pane of the Add Users window enter a keyword in the search box the names and e mail addresses of the related users who are associated with the network are displayed in the table You can also select the Advanced button to filter the results by user or groups Select Add a Criterion o Rule Select Group or User as the rule o Conditions Select Equals or Contains o Value Enter the value for the rule Select the Delete button to delete a rule To add more filters select Add a Criterion again 232 S e e D e e Compliance Guardian Installation and Administration User Guide Note Depending on the filters you enter you can change the logical relationships between the rules by selecting And and Or After configuring the filter rules select Search to search for the related users or groups The searched out users or the users in the searched out group are displayed in the left pane of the Add Users window Select the user checkboxes and then select the Add button the users are added into the left table Select the Remove to cancel adding the users Select Save on the Add Users window posts of the users added in the left pane will be scanned e Add users according to the configured conditions Select the None link the Add users window appears Configure the condition to filter by groups or users
214. cting Incremental Scan the Reference Time option is enabled o Reference Time Choose whether to replicate contents created or modified at a specified interval If you choose to use a reference time specify the time to replicate contents created or modified Enter an integer into the text box and select Minute s Hour s or Day s from the drop down list Note The default maximum storage time of a SharePoint change log is 60 days If the reference time you configure is greater than 60 days Compliance Guardian only runs an incremental scan for the modifications within 60 days For the modifications exceed 60 days Compliance Guardian runs full replication Select OK to run the job Performing a Scheduled Classification Scanner Plan in Form Mode Form Mode offers the ability to run a quick scan job by providing a truncated version of all of the Scheduled Classification Scan Plan Wizard screens on one page Select the Scope of the content you want to scan select Plan Builder from the Plan Management group on the ribbon and then select Form Mode from the drop down menu or you can directly select Start with Form Mode on the landing page For detailed information about how to configure the Scheduled Classification Scan Plan settings refer to Performing a Scheduled Classification Scanner Plan in Wizard Mode Note If you are unfamiliar with this plan creation process it is not recommended that you use this mode to configure settings
215. cting Mode Select Create on the ribbon a drop down list appears Select the corresponding mode from the drop down list SharePoint or File System Then you can enter the corresponding mode and configure a plan to scan objects in SharePoint or file system and then perform the specified actions to the files in SharePoint or file system Managing Scheduled Classification Scanner Plans The Scheduled Classification Scanner home page displays a list of all of your previously created Scheduled Classification Scanner plans Also it displays the scan policy and action policy that are selected in the plan You can also see the plan type in the Scope Type column You may perform any of the following actions on a selected plan af e P 221 Compliance Guardian Installation and Administration User Guide View Details Select View Details on the ribbon to see the details of the selected plan Here you can also select Edit on the ribbon to make changes to the plan s settings You will be brought to the Edit page where you can change the settings for this plan After editing the settings select Save on the ribbon to save the plan To save a changed plan as a new one select Save As on the ribbon At any time select Cancel on the ribbon to return to the Plan Manager without saving any of your changes Edit Select Edit on the ribbon to make changes to the selected plan s settings You will be brought to the Edit page where you can chang
216. d public int Line Location of violations which lines the violations appear public int Column Location of violations which columns the violations appear public int StartIndex Location by start index public int Length Start Index and Length are used together for defining the actual result public ListLocStatus Result Note Warn Fail public string MatchResult The actual matched value After writing the check DLL file you must put it in Compliance Guardian Agent Bin then the CustomScan check works CustomCheck CustomCheck is used to calculate the check digit on the result of the regular expressions in order to validate the result Using CustomCheck Refer to the following section for using the CustomCheck function Method Define an Interface IValidation all the implementation classes need to implement the interface and expose a public method Validate for CCE to use them This Interface is initially defined as public interface IValidation string Parameters get set bool Validate string id 362 F e D e e Compliance Guardian Installation and Administration User Guide Configuration Define the DLL and the class configuration file ContentComplianceConfig xml The value of Class should be the full name of the class and the full name of the DLL separated by a comma Name refers to the name of the checksum algorithm Regex will call t
217. d ScanContent cs e 11 Check In Comment a ScanContext cs a tke L SP Value d ScanMessage cs H E Non Public members SP Build in Column dl ScanSetting cs d TestDefinition cs vr TestResult cs Figure 80 The key and value for SharePoint metadata 376 Compliance Guardian Installation and Administration User Guide CCE EngineWorker exe Mode Use the parameter of the ScanSetting s object to modify the method of starting CCE EngineWorker exe After the ScanSetting s object setting is created the attribute CommunicationSetting of the ScanSetting s object is used to configure the method of starting CCE EngineWorker exe betting CommunicationSetting IsSingleProcess true ScanEngine engine E A setting CommunicationSetting DocAve ContentCompliance deeg Commun object rel engine 4 Checkinterval 60 ages default aspx file null F IsRemote false return oF IsSingleProcess false var events new U RemotelP amp BJO0127 990 F RemotePort 14104 Mit 57 ScanTimeout 180 d Aren mae ant n an E RESET SSS TEE EEN Figure 81 The condition after the ScanSetting s object setting is created e IsSingleProcess This attribute is used to configure if the CCE EngineWorker exe is started using the singe process The default value is false O If the value of this attribute is set to false After creating the engine object the ScanEngine S
218. d after you select View Properties All of the selected file s properties are displayed in the View Properties page Select Close to exit the View Properties page All of the selected item s properties are displayed in the View Properties page You can select the attachment name to download the attachment of the item edit the content of the attachment and then upload the edited item through the Upload function which is introduced above Select Close to exit the View Properties page o Download Details Download the selected files o Restore Refer to Restoring Files in Quarantine Manager for details o Delete Delete the quarantined files permanently o Upload Content Upload a file For the SharePoint files or items that are affected by the In place quarantine method after you select Upload Since the files or attachments of items that are affected by the In place quarantine method are edited in the webpage directly this Upload function does not take effect on these files and items For the SharePoint files or items that are affected by the Out of place quarantine method after you select Upload The downloaded and edited file will be uploaded and will replace the selected file Note The uploaded file name must be same as that of the selected file The downloaded and edited attachment of the SharePoint item can be uploaded and replace the original attachment of the item Note The up
219. d Administration User Guide 12 Select Next on the ribbon or on the lower right section of the screen The Overview screen appears 13 Review and edit the plan selections on the Overview screen To make changes select Edit This link takes you to the corresponding setting page and allows you to edit the configuration 14 Select Finish or Finish and Run Now on ribbon or on the lower right section of the screen The plan is now listed in Plan Manager If you select Finish and Run Now the Run Now interface pops up to allow you to choose Options e Full Scan Scans all of the content in the scope defined in the plan e Incremental Scan Scans the content that has been modified Add Delete and Modify since the last incremental or full scan job If selecting Incremental Scan the Reference Time option is enabled o Reference Time Choose whether to replicate contents created or modified at a specified interval If you choose to use a reference time specify the time to replicate contents created or modified Enter an integer into the text box and select Minute s Hour s or Day s from the drop down list Note The default maximum storage time of a SharePoint change log is 60 days If the reference time you configure is greater than 60 days Compliance Guardian only runs an incremental scan for the modifications within 60 days For the modifications exceed 60 days Compliance Guardian runs full replication Select OK to r
220. d Hot Key Compliance Guardian 1 Report 2 Administration 3 Complianc P Create C SharePoi S SharePoin S e Scanner nt t Tab Plan C Wizard M Back B Builder Mode Next N Finish R Finish and Run O Now 272 Compliance Guardian Installation and Administration User Guide Functionality Name and Hot Key Compliance Guardian Installation and Administration User Guide Cancel Form Save Mode Save and Run Now Cancel Scan S Create C Policy View V Details Edit E Delete D Export W Close X Filter F Create N Policy View V Details Edit E Delete D Close X Database D Create C Manager View V Details Edit E Delete D Close X Account A Groups G Add Group AG Manager Edit Group E Show Users S Delete Group D 273 Functionality Name and Hot Key Permission P Level Authenticatio AM n Manager Close X Users U Add User AU Edit User E Delete User DU Activate AC Deactivate DA Permission P Level Authenticatio AM n Manager Close X Job J Monitor Close File F File F System System Tab Plan C Wizar M Back B Builder d Next N Mode Finish R Finish and O Run Now Cancel C Form L Save R Mode Save and Run O Now
221. d alert notification profile If this option is selected you must select an alert notification profile from the appeared drop down list You can also select the New Notification Profile link to create a new notification profile For more information refer to Configuring Receive E Mail Settings Select OK in the interface to save the changes or select Cancel to return to the Create Action Policy interface or Edit Action Policy interface without saving any changes After you finished configuring the Alert settings select the right arrow Py after Alert in the Create or Edit Action Policy interface to review the configured settings Select Add a Condition Group to add another condition group Select the delete button Vi after a condition group to delete the condition group You can change the order of the condition group configuration by selecting the textbox on the top of each condition group to determine the priority of the condition group Select the right arrow El or down arrow M to expand or retract the settings of a condition group Compliance Guardian Installation and Administration User Guide Classification Actions Refer to the following section for details about each classification action Change Permission The permissions of the files or items that are not compliant will be changed based on your settings When selecting Configure after the Change Permission action in the Create Action Policy or Edit Action Policy interface
222. d by the current control service However the deactivated service will still run normally This is useful when you want to perform maintenance on a specified Compliance Guardian Agent Note Any jobs that are running when you deactivate the agent will fail e Activate Select Activate on the ribbon to activate the selected Compliance Guardian Agent Once the agent is activated it is marked as Active and will be used by the current control service Compliance Guardian Installation and Administration User Guide y O When you are finished viewing and managing your Compliance Guardian Agents select Close on the ribbon to close the Agent Monitor tab and return to the Control Panel main page System Options System Options allow you to customize the Compliance Guardian software interface itself Within the System Options tab you can access Compliance Guardian General Settings Security Settings and Advanced Settings e General Settings These settings affect Compliance Guardian s interface which includes settings for Appearance and SharePoint Farm Settings You can display Compliance Guardian in the language of your preference use date and time format that you are comfortable with insert a custom logo for your reports and e mail templates and rename your SharePoint farms so that it is easier for you to recognize them e Security Settings These settings affect access to Compliance Guardian which includes settings fo
223. d in the encryption o Specify an encryption method Select an encryption method in the drop down list from AES DES and Blowfish Note If you are using an FIPS policy in your environment you can only use AES as the encryption method o Encryption Length bit Specify the length of the encryption e Encryption Key Select the way to generate an encryption key o Automatically generate an Encryption Key Compliance Guardian will generate a randomized key for you o Generate Encryption Key from seed Select this option to have Compliance Guardian generate a key based on the seed you enter If you choose this method enter a seed into the Seed text box and then enter the same seed into the Confirm seed text box Select OK to save these configurations and return to the Security Profile Interface or select Cancel to return to the Security Profile interface without saving these configurations The encryption method or length of a security profile cannot be modified once the profile has been created In the Security Profile interface to modify the description and configuration for a previously configured security profile select the profile you want to modify and then select Edit on the ribbon To delete a 112 S e e e Compliance Guardian Installation and Administration User Guide previously configured security profile select the profile you want to delete and then select Delete on the ribbon Note If the sec
224. d permission level select the permission level you want to edit by checking the corresponding checkbox then select Edit on the ribbon In the Edit Permission Level interface you can modify the Name and a Description of this Permission Level In the Module section you can select the modules you want to allow this permission level to access by checking the corresponding checkboxes You can select a product suite name to modify the access to its modules hast 79 Compliance Guardian Installation and Administration User Guide O O Note Unlicensed products have grayed out tabs and cannot be configured Select OK to save the modifications for the permission level and return to the Permission Level interface or select Cancel to return to the Permission Level interface without saving the modifications e Delete To delete a previously configured permission level select the permission level you want to delete by checking the corresponding checkbox and then select Delete on the ribbon A pop up window will appear to confirm this action Select OK to delete the selected permission level and return to the Permission Level interface or select Cancel to return to the Permission Level interface without deleting the selected permission level When you are finished managing your permission levels select Cancel on the ribbon to return to the Account Manager interface There following permission levels are configured in advance e Real Time
225. d to the Compliance Guardian Manager Control service where installed on PROD 390 F e D e e Compliance Guardian Installation and Administration User Guide Control Service Address Control Service Host COCO20104PP Control Service Port 14100 Figure 89 Compliance Guardian Agent Configuration Note Make sure all of the Compliance Guardian Agents are connected to the same DNS Alias record for the machine where Compliance Guardian Manager Control Service on the PROD is installed Synchronizing Databases from PROD Environment to DR Environment Refer to the following sections for details about synchronizing databases from the PROD environment to the DR environment Deleting the Specified Databases from the SQL Instance at the DR Side In order to set up SQL mirroring or log shipping the empty database of the DR environment needs to be deleted first Stop the Compliance Guardian Manager Control Service at the DR side and delete the following database Control Database ComplianceGuardian_ControlDB Note This step is preparing for synchronizing the production Compliance Guardian Manager databases to the SQL instance of the DR side Setting Up Database Synchronization PROD SQL Instance DR SQL Instance ComplianceGuardian_ControlDB ComplianceGuardian_ControlDB ComplianceGuardian_ReportDB ComplianceGuardian_ReportDB There are three ways to do database synchronization Database SQL Log Shipping SQL Mirroring and Availabil
226. d with the deletion Select OK to delete or select Cancel to return without deleting it Risk Formula Risk Formula provides the user with a method to measure level of risk in proportion to the risk type It allows users to grow risk at a specified factor providing an accurate look at risk by occurrence Managing Risk Formulas Select Risk Formula on the ribbon of the Test Suite Manager interface you will be brought to the Risk Formula interface In the Risk Formula interface you will see a list of the created Formula There are three default Formulas Weighted Stepped and Raw In the Risk Formula interface you can create view details about edit or delete the created Formulas e To view details about a Formula select the Formula and select View Details on the ribbon 130 S F ae e Compliance Guardian Installation and Administration User Guide e To edit a previously created Formula select the Formula and select Edit on the ribbon e To delete a previously created Formula select the Formula and select Delete on the ribbon e To create anew Formula select Create on the ribbon you will be brought to the Create Risk Formula interface configure the following settings o Name and Description Enter a name for the new formula The description is optional o Formula Define a new formula Detailed Information on the Formula There are three default risk formulas Weighted Stepped and Raw e The formula fo
227. dary check is Found o If the characters between the instance found in the primary check and instance found in the secondary check are greater than the number of characters specified in the MaxDistanceToPrimary attribute the result of the secondary check is Not Found e Inthe primary and secondary check section we have set No for the ListLocation attribute The location of the instance will not be recorded in the Compliance Guardian database so the value for LisLocStatus is not required to be set e inthis use case o Inthe primary check the value that matches the regular expression in the file is Server Side so the result is Found According to the logic set of the Truelf hast 323 Compliance Guardian Installation and Administration User Guide attribute the result of the primary check is True So the secondary check will be used o Inthe secondary check the value that matches the regular expression in the file is 046 454 286 In the extracted file content the characters between 046 454 286 and Server Side are less than 10 characters so the result of the secondary check is Found According to the logic set of the Truelf attribute the result of the secondary check is False So the result of this check is False According to the setting in False Result and Message in the Report Text step the returning status is User Review Required which will be displayed in the Compliance Guardian report Dictionary Type Check
228. der the MatchElement section or the check will be failed If MustNotContain is selected the test condition is the value of the attribute under the SecondaryMatch section must not contain the value of the attribute under the MatchElement section or the check will be failed TextCompare If this radio button is selected configure the following attributes CompareType Specify a compare type The attributes for CompareType are MustContain MustNotContain MustEqual and MustNotEqual Separator Specify a separator if multiple values are specified CaseSensitive Specify if the attribute being tested for must match the case exactly Value Define one or more values for the test use the separator specified before to separate the values 307 Compliance Guardian Installation and Administration User Guide Filter The content that meets the condition configured in this element field can be tested The following elements with specific attributes are available in the optional Filter section e Attributes For the details about the attributes refer to Attributes e ElementContent For the details about the attributes refer to ElementContent MatchedElement Check Test Logic Example Refer to the following example to better understand the test logic of the MatchedElement type check The selected file A that will be tested contains the following nodes lt Input id search keyword gt lt Input id
229. dian Control Service Disaster Recovery Refer to the following sections for details about Compliance Guardian Control Service disaster recovery Preparations and Configuration The following sections provide a solution for the Compliance Guardian Manager Control service disaster recovery Prerequisite Prepare a production PROD environment and a disaster recovery DR environment for simulating the Control service disaster recovery process in your testing environment Make sure a DNS Alias Record for the machine where the Compliance Guardian Manager Control Service on the PROD is installed has been created on your DNS server SQL Express is unsupported for the Compliance Guardian Manager Control Service disaster recovery Compliance Guardian Installation Install the Compliance Guardian platform using SQL databases on both PROD and DR environments respectively e Install Compliance Guardian Manager Control Services for both PROD and DR environments e Make sure the name of Compliance Guardian Manager Databases of the PROD and DR environments are the same o Control Database name ComplianceGuardian_ControlDB Note The Compliance Guardian Control database must have the same passphrase in PROD and DR environments e Create the Compliance Report Database of the PROD environment o Report Database name ComplianceGuardian_ReportDB e Install Compliance Guardian Agents on both PROD and DR environments and have all of them connecte
230. dian Manager work To store the job reports on a network share 1 Check the Use the Net Share path as the report location checkbox 2 Enter the UNC Path 3 Enter the Username 4 Enter the Password 5 Select OK 254 Compliance Guardian Installation and Administration User Guide Operations in the Scheduled Job Monitor Tab The Scheduled Job Monitor tab provides you with two toolbars that allow you to perform actions to jobs that you have scheduled to run in the future The following sections explain what these tools do in detail The Actions Toolbar This toolbar provides the following actions for a scheduled job e Enable If the status of the selected jobs is disabled you will have the option to select this button to enable it e Disable If the status of the selected jobs is enabled you will have the option to select this button to disable it The Filter Toolbar This toolbar provides the following filter options for a scheduled job e Date Range Allows you to limit the jobs displayed by specifying a time frame e Module Allows you to limit the jobs displayed by specifying the module where the jobs are run oe 255 Compliance Guardian Installation and Administration User Guide Using Check Validator Tool The Check Validator tool is used to verify if the custom check that is created using Compliance Guardian is correct and also used to verify if you can get the type of scan results
231. dian Transaction Capture interface e Operation Field You can perform the following actions in this field o Record On the webpage you want to record select the Record button Compliance Guardian Transaction Capture will then start to record the webpages you access from this current webpage The URLs that are recorded will be displayed on the Recorded Information Field o Stop Select the Stop button to stop recording the webpages 264 S F e e Compliance Guardian Installation and Administration User Guide O Play Select the Play button The series of webpages that you have recorded will automatically play as they are accessed Reset Select the Reset button all the recorded results will be cleared up Save Select the Save button to save the series of operation results as a transaction file After select the Save button the Save As window pops up Select a location and then select Save on the Save As window to save the transaction file which will be used for Compliance Guardian Website Scanner Options Select the Options button a pop up window appears Select the checkbox before Capture the Ajax Request XMLHttpRequest Then Compliance Guardian Transaction Capture can record the webpages that use the Ajax Request Delete Select a record in the Recorded Information Field and select Delete the record then will be deleted Import Import a previously saved transaction file You can view the
232. dified configuration file template Select Browse next to the File path text box to upload the modified template 108 F D e Compliance Guardian Installation and Administration User Guide Site Collection User Uses the user specified here to register all of the site collections you are about to add Enter the Username and the corresponding Password to access to all of the site collections you are about to import Note To register SharePoint sites in bulk the specified user must have the Design permission at a minimum to all of the SharePoint sites you are about to add But the Design permission is not sufficient to use the registered site collections to run jobs Compliance Guardian recommends you use the site administrator who can access all of the site collections you are about to add so that you can normally use the registered SharePoint sites to run jobs Note If any site collections fail to connect a pop up window appears to let you choose to add only the successfully connected site collections or add all site collections Select OK to save the configurations and return to the Manage Site Collection interface or select Cancel to return to the Manage Site Collection interface without saving any changes Scanning Site Collections Use Scan Mode to scan all of the SharePoint Online site collections on a specified SharePoint admin center site Add the scanned site collections to the specific SharePoint sites group in bul
233. diting Action Policies e Delete Select Delete on the ribbon A confirmation window will appear and ask if you are sure you want to proceed with the deletion Select OK to delete the selected action policies or select Cancel to return to the Action Policy interface without deleting the selected action policies Creating and Editing Action Policies To create a new action policy select Create on the ribbon To modify a previously configured action policy select the action policy and then select Edit on the ribbon In the Create Action Policy interface or Edit Action Policy interface configure the following settings e Name Enter a name for the action policy e Description Enter an optional Description for future reference e Type Select the type of the action policy o For Web Part Select this type the action policy will be used for the rule that uses the AvePoint Yammer Connector Web part to achieve the post content o For Receiver Select this type the action policy will be used for the rule that uses receiver to achieve the post content For detailed information refer to Using Real Time Classification Scanner Rules in Social Network Mode 192 e ae e Compliance Guardian Installation and Administration User Guide e Social Connection Select a social connection Configure the Set up the action rules section e Conditions Configure the action policy filter rules Select Configure The Configure
234. docx gt lt label For docx gt lt label For keyword gt Create and configure the MatchedElement check test logic 1 Create a MatchedElement type check In the Report Text step in the True Result and Message field select Passed in the True Result drop down list 2 Configure the Element section e Specify the element name Input for the Name attribute e Select No in the drop down list under the CaseSensitive attribute e Select ResultNA in the drop down list under the ResultNA attribute e Select One in the drop down list under the Truelf attribute e Select True in the drop down list under the ValidWhen attribute 3 Configure the ListLoc section e Select Valid in the drop down list under the Type attribute e Select Note in the drop down list under the Status attribute 4 Select the checkbox before Attributes and configure the following attributes e Specify the attribute name ID for the Name attribute e Select No in the drop down list under the CaseSensitive attribute e Select Yes in the drop down list under the AllowNull attribute e Select True in the drop down list under the MustExist attribute e Select the checkbox before Length and configure the following attributes o Select GreaterThan in the drop down list under the CompareType attribute 308 S F on e Compliance Guardian Installation and Administration User Guide o Enter 5 as the value of the Characters attribute 5 Select the checkbox before Secondar
235. down list under the Truelf attribute when finding an instance the check result of this check will be True If NotFound is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be False e SearchAll Specify whether or not to check the comments and scripts e ListLocation Specify whether or not to record the instance s location in the Compliance Guardian database If Yes is selected in the drop down list under the ListLocation attribute then every location of the instance found will be recorded in the Compliance Guardian database If No is selected in the drop down list under the ListLocation attribute the check continues but the locations of the instances found will not be recorded in the database e ListLocStatus Specify the status for the instance that is found The status will be recorded in the Compliance Guardian database Note that if the status set for True Result or False Result is Failed in the Report Text step the value for the ListLocStatus attribute will be Fail and the value cannot be changed e CaseSensitive Specify if the text being tested for must match the case exactly e MustRepeat Specify the amount of times a word or phrase must be found before considering the condition to be True When configuring the check if you do not enter a value for this attribute the value for this attribute will be considered 1 in the test e CompareType
236. ds for scanning public class ScanContent File extension public string FileType public string Url 360 Compliance Guardian Installation and Administration User Guide Original file path public string FilePath including cookie SSL level SharePoint metadata etc public IDictionary lt string object gt Metadata The following code is the check lt Tdf TdfID CustomTDFID gt lt ReportText gt lt Name gt CustomTDF lt Name gt lt PolicyURL gt http www avepoint com lt PolicyURL gt lt Description gt CustomTDF definition lt Description gt lt True result Pass gt Passed lt True gt lt False result Fail gt Failed lt False gt lt ReportText gt lt CustomTDF Class Namespace Class DllName gt lt Tdf gt Refer to the following helpful notes e The custom DLL should implement the interface defined as above e When scanning CCE calls the constructor passing the XML content as parameter Then CCE calls the scan method defined in the interface e The result returned by the scan method should be treated as a regular check result The following is an example of a regular check result public class TestResult public string TdfId public ReportResult Status Check Result A list of all violations public List lt TestResultUnit gt ResultList e PR f 361 Compliance Guardian Installation and Administration User Guide public class TestResultUnit public string TdfI
237. dules folder inside the unzipped Manager installation package 2 Right click on the UnattendedInstallationLauncher bat file and select Run as administrator to run it Now that you have imported the UnattendedInstallation dll file you can use the commands in the following sections to check your environment perform the manager installation and configure settings Commands and Command Parameters for Compliance Guardian Manager Unattended Installation To perform the Compliance Guardian Manager unattended installation refer to the following sections for the commands Installation Command The Compliance Guardian Manager Unattended Installation command for installing Compliance Guardian Manager remotely is Install CGManager For example Install CGManager CustomTDFPath C Users add Desktop custom checks zip TargetName hostmachine Username AvePoint Compliance Guardian Password Ave PackageFilesFolder C Compliance Guardian Manager AnswerFilePath C AnswerFile xml RemoteTempPath C TempFolder hast 49 Compliance Guardian Installation and Administration User Guide EE This table contains detailed information for each of the parameters Parameter Type Description CustomTDFPath The path of the ZIP file that contains the custom ZIP checks After Compliance Guardian is installed the ZIP file will locate in Compliance Guardian Manager Control bin Resources The name of the ZIP file will be changed to C
238. e SharePoint items cannot be performed this action For the SharePoint files or items that are affected by the Out of place quarantine method after you select View Content The file will be downloaded SharePoint items cannot be performed this action since there is no content in an item o View Properties View the file or item s properties For the SharePoint files or items that are affected by the In place quarantine method after you select View Property The corresponding SharePoint webpage appears displaying the file s properties The corresponding SharePoint webpage appears displaying the item s properties You can open the item attachment in the appeared SharePoint webpage and then edit the content of the attachment For the SharePoint files or items that are affected by the Out of place quarantine method after you select View Property All of the selected file s properties are displayed in the appeared View Properties page Select Close to exit the View Properties page All of the selected item s properties are displayed in the appeared View Properties page You can select the attachment name to download the attachment of the item and edit the content of the attachment and then upload the edited item through the Upload function which is introduced above Select Close to exit the View Properties page o Download Details Download the selected files o Restore R
239. e Creating and Editing an Archiving Plan Refer to the following steps to create or edit an archiving plan 1 Select Create gt Lync in the Manage group on the Configure Archiving interface To modify an existing plan select the plan and then select Edit on the ribbon 2 Inthe Create or Edit interface select the Lync server in the left pane Then expand the Lync server to the pool node Select a pool you want to archive 3 Configure the following settings in the right pane e Plan Name Enter a Plan Name and an optional Description hast 167 Compliance Guardian Installation and Administration User Guide e Archiving Data Storage Select the export location to store the archived file with the archived Lync content You can select the Enable Archived Data Retention checkbox and then enter a number and select a unit in Keep the latest _ Months Weeks Days archived data to define the range in which the archived data will be kept Then select an archiving database to store the archived data records used to locate the data under the export location e Full Text Index Select the checkbox to enable full text index for users searching the Lync content e Search Group Select a Compliance Guardian group from the drop down list Once a group is designated as the Search Group all of the users in the group will be able to use the Search function to search the desired archived content Multiple groups can be used here
240. e EI EX xy_ups_1 D Web Applications ng to user defined s to view and You must configure the following settings P5 Farm SEARCH SHAREPOINT_CONFIG Select the desired object s from the tree in the left panel ia Navigate to Wizard Mode or Form Mode to create a plan If Farm WAREHOUSE MSSS_2012 SHAREPOINT_CONFIC Select the Plan Manager tab to edit and run existing plans SH My Registered Sites Figure 17 User Profile Service node in Compliance Scanner Using Plan Builder to Perform a Compliance Guardian Scanner Plan for SharePoint Use the Plan Builder to set up a Compliance Scanner plan To use Plan Builder complete the following steps 1 After selecting the scope for the compliance scan select Plan Builder on the ribbon of Compliance Scanner page 2 From the drop down menu select Wizard Mode for step by step guidance during configuration or select Form Mode recommended for advanced users only to set up a plan quickly Refer to the following section that is applicable to your choice for information about performing a Compliance Scanner plan Performing a Compliance Scanner Plan in Wizard Mode Wizard Mode provides you with step by step guidance on how to configure a new plan To configure a plan using Wizard Mode complete the following steps Note An asterisk in the user interface indicates a mandatory field or step 1 Enter a Plan Name and an optional Description if desired Select Next The Repor
241. e Guardian Scanner Plans ccccccsessssccececesseseneseceeecessesesaeseceeecessessaeaeeeeeens 150 Compliance Guardian Scanner for SharePoint sisser ricsi sreski adiran aaas aaan 151 Launching Compliance Guardian Scanner SharePoint Mode 152 Selecting the Scan Scope issena E aE EEE N E TEE EREEREER EER 152 Scanning Hesper ugereegt Lg e degen deer 152 Compliance Guardian Installation and Administration User Guide Using Plan Builder to Perform a Compliance Guardian Scanner Plan for SharePoint cc000 153 Editing Template File for Filtering User Profiles 158 Compliance Guardian Scanner for File System 158 Launching Compliance Guardian Scanner File System Mode 159 Selecting the SCAN SCODE eegne idee eege 159 Using Plan Builder to Perform a Compliance Guardian Scanner Plan for File System 159 Compliance Guardian Scanner for Webette 162 Launching Compliance Guardian Scanner in Website Mode 162 Using Plan Builder to Perform a Compliance Guardian Scanner Plan for Website s sns0ssesseene 162 Scanning EUR 165 Compliance Guardian Scanner for vn 167 Launching Compliance Guardian Scanner Lync Mode 167 Configuring Archiving Plans iscsccsscdies dssc adecececdee las sdude asraon eanne AER oadedveuasecheds Age ANEN 167 Searching Lync Content 168 Selecting the SCAN SCOPE s ccccis2 zsccseeccersed eo usesnteceqessadedsceseeceeesed dusssdtieceeesseindacsteecveessientacsedeadeesteandersnies 171 Using Plan Builder to
242. e SharePoint Account for the agent as well as the agent type o SharePoint Account The SharePoint Account is used by the Compliance Guardian Agent to provide Compliance Guardian with access and control to your SharePoint environment The account configured here must have the required permissions for the Compliance Guardian products that are enabled To configure the SharePoint account enter the Username and Password for the desired account into the corresponding text box o Agent Type Configuration In order to use a certain product the corresponding agent type must first be configured Before selecting the product the necessary agents for that product must already be installed To configure the agent type for the agent check the checkbox next to the corresponding product You can navigate through the different product suites that are enabled by selecting on the name of the suite The configuration of the agent type is on your local environment o Job Restriction Limit the maximum number of jobs that are allowed to run simultaneously by this agent by enabling the Restrict the simultaneously running job count option and enter a positive integer into the text box Once you are finished configuring the agent select OK to save the configurations and return to the Agent Monitor interface or select Cancel to return to the Agent Monitor interface without saving any changes e Configuration File Upload agent configuration files to
243. e Viewing Pane 251 TE View Teenager Ae EE ea RE vee 251 The Filter Toolbar remcor inii ieia a E a a E AASL 252 SG arching JODS soomes ecne ens ikae aeee ES a aee e aea a ER e Ea E aei E E ea 252 Managing JODS snena a a e a EE Ea EEEE EES 253 Op rations in th Job Monitor Tab egen derietd sdreee Seege deed EE en eee a REK 253 The Manage Toolbar iesenii e e a a a a eaa Es 253 The Actions Toolbar EE 254 THE SEttinggS Toolbar seeroete unese eede ee e aeee Ee aa AREE aae ae a aa aaee iaee E oaee kaiaa ea 254 Compliance Guardian Installation and Administration User Guide SSS Operations in the Scheduled Job Monitor Tab 255 The Actions Toolbar visserie tirei ENEE ENEE ENEE Eege 255 The Filter Toolbar decree Neck nein EEE HESE EE iain E 255 Using Check Validator Tool 256 Related CONMMBSUFATION FIlC egerdtsgtee s eeerge tee AgeeeE EES eg 258 Using Detailed Risk Report Analysis Tool 259 Generating the Rep neg treeetect dees Seeerei eege 259 Information Included in the Exported Excel Elei 260 Generate Detailed Risk Report of a File uereg AEN eege 261 Before YOU TEE 261 Using Compliance Guardian Transaction Capture 263 System Requirements for Using Compliance Guardian Transaction Capture cccccccccsssssssssseeeeeens 263 Installing Compliance Guardian Transaction Capture cccccccsssssssececececssseseaeceeecessessaeeeeeeseesseseaeees 263 USING thE Ve RE 264 Exporting Action Reports and Social Reports to Event Viewer 2
244. e after the Encrypt and Quarantine action in the Create Action Policy or Edit Action Policy interface configure the following settings in the appeared Configure interface e Manage Encrypted Files Select one or more groups from the Select the groups that have the permission to manage the encrypted data in Compliance Guardian drop down list The users in the selected groups can view and manage the scanned files that are not compliant in Compliance Guardian gt Classification Report gt Incident Manager gt Encryption Select New Group to create a new group in Control Panel For more information refer to Account Manager e Security Profile Select a security profile for encrypting the non compliant files Select New Security Profile to create a new security profile For more information refer to Security Profile e Quarantine Location Select a location for storing the quarantined files Select New Export Location to create a new export location For more information refer to Export Location hast 213 Compliance Guardian Installation and Administration User Guide Move to the Specified Location The scanned files that are not compliant will be moved to the specified location After you select Configure after the Move to the Specified location action in the Create Action Policy or Edit Action Policy interface specify a location where you want to move the non compliant files in the appeared Configure interface Enter th
245. e agent to execute the scan job Select an agent group or select New Agent Group to create an agent group In the What do you want to name the plan and do you want to be notified by e mail field e Plan Name Enter a name for the plan e Description Enter an optional description for this plan Then select whether or not to receive the job report after a scan job finishes If you want to receive the job report select the checkbox before E mail me the job report and scan results and then select a notification profile Select New Notification Profile to create to new notification profile Scanning Gmail Compliance Guardian supports scanning the content in Gmail through Compliance Guardian Scanner for Website You must configure the following settings for creating a plan to scan the content in Gmail e Start From Enter the following URLs to scan the content in Gmail rel 165 Compliance Guardian Installation and Administration User Guide https mail google com mail h amp s a Enter this URL to scan all of the e mail content in Gmail https mail google com mail h amp s s Enter this URL to scan all of the sent e mail content in Gmail https mail google com mail h amp Enter this URL to scan all of the e mail content in Inbox of Gmail https mail google com mail h amp d a Enter this URL to scan all of the drafts in Gmail https mail google com mail h amp m a Enter th
246. e and Microsoft NET Framework 3 5 or above version must be installed before using Compliance Guardian Transaction Capture System Requirements for Using Compliance Guardian Transaction Capture Compliance Guardian Transaction Capture includes two versions AgentToolWebSiteRecorder_ NETv2 msi and AgentToolWebSiteRecorder_ NETv4 msi Refer to the following table for the system requirements of the two versions Compliance Guardian Transaction Capture Installation File Requirements Versions AgentToolWebSiteRecorder_ NETv2 msi Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows Thin PC AgentToolWebSiteRecorder_ NETv4 msi Windows 8 Windows Server 2012 Windows 8 1 Windows Server 2012 R2 Installing Compliance Guardian Transaction Capture To install Compliance Guardian Transaction Capture complete the following steps 1 Find the AgentToolWebSiteRecorder_ NETv2 msi or AgentToolWebSiteRecorder_ NETv4 msi file in Compliance Guardian Agent bin WebSiteRecorderInstallFiles 2 Open the AgentToolWebSiteRecorder_ NETv2 msi or AgentToolWebSiteRecorder_ NETv4 msi hast 263 Compliance Guardian Installation and Administration User Guide Note You can decide the version to install according to your system Refer to Compliance Guardian Prerequisites and System Requirements 3 Select Install in the appeared drop down menu The Complia
247. e characters before the non compliant content that can be displayed in error highlight report The default value is 40 You can customize the value e Node Value If a file size is greater than the node value the whole file will not be displayed in the Error Highlight Report for the performance consideration only the violations non compliant content along with the characters next to the violations the characters before the violations and the characters after the violations are displayed in the report The default node value is 600 KB You can customize the value e oe 381 Compliance Guardian Installation and Administration User Guide Appendix H Configuring for Supporting Load Balancing Configuring for Supporting Network Load Balancing Compliance Guardian supports Network Load Balancing Working Process For the Compliance Guardian Agents in agent group e Users first configure several file share locations on the Compliance Guardian Agent servers e The Agents run jobs from Compliance Guardian Manager e The Agents send the files that will be scanned to the file share locations and then pass the UNC path of the temporary file in file share locations to Compliance Guardian engine workers The Compliance Guardian Agents added in cluster are used as the Compliance Guardian engine workers For the Compliance Guardian Agents in NLB cluster e The Compliance Guardian Agents are used as Compliance Guardian engine work
248. e drop down list under the ListLocation attribute o Enter 1 for the MustRepeat attribute o Enter 10 in the MaxDistanceToPrimary attribute field o Enter the regular expression lt 4 b d 3 d 3 1 d 3 b in the Value field The Social Insurance Number can match the regular expression 3 Save the check 4 Run a Compliance Scanner job The test suite used in this job contains the check configured above Review the check test logic e In this type of check if the result of the primary check is True the secondary check can start for this check If the result of the primary check is False the secondary check will not start for this check and the result of this check will be determined by the primary check For the ResultNA attribute if TrueResult is set as the value of this attribute the result of this check will be True If FalseResult is set as the value of this attribute the result of this check will be False If NAResult is set as the value of this attribute the status of the tested file will be Not Applicable and Not Applicable will be displayed in the Compliance Guardian report e According to the MaxDistanceToPrimary attribute if the secondary check starts in the extracted file content o If the characters between the instance found in the primary check and the instance found in the secondary check are less than the number of characters specified in the MaxDistanceToPrimary attribute the result of the secon
249. e entered site collection The window also displays an error message and a suggestion on how to solve the error When configuring the site collection the URL of the site collection will be tested by all of the agents in the SharePoint Sites Group of the SharePoint Sites with this site collection A green check 9 means all of the agents connect to the site collection URL A yellow check means some of the agents connect to the site collection URL A red X 8 means none of the agents connect to the site collection URL By default the status of the connection between the agents and the site collection URL will be checked every 10 minutes The checking frequency can be configured through the configuration file Importing Site Collections You can import the site collections in bulk using the provided template Select Add Site Collections on the ribbon in the Manage Site Collection interface to access the Add Site Collections interface To add the site collections complete the following steps e Download Template Select Download Template on the ribbon or select the download link to download the configuration file template Modify the downloaded template to add the site collections URLs you are about to add to the selected group into the template Save the modifications and close the modified template e SharePoint Sites Group Displays the name of the selected SharePoint sites group e Upload Configuration File Uploads the mo
250. e following options o No schedule Scans the rules included in the profile only when you running the profile o Configure the schedule myself Scans the rules included in the profile according to the customized schedule settings If you select this checkbox the Schedule Settings field will appear For more information refer to Configuring Scan Schedule Settings for the Self Checker Profile e Notification Settings Select an existing notification profile from the drop down list or click New Notification Profile to create a new one After selecting the notification profile click View to view more details of this profile Select when to receive the notification e mail by selecting the corresponding checkboxes o Passed You will receive a notification e mail with a report that includes all of the rules that have a Passed status o Warning You will receive the report including all of the rules that are in Warning status through the notification e mail Compliance Guardian Installation and Administration User Guide o Error You will receive a notification e mail with a report that includes all of the rules that have an Error status o Skipped You will receive a notification e mail with a report that includes all of the rules that have a Skipped status o Stopped You will receive a notification e mail with a report that includes all of the rules that have a Stopped status 7 Click Next to proceed 8
251. e for this connection You can also enter an optional description to distinguish this connection from the others e Type Select the database type for the connection The followings are the Oracle database versions that are supported scanning in Compliance Guardian o Oracle Database 9i o Oracle Database 10g o Oracle Database 11g o Oracle Database 12c The followings are the SQL Server versions that are supported scanning in Compliance Guardian o Microsoft SQL Server 2005 o Microsoft SQL Server 2008 o Microsoft SQL Server 2008 R2 o Microsoft SQL Server 2012 o Microsoft SQL Server 2012 R2 o Microsoft SQL Server 2014 e Scanned Database Enter the IP or host name of the database server or IP Instance name Then enter the database name in which the data will be scanned e Authentication Specify the authentication mode database credentials and an optional failover database server for connecting the database o Select the Windows Authentication or SQL Authentication mode for the database and specify the database credential for the selected authentication mode After this you can validate the specified account by clicking Validation Test Windows Authentication Use this method if you want the user s identity to be confirmed by Windows SQL Authentication SQL Server will confirm the user s identity according to the user s account and password hast 147 Compliance Guardian Installation and Administration
252. e information refer to Viewing Security Information You can also log on Compliance Guardian using the integration with other authentication methods For more information refer to Authentication Manager How to Use Your Keyboard in Compliance Guardian Please refer to the following table for instructions on using the keyboard in Compliance Guardian Keyboard Key When to Use Tab Switch among all of the functions in one page Enter Select one button Space Select one check box radio button button F2 Gain focus in one cell of a table Je Switch among options in one list box options in one combo box or among cells in one table hast 39 Compliance Guardian Installation and Administration User Guide Compliance Guardian Manager and Agent Maintenance If you want to modify the configuration of Compliance Guardian Manager Agent after the installation open the Start Menu in Windows on the Compliance Guardian Manager Agent server and navigate to All Programs gt AvePoint Compliance Guardian Then open the Compliance Guardian Manager Tools Compliance Guardian Agent Tools folder and select Manager Configuration Tool Agent Configuration Tool Select the items listed on the left part of the tool and you can modify the corresponding settings Refer to Installing Compliance Guardian Manager and Installing Compliance Guardian Agent for detailed information about the settings 40 F sn e e EH Com
253. e location path in the format admin PC cS data or admin PC shared folder If the path is specified in the format admin PC cS data e The agent account must have the local administrator permission to the server where the specified location resides If the path is specified in the format admin PC shared folder e The specified user must have the Log on as a batch job permission to the server where the specified location resides or the user must be the member of the Backup Operators group of the server where the specified location resides e The specified user must have the Full Control permission to the shared folder Quarantine Files The scanned files that are not compliant will be quarantined After you select Configure after the Quarantine Files action in the Create Action Policy or Edit Action Policy interface configure the following settings in the appeared Configure interface e Manage Quarantined Files Select one or more groups from the Select the groups that have the permission to manage the quarantined data in Compliance Guardian drop down list Users in the selected groups can view and manage the quarantined data in Compliance Guardian gt Classification Report gt Incident Manager gt Quarantine Select New Group to create a new group in Control Panel For more information refer to Account Manager e Quarantine Location Select a location for storing the quarantined files Select New Export Location to cr
254. e ribbon and then save the report to your desired location and then review it in the datasheet Self Checker Self Checker scans the farm according to rules you select in the Self Checker profiles to check the health of your environment Note Only the users in the Compliance Guardian Administrators group can use Self Checker Self Checker provides rules in four categories regarding the health of the Compliance Guardian modules e Connection Checks the connectivity among Compliance Guardian services 114 e Fae e Compliance Guardian Installation and Administration User Guide e Permission Verifies appropriate permissions for the Agent account and the Compliance Guardian application pool account e Service Checks the status of Compliance Guardian services e Others Verifies that all of the requirements for each module are met To use Self Checker to check the health of the Compliance Guardian modules complete the following procedures 1 Create a Self Checker profile to include the rules you are about to scan for the Compliance Guardian modules For more information refer to Creating a Self Checker Profile 2 Run the newly created profile 3 After the job is finished check the status of the rules in the profile If the status is Warning or Error click the rule to view the provided solution For more information refer to Managing Rules in a Self Checker Profile 4 Solve the issue according to the prov
255. e screen appears 9 Select a scheduling option e No schedule Select this option to configure the job to not run ona schedule the job must be manually initiated e Configure the schedule myself Configure a customized schedule and run the plan by schedule Select Add Schedule and the Add Schedule window pops up Configure the following settings for the schedule o Options Select the type of the scan for this plan Full Scan or Incremental Scan Full Scan scans all of the content in the scope defined in the plan while Incremental Scan only scans the content that has been modified since the last incremental or full scan job If selecting Incremental Scan the Reference Time option is enabled Reference Time Choose whether to scan contents created or modified at a specified interval If you choose to use a reference time specify the time to scan contents created or modified Enter an integer into the textbox and select Minute s Hour s or Day s from the drop down list Note It is recommended specifying a reference time when the recurrence schedule configured in Range of Recurrence is End after 1 occurrence o Schedule Settings Specify the frequency to run the rerunning schedule Enter an integer into the text box and select Minute s Hour s Day s Week s or Month s from the drop down list o Range of Recurrence Specify when to start and end the running recurring schedule Start time
256. e section ElementContent This section is optional The details about the attributes under this element refer to the Configuring Attributes for Element Type section ChildElement This section is optional The details about the attributes under this element refer to the Configuring Attributes for Element Type section SecondaryMatch This section is optional Select the checkbox before the element and configure the following attributes e SecondaryMatch Configure the following attributes for this element o Name Specify the element that will be tested o CaseSensitive Specify if the element name being tested for must match the case exactly o ResultNA Specify a result when the specified element is not found If TrueResult is selected then if the specified element is not found the True result will be returned If FalseResult is selected then if the specified element is not found the False result will be returned If NAResult is selected then if the specified element is not found the status of the tested file will be Not Applicable which will be displayed in the Compliance Guardian report This is basically stating that you have the option to set the result to Not Applicable if none of the elements are found 306 S e ae e Compliance Guardian Installation and Administration User Guide Truelf There are two values for this attribute All and One If One is selected the scan will stop when one instance
257. e stored to the database the Location e Status This is used to indicate the disposition of the element and the severity selected by the user Note that in the Report Text step if the status set for True Result or False Result is Failed the value for the Status attribute will be Fail and the value cannot be changed 332 F e D e e Compliance Guardian Installation and Administration User Guide DomainExclude Configure the following attributes under this element e Separator Specify a separator if multiple values are specified e Value Enter one or more domains here the links that are located in these domains will not be checked Use the separator specified before to separate the values WebBeacons Check Test Logic Example Refer to the following example to better understand the test logic of the WebBeacons type check The webpage that will be tested contains the following nodes lt html gt lt body gt lt div gt lt img src http www hello com img img01 jpeg gt lt div gt lt body gt lt html gt The domain of this webpage is simer com Create and configure the WebBeacons check test logic 1 Create a WebBeacons Type check In the Report Text step in the True Result and Message field select Passed in the True Result drop down list 2 Configure the elements in the check e Inthe WebBeacons section o Specify img for the ElementName attribute o Select No in the drop down list under the CaseSen
258. e the settings for this plan Select Save on the ribbon to save the plan To save a changed plan as a new one select Save As on the ribbon At any time select Cancel on the ribbon to return to the Plan Manager without saving any of your changes Note If you change the scan policy when editing a Scheduled Classification Scanner plan or change the database policy when editing a Scheduled Classification Scanner plan after you save the changes the next time the plan will mandatorily run a full job although you select to run an incremental job thus to guarantee that the job can perform correctly as well as guarantee the job data is generated correctly Delete Select Delete on the ribbon to delete the selected plan A warning message will appear to confirm the deletion Select OK to delete the selected plan or select Cancel to return to Plan Manager without deleting the selected plan Test Run Select Test Run on the ribbon to simulate the execution of the selected plan After you select Test Now a pop up window appears You can select to run a full job or an incremental job If Incremental Scan is selected the Reference Time option is enabled o Reference Time Choose whether to scan contents created or modified at a specified interval If you choose to use a reference time specify the time to scan contents created or modified Enter an integer into the textbox and select Minute s Hour s Day s or Month s from the drop down l
259. e to the Create Action Policy or Edit Action Policy interface and select Alert Only gt Configure The Configure interface appears e Specify a default e mail template You must select a default e mail template before adding recipients Select the New Notification Template link to create a new template e Creator e mail template Select this checkbox to send an alert e mail to the creator of the file If this option is selected you must select an e mail template from the corresponding drop down list If you do not select an e mail template Compliance Guardian will use the default e mail template e Modifier e mail template Select this checkbox to send an alert e mail to the modifier of the file If this option is selected you must select an e mail template from the corresponding drop down list If you do not select an e mail template Compliance Guardian will use the default e mail template e Userin the selected notification profile Select this checkbox to send an alert e mail to the recipients configured in the selected alert notification profile If this option is selected you must select an alert notification profile from the appeared drop down list Select OK to save the changes or select Cancel to exit the Configure interface without any changes Configuring Action Policies for Social Network Action policies for Social Network allows you to define the actions to the scanned contents in Yammer To configure the action p
260. e used to export the compliance reports from the report database sys databases sys columns sys identity_columns sys indexes sys index_columns sys foreign_key_columns sys foreign_keys sys schemas sys tables sys types Compliance Guardian Installation and Administration User Guide Installing Compliance Guardian The Compliance Guardian Installation Wizard will guide you through the installation process In order to complete the installation successfully a local administrator account must be used to run the Installation Wizard Note Install Compliance Guardian in the following order 1 Install the Compliance Guardian Manager with the Manager Installation Wizard 2 Install the Compliance Guardian Agents with the Agent Installation Wizard 3 Loginto Compliance Guardian to make sure the Manager and Agent are able to communicate with each other properly Compliance Guardian Manager Make sure the system requirements are met before starting installation for Compliance Guardian Manager For more information refer to System Requirements for Control Service Installation Note When running the Manager Installation Wizard on the server running Windows Server 2003 Windows Server 2003 R2 make sure the Windows components are not being added or removed during the rule scanning otherwise the scanning result will be affected Note When running the Manager Installation Wizard on the server running Windows Server 2008 Windows
261. e values for the test use the separator specified before to separate the values Select the delete button 4 to delete this Dictionary check rule Select Add Another Dictionary to add another rule Regex This element has the following attributes e SearchAll Specify whether or not to check the comments and scripts e ListLocation Specify whether or not to record the instance s location in the Compliance Guardian database If Yes is selected in the drop down list under the ListLocation attribute then every location of the instance found will be recorded in the Compliance Guardian database If No is selected in the drop down list under the ListLocation attribute the check continues but the locations of the instances found will not be recorded in the database e ListLocStatus Specify the status for the instance that is found The status will be recorded in the Compliance Guardian database Note that if the status set for True Result or False Result is Failed in the Report Text step the value for the ListLocStatus attribute will be Fail and the value cannot be changed e CaseSensitive Specify if the text being tested for must match the case exactly e CustomCheck Enter a CustomCheck name for this attribute The CustomCheck is used to calculate the check digit on the result of the regular expressions in order to validate the result For more information on CustomCheck refer to Using CustomScan in Compliance Gu
262. ePoint item whose name is same as the file name that you want to restore in the destination a conflict will be judged Select a conflict resolution o Replace The conflicted destination file will be replaced with the selected file after the restore o Skip The file will be skipped to restore to the destination Restoring the SharePoint Files or Items that Are Affected by the Out of Place Quarantine After you select a SharePoint file or item that is affected by the Out of place quarantine method configure the following settings in the appeared Restore interface Compliance Guardian Installation and Administration User Guide Restore Type Select In place restore to restore the selected file or item to its original place Select Out of place restore to restore the selected file or item to another place in SharePoint Destination If you have selected Out of place restore this field appears All of the SharePoint farms appear Browse the desired farm tree to a list level library level or folder level the file or item will be restored to the selected SharePoint list or library Agent Group If you have selected Out of place restore this field appears Select an agent group for running the restore job or select New Agent Group to create an agent group Ignore this File Until the File or Policies Change Refer to Restoring the SharePoint Files or Items that Are Affected by the In Place Quarantine Method for detai
263. eate a new export location For more information refer to Managing Export Locations Redact Files Redact the files that are not compliant according to the Redaction type test suite selected in the corresponding scan policy Quarantine Before Redact The files that are not compliant will be backed up and the backed up files will be quarantined to a specified location The original files will be redacted After you select Configure after the Quarantine Before Redact action in the Create Action Policy or Edit Action Policy interface configure the following settings in the appeared Configure interface 214 F ae e Compliance Guardian Installation and Administration User Guide Manage Redacted Files Select one or more groups from the Select the groups that have the permission to manage the redacted data in Compliance Guardian drop down list Users in the selected groups can view and manage the quarantined data in Compliance Guardian gt Classification Report gt Incident Manager gt Redaction Select New Group to create a new group in Control Panel For more information refer to Account Manager e Quarantined Location Select a location for storing the quarantined files Select New Export Location to create a new export location For more information refer to Export Location Alert Only The files that meet the configured condition in the action policy can be recorded in an e mail and sent to the specified users Navigat
264. ed e Greg f 21 Compliance Guardian Installation and Administration User Guide O o Required Application Pool Settings The following application pool settings are required by Compliance Guardian Control Service Installation If you choose to create a new application pool Compliance Guardian will automatically configure these settings If you choose to use an existing application pool you must configure the application pool according to the following table IIS Value Version Advanced Settings gt v2 0 v4 0 No Managed Code is not supported General gt NET Framework Version Advanced Settings gt False is required since Compliance General gt Enable 32 bit Guardian must load some third party dlls Applications which are 64 bit ones Advanced Settings gt Integrated Itis not supported to use Classic together General gt Managed Classic with NET Framework v4 0 Pipeline Mode Process Model gt Load User True True is required by Compliance Guardian ae a LT J os Advanced Settings gt True False True is strongly recommended because if General gt Start you set the value to False the application Automatically pool requires manual start up Required Application Pool Account Permissions The application pool account must have the following local system permissions The selected application pool account will be granted Full Control permission to the following groups and folders automatically dur
265. ed and included in the result You can view the logical relationship of the filter rules in the Basic Filter Condition area For example if the logical relationship is 1 And 2 Or 3 in the Basic Filter Condition area the contents that meet both the filter rule 1 and filter rule 2 or meet the filter rule 3 will be filtered out Select Save to save the configurations and return to the Filter Policy interface or select Cancel to return to the Filter Policy interface without saving any changes Editing Filter Policies To modify a previously configured filter policy select the filter policy and then select Edit on the ribbon In the Edit Filter Policy interface edit the related settings according to your own requirement For more information about how to configure settings for filter policies refer to Configuring Filter Policies After finishing editing settings of the selected filter policy select Save to save the configurations and return to the Filter Policy interface Alternatively select Save As and enter a filter policy name to save it as a new filter policy Select Cancel to return to the Filter Policy interface without saving any changes 138 F e D e e Compliance Guardian Installation and Administration User Guide Website Scanner Settings Configure the Authentication Profile and the User Agent Profile for using Compliance Guardian Scanner for Website Configuring Authentication Profile An authentication profile i
266. ed in the SubCheck field is False If you have selected Or in the Type field When you add multiple checks in the SubCheck field one of the checks results in this test suite is True and the check with a True check result is not the last check you added in the SubCheck field the result of the checks added in the SubCheck field is NA If the check with a True check 358 F e D e e Compliance Guardian Installation and Administration User Guide result is the last check you added in the SubCheck field the result of the checks added in the SubCheck field is True o RiskLevel r1 The Item Initial Risk value assigned on the initial occurrence of the compliance failure related to the check being tested for in the document or stream Allowed values for RiskLevel r1 are 1 10 o RiskLevel r2 The Item Additional Risk Level factor that the risk level grows at for every additional failure at the check level for the same type found in the document or stream This number is optional where the integer 1 means ignore the value allowing to use the third value If the value is 1 then the factor will be 1 Allowed values are 1 to 10 This is optional o RiskLevel r3 The Item risk in relation to other checks This Item is optional If this number is missing then it is assumed that its value is 1 Allowed values are 1 10 This is optional According to the formulas selected in the RiskFormula section the check wil
267. edaction check test logic 1 Create a Redaction type check In the Report Text step in the False Result and Message field select User Review Required in the False Result drop down list 2 Configure the Redaction section e Select Replace in the drop down list under the RedactType attribute 3 Select the checkbox before Regex and configure the Regex section e Select Yes in the drop down list under the SearchAll attribute e Select Yes in the drop down list under the ListLocation attribute e Select Warn in the drop down list under the ListLocStatus attribute e Select No in the drop down list under the CaseSensitive attribute e Select No in the drop down list under the CustomCheck attribute e Inthe Dictionary section enter the regular expression lt 4 b d 3 d 3 1 d 3 b in the Value field The Social Insurance Number can match the regular expression 4 Inthe Value Configuration field configure the following attributes e Select Word in the drop down list under the Type attribute e Select True in the drop down list under the Repeat attribute e Enter in the Value field 5 Save the check Run a Compliance Scanner job the test suite used in this job contains the check configured above Review the Redaction check test logic e inthis case o Inthe Redaction field we have set Replace as the RedactType so the found instance will be replaced o Inthe Regex field the Canadian Social Insurance Num
268. eeecssseseaaeseeeescesseseeaeseeseseesseseaaeess 99 Configuring Receive E Mail Settings cccccccccccssssssssceeececsesessaeseceeecesceseaseeeeeessssseseaaeseeseseessessaaeess 99 Configuring Receive E Mail Notification cccccccsccssssececeeeceescnseaeeececesseseaeeeeeeseeseessnaeseeeesesssesnsaees 100 Managing Receive E Mail Notification cccccsssscccececsesesnsaeeeeecesseseaeaeeeeecesseaaeseceeecesseseaeaeeeeeens 101 Configuring E mail Templates ccccccscsssssececececeesesscsececececesseaeaeeececeseeeeaeseeeessesseseuaeeeesesesesesnaaeas 101 le te Rief Le TEE 102 Configuring Pruning RULES 22 csisssccecccccevexesevesonecuedavessteedenecetivanssdeet acedelasaseddeleccugedasnander beaececdssbadten tenes 102 Config ring OC 103 CONPIBUTING Ee KUER eege Eege dd ats eegene eege ege EN 103 a Compliance Guardian Installation and Administration User Guide LOS ENEE 105 Configuring LOS Setting Sege eege Ee Ee ee 105 Collecting LORS iiciin e e aa a E ERENNERUNG 106 Share POInt SItES seccicnai5 ec v0 ape an e Eee ae Eaa Coatevens es nes N pia aa EER ae aE EANES RE EEEa 106 Managing SharePoint Online Site Collection URLS ccccssccccccessssesssceceeecesseseaeeeceescesseseaeaeeeeeens 106 Office 365 Account Profile Manager 110 PORE WAM AR TEE 112 Security Profile isror eRe EEE RE e aE ae aR ee R 112 le ee EE 113 Configuring Pruning SCttingS lt c ccecses dssccedecedecdecsasssadt nated Geasasseede AER
269. eeeeeeeseeseaeaeeeesens 400 oe 13 Compliance Guardian Installation and Administration User Guide SSS What s New in this Guide e Updated Configuring Action Policies in Real Time Classification Scanner 14 F sn e e EE Compliance Guardian Installation and Administration User Guide About Compliance Guardian Compliance Guardian is designed to ensure that information is available and accessible to the people who should have it and protected from the people who should not Compliance Guardian helps Chief Privacy Officers Chief Information Security Officers Compliance Managers Records Managers SharePoint Administrators and Company Executives proactively protect their IT environments from harmful information leaks contamination or misuse while simultaneously ensuring that all activities and content residing in their environments are compliant accessible and manageable Compliance Guardian is designed to empower organizations to comply with regulatory statutory or organization specific requirements to manage and oversee access to sensitive data Compliance Guardian works with AvePoint s extended Compliance Solutions to provide a heat map that provides additional actionable context about the document including how old is the document who authored it how many times has it been accessed who can access it who has accessed it and what have they done with it In this way organizations can take specific steps to prote
270. eeseaeaeseeeesssesenaeas 367 Parameters of the ScanEngine Scan Method 367 f Au p 11 Compliance Guardian Installation and Administration User Guide are MSA GE EXAM o E eege geesde A 368 Scan Files WS iis CCC EE 368 Scan Files Using MEC EE 372 Scan M tatg at ege zeegte gue e egen ECO ee dEr eege 375 CCE Engine Wonkerexe Mode siiicar naneo aaee a i aaraa aaaea Ea ee ie reaR EEE Eoee iS 377 Appendix F Using the ComplianceSetting config le 379 Configuring to Scan User Profiles 379 Configuring Restricted Attachment Types and Modifying the Allowed Maximum Size of Uploaded Attachments in Incident Manager use 379 Appendix G Displaying Only Violations in the Error Highlight Report 381 Appendix H Configuring for Supporting Load Balancng 382 Configuring for Supporting Network Load Balancing ccccccccccccessssessceeeeecesseseseseceeecesseseneseeeesens 382 Mee See 382 Installing Network Load Balancing Feature ccccccecssssscececsssesesssceeeeeceseesesaeaeeeescesseseeaeeeeeeseesseseuaeeas 382 Editing Network Load Balancing Cluster Properties cccccccssssssssecececesseseneeeeeescesseseaeeeeeeseessesesaees 383 Configuring File Share LOCAtONS aiiis sede rein deve e E dE 383 Using CCE EngineService exe file to Encrypt Passwords and Do Operations on the lt FS gt Node 384 Configuring Communication Setting 385 Control Service Load Balancdng scssi inonsentiritses ineine seei enaren iiaae ti
271. efer to Restoring Files in Quarantine Manager for details o Delete Delete the quarantined files permanently Compliance Guardian Installation and Administration User Guide o Upload Content Upload a file For the SharePoint files or items that are using the In place quarantine method after you select Upload Since the files or attachments of items that are affected by the In place quarantine method are edited in the webpage directly this Upload function does not take effect on these files and items For the SharePoint files or items that are using the Out of place quarantine method after you select Upload The downloaded and edited file will be uploaded and will replace the selected file Note The uploaded file name must be same as that of the selected file The downloaded and edited attachment of the SharePoint item can be uploaded and replace the original attachment of the item Note The uploaded attachment name must be same as the original attachment name o Data Range The first time you access Quarantine Manager the files or items in the last 1 day are displayed You can change it by selecting Data Range and then enter a value in the Latest _ Days Hours field Select OK to save the setting The next time you access Quarantine Manager the files or items that are quarantined in the specified time range will be displayed e Scope Define the scope of the files you want to manage e Files F
272. eive the e mail and select an e mail template You can also select the New E mail Template link to create a new e mail template Refer to Configuring E mail Templates for more information Note Even though there may be more than one error when scanning a file the alert e mail will only be sent when the first error occurs Select Next The Schedule page appears 4 Configure the schedule settings e No schedule Select this option to run the plan immediately and save the plan in Plan Manager e Configure the schedule myself Select this option to configure a customized schedule and run the Compliance Scanner job by schedule Select Add Schedule to set up a schedule The Add Schedule window appears In the Options section select a scan type from the drop down list For more information review to Scan Schedule Select Next The Advanced page appears 5 Configure the advanced settings e Notification Configure the e mail notification settings Select a previously configured notification profile from the Select a profile with address only drop down list or choose to create a new e mail notification profile by selecting the New Notification Profile link Select View to view the detailed configuration of the selected notification profile For more information on configuring the e mail notification profiles refer to Configuring Receive E Mail Settings Select Next The Overview page appears 6 Review and edit the plan co
273. el or the list level Select Configure and the Configure window appears Expand the farm tree or My Registered Sites and then select a library or folder where the file is moved Then select OK to save the settings You can configure to move a file between sites in the same farm move a file from a SharePoint 2010 farm to a SharePoint 2010 farm move a file from SharePoint 2013 farm to a SharePoint 2013 farm or move a file between SharePoint 2013 On Premises and SharePoint Online Inheritance Status For site level there are two types of inheritance status N A and Not Inherit For list level there are three types of inheritance status N A Not Inherit and Inherit 1 When there is no allowed location configured for a site the site inheritance status is N A The inheritance statuses of the lists that inherit the site are N A the inheritance statuses of the lists that do no inherit the site are Not Inherit 134 F e D e Compliance Guardian Installation and Administration User Guide 2 When there is an allowed location that has been configured for the site the site inheritance status is Not Inherit The inheritance statuses of the lists that inherit the site are Inherit the inheritance statuses of the lists that do not inherit the site are Not Inherit Inherit or Not Inherit After configuring an allowed location in a site the lists under this site automatically inherit the destination folder that is configured for the site If
274. elect one or more options from the drop down list and then click OK e Every _ month s Enter a positive integer in the text box This option appears when you select By month in the Type field Select Advanced to configure more specific settings hast 117 Compliance Guardian Installation and Administration User Guide o Onday_of_ Enter a positive integer in the text box and then select one or more month from the drop down list o Day of every _ month s Select a day from the drop down list and then enter a positive integer in the text box o The of every _ month s Select an ordinal numeral from the first drop down list select one or more day from the second drop down list and then enter a positive integer in the text box o The of _ Select an ordinal numeral from the first drop down list select one or more days from the second drop down list and then select one or more months from the third drop down list 3 Range of Recurrence Select when the recurring schedule will end e Start time Select a start time e No end date The schedule will not end e End after _ occurrences Enter a positive integer in the text box The schedule will end after the entered number of occurrences e End by _ Select the end date The schedule will end on the selected end date 4 Click OK to save your changes and return to Scan Schedule interface or click Cancel to return to Scan Schedule interface
275. element is not found the False result will be returned If NAResult is selected then if the specified element is not found the status of the tested file will be Not Applicable which will be displayed in the Compliance Guardian report In other words you have the option to set the result to Not Applicable if none of the elements are found Truelf There are two values for this attribute All and One If One is selected the scan will stop when one instance is found to save scan time If All is selected the scan will only stop when all instances are found ValidWhen This is used to indicate if the result is valid when the condition is one of two values True or False Configure the following attributes under the ListLoc section 292 Type There are two values for this attribute Valid and Invalid All elements that are considered valid or invalid are stored to the database the Location Status This is used to indicate the disposition of the element and the severity selected by the user Note that in the Report Text step if the status set for True Result or False Result is Failed the value for the Status attribute will be Fail and the value cannot be changed Compliance Guardian Installation and Administration User Guide ElementRepeat If you want to configure the ElementRepeat section select the checkbox before the element this section is optional e Alert Specify whether to check for repeating elements
276. elete D Close XI Database D Create C Manager View Details V Edit E Delete D Close X Job J Monitor Close X File File F System System Tab Plan C Wizard Mode Back B Builder Next N Finish R Finish and Run O Now Cancel C Form Mode Save R Compliance Guardian Installation and Administration User Guide 283 Functionality Name and Hot Key Configure Connectio n Create Save and Run Now Cancel View Details Edit Delete Close Scan Policy Create View Details Edit Delete Export Close Filter Policy Action Policy Create View Details Edit Delete Close Create View Details Edit Delete Close Database Manager Create View Details Edit Delete Close lt IOIM lt K aOl x lt x oO M lt OlX OIM lt ZzlxXxpSpOyM lt jO KPolmM lt j oO 284 Compliance Guardian Installation and Administration User Guide Functionality Name and Hot Key View Detail S Job Monitor J Close X Edit Delet e Run Now Test Run Scheduled Classification Scanner for Social Network Page Functionality Name and Hot Key Scheduled Classification Scanner Create Social Network D Social Network tab Plan Builder L Wizard Mode Back B
277. elf attribute e Select False in the drop down list under the ValidWhen attribute 3 Configure the ListLoc section e Select Invalid in the drop down list under the Type attribute e Select Warn in the drop down list under the Status attribute 4 Select the checkbox before the ElementRepeat element and then select Yes in the drop down list under the Alert attribute Enter 2 in the Value field 5 Select the checkbox before the TextCompare element e Select MustContain in the drop down list under the CompareType attribute e Enter as the separator e Select No in the drop down list under the CaseSensitive attribute e Enter Ain the Value field 6 Save the check 7 Run a Compliance Scanner job The test suite used in this job contains the check configured above Review the check test logic e See the ElementRepeat section The element IMG is continuously repeated 2 times in the file A so the check in the ElementRepeat section is False e See the TextCompare section The node in the file contains the value A so the check in the TextCompare section is True e From the above example the check result of this check is False any of the check results is False the check result of this check is False According to the settings in False Result and Message in the Report Text step the returning status is User Review Required which will be displayed in the Compliance Guardian report e See the attributes under Element True has been
278. ement refer to the Configuring Attributes for Element Type section TextCompare This section is optional For the details about the attributes under this element refer to the Configuring Attributes for Element Type section Attributes This section is optional For the details about the attributes under this element refer to the Configuring Attributes for Element Type section ElementContent This section is optional For the details about the attributes under this element refer to the Configuring Attributes for Element Type section e ME 8 299 Compliance Guardian Installation and Administration User Guide ChildElement This section is optional For the details about the attributes under this element refer to the Configuring Attributes for Element Type section SecondaryElement This section is optional Select the checkbox before this element the following attributes appear e Name Specify the secondary element that will be tested e CaseSensitive Specify if the element name being tested for must match the case exactly e MustExist Specify whether the secondary element must exist e Truelf There are two values for this attribute All and One If One is selected the scan will stop when one instance is found to save scan time If All is selected the scan will only stop when all instances are found e MustNext Specify whether the secondary element must be next to the primary element the elem
279. emplate The alert e mail will be sent to the recipients configured in the selected alert notification profile e Stop Using Next Rule Select whether or not to use the next rule to scan content 4 Select Save to save the changes or select Cancel to exit the interface without any changes Managing and Applying Real Time Classification Scanner Rules Once a rule is created it is listed in the Real Time Classification Social Network interface You can manage the rules in the following ways e Apply Apply the rules for scanning content If a rule is not applied it will not be displayed the next time you go to the Real Time Classification Social Network interface e Edit Edit a selected rule e Delete Delete the selected rules e Enable Enable a rule You must select Apply after selecting Enable for a rule or the rule will not be enabled e Disable Disabled a rule You must select Apply after selecting Disable for a rule or the rule will not be disabled e Order Select the order from the Order drop down list to define which rule is the first to be applied for scanning content e Rule Name Select the Rule Name the rule s Edit interface appears Then you can edit the rule s settings ME 207 Compliance Guardian Installation and Administration User Guide Using AvePoint Yammer Connector Web Part to Post Messages to Yammer AvePoint Yammer Connector Web part is added in SharePoint whi
280. ent Profile To view a user agent profile select it from the list of previously configured profiles and then select View Details on the ribbon To delete a user agent profile select it from the list of previously configured profiles and then select Delete on the ribbon A confirmation window will pop up and ask if you are sure you want to proceed with the deletion Select OK to delete the selected user agent profile or select Cancel to return without deleting it 140 S e ae e Compliance Guardian Installation and Administration User Guide Creating and Editing User Agent Profile To create a new user agent profile select Create in the Manage group of the User Agent Profile page To modify a previously configured user agent profile select the user agent profile and then select Edit on the ribbon In the Create User Agent Profile or Edit User Agent Profile interface configure the following settings e Name and Description Enter a name and an optional description for the profile e User Agent String Specify the user agent string oe 141 Compliance Guardian Installation and Administration User Guide Compliance Manager Compliance Manager enables you to retrieve compliance information about all of the files in the specified scope through performing Compliance Scanner jobs It displays the scan results through different kinds of Compliance Reports so users can easily view the compliance status of the files in
281. ent and then select Upload to upload the configured file Refer to Editing Template File for Filtering User Profiles for details about editing the template file Select Next The Overview page appears 6 Review and edit the plan configurations To make changes select the Edit button next to the name of the each configuration field to jump to the corresponding setting page and edit the configuration 7 Once you are satisfied with the plan settings choose one finishing option at the lower right section of the screen Select Finish to save the configuration of the plan without running it or Finish and Run Now to save the configuration and then run the saved plan immediately Scan Schedule Configure the following settings to build a new Compliance Scanner schedule in the Add Schedule pop up window 156 S e ae e Compliance Guardian Installation and Administration User Guide e Options Select a scan type from the drop down list o Full Scan Run a full scan of all of the documents and items in the specified scope Unlike incremental scan all full scans are independent of one another and do not have any dependencies on the other s scan results However because each of the full scans is comprehensive full scan jobs take the longest to complete of the two available options o Incremental Scan Run a fractional scan It scans only the updated documents and items since the last successful full scan or incremental scan
282. ent you specified above in this check If you select Yes in the drop down list under this attribute only the secondary element that is next to the primary element will be checked If you select No in the drop down list under this attribute then all the specified secondary elements will be checked The following elements with specific attributes are within the optional SecondaryElement section e ElementRepeat This section is optional Select the checkbox before this element the following attributes appear o Alert Specify whether to check for repeating elements o Value Specify the maximum times the element can repeat before the check is determined False e Attributes This section is optional Select the checkbox before this element the following attributes appear o Name Specify the attribute name that will be tested o CaseSensitive Specify if the attribute name being tested for must match the case exactly o AllowNull Specify whether the attribute that has no value will be tested o MustExist Specify whether or not the attribute has to exist If True is selected then the test will fail if the specified attribute does not exist Select the delete button 4 to delete this Attributes check rule 300 F e D e e Compliance Guardian Installation and Administration User Guide The following elements with specific attributes are within the optional Attributes section o Length This section is o
283. ents Rule Stop Inheriting logically separates the rule in the lower level node from the upper level node After one rule has been applied for a particular level Level A you can still configure rules directly to levels that are higher than Level A However if you want to configure rules at levels that are lower than Level A 200 e ae e Compliance Guardian Installation and Administration User Guide you must first break the rule inheritance To break this inheritance select Stop Inheriting in the Manage group on the ribbon Some helpful notes on the Stop Inheriting Parents rule e When breaking the rule s inheritance at a specified level the inheritance is only broken at this level The rule s inheritance of the lower levels is not broken e After the rule s inheritance is broken you can apply new rules and edit the corresponding rule settings at the lower level Inheriting Parents Rule Use the inheriting feature after you have stopped a node s rule inheritance from its parent node To manually apply a rule inheritance to a node select the node that will inherit the parent node s rule and select Inheriting in the Manage group on the ribbon After selecting Inheriting this button changes to Stop Inheriting Some following helpful notes on the Inheriting rule e By default the Real Time Classification Scanner rule configured for a higher level is inherited by the lower levels e You cannot create a new rule
284. epoint com support ComplianceGuardian TestSuites officeaccessibility html lt Policy URL gt lt Description gt All image objects use alternate text Alternate text doesn t contain an image or file extension lt Description gt lt True result Pass gt All objects use alternate text lt True gt lt False result Fail gt Failed one or more object failed the alternative text quality validation lt False gt lt ReportText gt lt Element ValidWhen True TrueIf All ResultNA NAResult CaseSensitive No Name img gt lt ListLoc Status Fail Type Invalid gt lt Attributes gt lt Attribute CaseSensitive No Name alt MustExist Yes AllowNull No gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt emf lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt jpg lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt jpeg lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt wmf lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt jfif lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt jpe lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt png lt TextCompare gt lt TextCompare CaseSensitive No Separator C
285. equired by ScanEngine Scan can be returned string cccContent File ReadAllText C ScanEgine Test 508 Office xml List lt string gt list new List lt string gt list Add File ReadAl1Text C ScanEgine Test 508 office a 1 xml list Add File ReadAl1Text C ScanEgine Test 508 office j xml ContentComplianceCollectionDefinitionUtility utility new ContentComplianceCollectionDefinitionUtility string xml utility GetC3sDefinition cccContent list Figure 58 Coding sample 2 2 Set the original URL of the file that will be scanned string url http www avepoint com CG Document Example docx Figure 59 Set the original URL 3 Set the physical storage path of the file that will be scanned string testingFile C ScanEgine Test Example docx Figure 60 Set the physical storage path 4 Set the scanned file s related metadata information Dictionary lt string object gt metadata new Dictionary lt string object gt metadata Cookie no cookie information metadata Key key value Figure 61 Set the scanned file s related metadata information e Geh 8 369 Compliance Guardian Installation and Administration User Guide 5 Call the ScanEngine Scan method object result engine Scan xml url testingFile metadata Figure 62 Call the ScanEngine Scan method Result Explanation The screenshot shows the sample word document containing a picture without Alt Text whic
286. er make sure all of the required ports are enabled on that server 1 Remotely connect to the server where the Compliance Guardian Timer Service is installed 2 Navigate to Start gt Administrative Tools gt Windows Firewall with Advanced Security 3 Select Inbound Rules under Windows Firewall with Advanced Security on Local Computer and select New Rule 4 Inthe Rule Type step select Port to configure the inbound rule for the ports used by Compliance Guardian Timer Service and select Next 5 Inthe Protocol and Ports step specify the rule to be applied to TCP and then select Specific local ports option Enter 14100 in the textbox and then select Next 6 Inthe Action step select the Allow the connection option to allow the connection to port 14100 and then select Next Note The port numbers may vary according to the settings configured when installing Compliance Guardian in your environments 7 Inthe Profile step keep the default selection so that all three options are selected and then select Next 8 Inthe Name step enter the Name and an optional Description for this inbound rule 9 Select Finish to complete the inbound rule creation 10 Repeat the same steps on all of the other servers that have Compliance Guardian Agents installed and have Windows Firewall enabled The port used by the Compliance Guardian Agent is 14104 ME 19 Compliance Guardian Installation and Administration User Guide y O
287. er on the ribbon The Compliance Guardian Tag Assist Manager window pops up and the message Please wait while the page is loading appears After the file is finished scanning the scan results will appear in this window There are three columns in the table of this window e Tag Name Display the tag names defined in the corresponding checks The values in this column cannot be changed e Original Value Display the tag values that are added for the file in the last scan If you have not added any tag values in the last scan there will be no value in this column e Current Value Display the file s current tag value based on the checks The current values can be modified according to your own requirements You can select to check the checkbox to the right of the tag value to determine which tag include the tag name and tag value can be added to this file Selecting the checkbox after the Current Value column will select all of the tags Select OK or Cancel and the Compliance Guardian Tag Assist Manager window will be closed e If you select OK the current tags will be added in the locations that are defined in the corresponding checks There are three locations where the tags will be o In SharePoint If a Managed Metadata type Choice type Single line of text type column named Tag Name exists in SharePoint the tag value will be added into this column if the three kinds of columns all exist in SharePoint and the name
288. er than search based on a keyword Hover over a O Compliance Guardian Installation and Administration User Guide column name and then select the filter the column button T of the column you want to filter then check the checkbox next to the item name to have that item shown in the list To remove all of the filters select Clear Filter To see more information about an update check the corresponding checkbox next to the update and then select View Details on the ribbon In the pop up window you can select Uninstall if you want to uninstall the selected update The following options can be configured in the pop up window Note Only hotfixes and feature packs can be uninstalled Service packs SP and cumulated updates CU contain major important changes between different versions and cannot be uninstalled e Inthe Manager tab all of the installed Manager services will be displayed Select Uninstall the update from all the managers below when uninstalling updates from the Compliance Guardian Manager services since all of the available manager services must be updated at the same time e Inthe Agent tab select a farm to remove the update from all Compliance Guardian Agents in that farm e When you are finished select Close to close the pop up window and then select Cancel to return to the Update Manager interface Agent Groups Agent Groups allow you to assign specific agents for performing certain jobs This way you can
289. ers They are not assigned jobs from Compliance Guardian Manager e The Compliance Guardian Agents scan the files in file share locations Installing Network Load Balancing Feature The Network Load Balancing feature must be installed in the Compliance Guardian Agent servers that you want to be used as Compliance Guardian engine workers Ensure that two network interface cards must be installed on the machines before installing the feature To install the NLB feature complete the following steps 1 Navigate to Administrative Tools gt Server Manager 2 Select Features in the left pane 3 Select Add Features in the right pane 4 Inthe Add Features Wizard select the checkbox before Network Load Balancing in the Features field of the middle pane 5 Select Install 382 F e D e e Compliance Guardian Installation and Administration User Guide Editing Network Load Balancing Cluster Properties After installing the NLB feature open Network Load Balancing Manager and then add a cluster Add the Compliance Agent servers that you want to be used as Compliance Guardian engine workers to the cluster You must edit the cluster properties To edit the cluster properties complete the following steps 1 Double select the cluster 2 Select Cluster Properties in the drop down list The Cluster Properties window appears 3 Select the Cluster Parameters tab and make sure the Unicast mode is selected 4 Select the Port Rules tab
290. erver complete the following steps 1 Check the Enable Sending E Mail Servers Settings checkbox in order to activate e mail server settings 2 Send e mail server SMTP Enter the address of the outgoing e mail server 3 Secure password authentication Check this checkbox if you have this option enabled in your E mail account configuration 4 Port Enter the SMTP port The default SMTP port is 25 For SSL authentication the default port is 587 Sender Enter the e mail address for all Compliance Guardian e mails to be sent from Username on SMTP Enter the sender s username on the SMTP server Password on SMTP Enter the sender s password to log onto the SMTP server SSL authentication Configure this option according to your e mail settings e Oe ot Oy EI Select the Validation Test button to verify the information entered If the information you entered is verified successfully a test e mail will be sent to the sender you configured 10 Select Save to save your configurations and select Close to exit the interface Configuring Receive E Mail Settings In the Receive E Mail Settings interface you will see a list of previously configured e mail notification profiles You can customize how these notification profiles are displayed in the following ways e Search Filter the notification displayed by the keyword you designate the keyword must be contained in a column value At the top of the viewing p
291. est Suite for Compliance Reporting Found in Compliance Manager This type of test suite is used to identify and report any instances of non compliance to defined rules and then identify the associated risks Test Suite for Classification and Tagging Found in Classification Manager This type of test suite is used for content classification with a variety of related actions such as embedding metadata quarantining documents and reacting content Test Suite for Redaction Found in Classification Manager This type of test suite is used for redacting the specified content in a file 2 After selecting the test suite type select Next on the ribbon or on the lower right corner of the screen The Test Suite for Compliance Reporting Test Suite for Classification and Tagging or Test Suite for Redaction screen appears 126 Compliance Guardian Installation and Administration User Guide 3 Configure the following settings e Name and Description Enter a name for the test suite The description is optional e Check Accessibility only appears when Test Suite for Compliance Reporting type is selected Select whether or not to check the file accessibility If Yes is selected the file will be scanned keeping its formatting If No is selected the file will be scanned stripping out its formatting If the file that will be scanned is the unsupported type in Compliance Guardian the function will not be used no matter the Yes option
292. et the following permission requirements e The CREATE SESSION permission e The SELECT permission to the table that will be scanned e The SELECT permission to the captured table e The SELECT permission to the remote objects if using distribution CDC e Ifthe table that will be scanned has the BFILE column the BFILE table will use one or more directories The user must have the READ permission to these directories e The SELECT permission to the following objects 26 e ae e E Compliance Guardian Installation and Administration User Guide o ALL_CHANGE_TABLES o ALL_CHANGE_SETS o ALL_CHANGE_SOURCES o ALL_USERS o ALL_CONSTRAINTS o ALL_CONS_ COLUMNS o ALL_DB_LINKS o ALL_TAB_COLUMNS o ALL_INDEXES o ALL_IND_COLUMNS o ALL_TABLES o ALL_TYPES o ALL_COLL_TYPES o ALL_TYPE_ATTRS o vSInstance o vSdatabase o vSservices If you want to use Oracle network alias to connect to the database make sure the agent account has the READ permission to the following files e ORACLE_HOME network admin listener ora e ORACLE_HOME network admin tnsnames ora e ORACLE_HOME network admin sq net ora Note 0RACLE_HOME means your ORACLE_HOME environment Required Permissions for Scanning SQL Database If Windows Authentication or SQL Authentication was selected when creating the connection with the database the agent account or the user who creates the connection must meet the following permission requirements e The Database Level role
293. etails can display in the screen If you want to view all of the selected files detailed information you must download the details to a CSV file using Download Details d Select the checkbox next to the file you want to manage Select the arrow 7 button next to the file name and a drop down list appears You can choose how to manage the file by selecting the corresponding action View Content View Properties Download Details Restore Upload Content and Delete To use this feature in SharePoint 2010 or SharePoint 2013 complete the following steps 1 Navigate to the corresponding SharePoint site collection gt Site Settings gt Manage site features and activate the Compliance Guardian Quarantine Manager feature 242 e e Compliance Guardian Installation and Administration User Guide Note At a minimum to use the Compliance Guardian Quarantine Manager feature in a site the user must have the following required seven site permissions assigned e Manage Lists e Edit Items e View Items e View Application Pages e View Pages e Open e Browse User Information 2 Return to the Site Settings and then select Compliance Guardian Quarantine Manager in the Compliance Guardian Tools and Services group You will be brought to the Compliance Guardian Quarantine Manager interface 3 In the Compliance Guardian Quarantine Manager interface select Quarantine Manager tab you will see the following areas e Tabs Sw
294. ete Select an Agent Group by checking the corresponding checkbox then select Delete to delete the selected Agent Group A confirmation window will pop up to ask if you are sure you want to delete the selected Agent Groups Select OK to delete the selected Agent Groups or select Cancel to return to the Agent Groups interface without deleting the selected Agent Groups User Notification Settings Certain Compliance Guardian products provide e mail reports or notifications to provide you with information when a certain triggering event occurs Currently Compliance Guardian notifications are provided as a pop up window within Compliance Guardian or as e mails to designated recipients We are working on providing you with additional notification options which will be configurable in the Integration Settings interface Once the notification integration feature is activated the Integration Settings button on the ribbon will become available DE Compliance Guardian Installation and Administration User Guide To access User Notification Settings for Compliance Guardian navigate to the Control Panel interface and then select User Notification Settings under the User Notification Settings heading Select Close on the ribbon to close the User Notification Settings interface Configuring Send E Mail Settings The outgoing e mail server must be configured before Compliance Guardian can send out e mail notifications To configure the outgoing e mail s
295. evel are used for finding out all of the details of the jobs and it is recommended that the level is set to Debug before troubleshooting Debug level logs also contain all of the logs from information warning and error levels o Error Logs of this level record the error messages for jobs Not all of the errors could lead to the failure of the jobs some of the errors have already been dealt with and the logs will record the detailed information o Warning Logs of this level record exceptions for jobs Warning level logs also contain all of the logs from error level e Size of Each Log The default size for a log is 5 MB You can adjust the size according to your requirements by entering a different number into the text box PE 105 Compliance Guardian Installation and Administration User Guide e Total Log Count The maximum number of all the log files in the Logs folder under the installation folder of each Manager Service For each Agent Server the Total Log Count is the maximum number of all of the log files which can be generated by each exe file The Agent logs are stored in the Logs folder under the installation folder of each Agent When the number of log files exceeds the threshold the oldest log files will be deleted When you are finished configuring Log Settings select OK to save all changes and return to the Log Manager interface or select Cancel to return to the Log Manager interface without saving any cha
296. ework version 4 0 or above is installed and ODF NET Provider is installed Installing ODP NET Provider Refer to the following steps to install ODP NET Provider Note You must have the local administrator permission for installing ODP NET Provider 1 Open the hyperlink http www oracle com technetwork topics dotnet downloads index html If your computer is 32 bit select 32 bit ODAC Xcopy Downloads if your computer is 64 bit select 64 bit ODAC Downloads in the opened webpage Whats New For Beginners Products Technical Information Downloads Community Oracle Data Access Components ODAC for Windows Downloads ODAC includes Oracle Data Provider for HET Oracle Developer Tools for Visual Studio ODT Oracle Providers for ASP NET NET stored procedure support as well as additional Oracle data access software for Windows 32 bit ODAC with Oracle Developer Tools for Visual Studio Downloads e 32 bit ODAC Xcopy Downloads 64 bit ODAC Downloads Oracle Universal Installer and Xcopy Figure 90 Oracle Data Access Components ODAC for Windows Downloads interface 2 The Downloads interface appears after you select 32 bit ODAC Xcopy Downloads or 64 bit ODAC Downloads Select ODP NET_MangedSerialNumber zip to download nest 8 393 Compliance Guardian Installation and Administration User Guide 32 bit Oracle Data Access Components ODAC Downloads You must accept the OTN Development and Distribution License Agreement to dow
297. f this check will be False In the SecondaryMatch section if you select TextCompare radio button under the TextCompare section if the element specified in the MatchElement section is not found the result of this check will be the value set for the ResultNA attribute if the element specified in the MatchElement section is found the check result will be determined by the logic in the SecondaryMatch section the attributes configured in the MatchElement section will not affect the result of this check Compliance Guardian Installation and Administration User Guide FindText Type Check The FindText type check is used to find specified text in a document The following section provides a general introduction about configuring attributes for this type of check as well as a test example for you to understand the test logic Configuring Attributes for FindText Type Check Configure the attributes for the FindText type check according to the instructions in the following sections FindText This element has the following attributes e Truelf Specify the condition when the check result is True If Found is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be True If NotFound is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be False e SearchAll Specify whether or not to check the co
298. fferent kinds of checks you can run there are the following types of checks Element Type EnhancedElement Type MatchedElement Type FindText Type ComplexFindText Type RegularExpression Type ComplexRegEx Type Dictionary Type Cookie Type SSL Type WebBeacons Type FindFile Type LinkValidation Type FileProperty Type Redaction Type Check CustomScan Details about configuring each of these check types are provided in the following sections 291 Compliance Guardian Installation and Administration User Guide Element Type Check The Element type check is used to validate whether HTML XML elements have particular settings on attributes or contents The following section provides a general introduction about configuring attributes for this type of check as well as a test example for you to understand the test logic Configuring Attributes for Element Type Check Configure the attributes for the Element type check according to the instructions in the following sections Element Configure the following attributes under the Element section ListLoc Name Specify the element name that will be tested CaseSensitive Specify if the element name being tested for must match the case exactly ResultNA Specify a result when the specified element is not found If TrueResult is selected then if the specified element is not found the True result will be returned If FalseResult is selected then if the specified
299. fication Scanner Plan in Wizard Mode sessssssssssssssserressssssrrernes 229 Performing a Scheduled Classification Scanner Plan in Form Mode ssssssssssessssssesenressssssesrreesne 231 Scheduled Classification Scanner for Social Network 232 Launching Scheduled Classification Scanner Social Network Mode 232 Configuring Connections tO vVammer sssssssssessssessrersrssssesereesrssesrsrrresnssesesrrnessssssreennessssssreennesnssnne 232 Performing a Scheduled Classification Scanner Plan in Wizard Mode sssessssesssssssseeesssssserrrees 232 Performing a Scheduled Classification Scanner Plan in Form Mode ssssssessssesssessssrnrrssssssesreesn 236 Using Compliance Guardian Features in SharePoint cccccesssssecececessesessececececesseaaeeeeeessessessaeeeeess 236 Using Compliance Guardian Tag Assist Manager in SharePoint c cccccccsssssssssseceeecessssssseseeeeeens 236 Using Compliance Guardian Quarantine Manager in SharePoint cccccccsssssssscecececsssesssteeeeeesens 239 ClassifiGationm e TEE 248 Launching Classification Report 248 ele ut TEE 249 Getting E 249 Launching Job MOnitor oirne tnei eaea Eeee e DREES EEN 249 Understanding Job Monitor 250 JOD Monitor Interface auc cco ving cease aad aaaea eaa eabaecsdcens aaea aaia a aa ea eaea EEan 250 Job Monitor vs Scheduled Job Monitor ssssssssssssesssiessisssisssrsssrsssrsssrrssrnssrnssrrssrrsstessressressressreesrese 251 Configuring th
300. file item versions o Scan the current version Only the current versions of the files items defined in the job scope are supported to be scanned o Scan all versions The files items and all their previous versions defined in the job scope are supported to be scanned If this option is selected the scan result of each file item version will be reported in the Compliance Guardian report separately Filter Policy Specify a filter policy to filter the contents that will be scanned By default the default filter policy is used and all of the types of documents items supported by Compliance Guardian are included in this default filter policy If you want to set up a new filter policy select the New Filter Policy link in the drop down list Refer to Configuring Filter Policies for more information Alert Specify whether to send out an alert e mail when an unsupported type of embedded file is found An embedded file is one file that is inserted to another file If the type of the embedded file is supported by Compliance Scanner it can be scanned as usual However if the type of the embedded file is not supported by Compliance Scanner it cannot be scanned If you choose to send out alert e mails when unsupported embedded files are found configure the recipients by selecting the corresponding checkboxes You must select a Compliance Guardian Installation and Administration User Guide default e mail template before select the
301. for Lync The Lync Mode allows you to configure an archiving plan that is used to archive the Lync content from a Lync server You can then scan that content using a defined scan policy The feature also allows you to search the archived content Launching Compliance Guardian Scanner Lync Mode From the Compliance Guardian Scanner interface select Create on the ribbon Select Lync from the drop down list You will be redirected to the Compliance Guardian Scanner Lync Mode Configuring Archiving Plans In the Compliance Guardian Scanner Lync mode or in the Compliance Guardian Scanner home page select Configure Archiving on the ribbon the Configure Archiving interface appears You can perform the following actions to the plan e Create Create a new archiving plan For detailed information on creating a plan refer to Creating and Editing an Archiving Plan e View Details View detailed settings of the selected archiving plan e Edit Edit the settings of the selected archiving plan For detailed information on editing a plan refer to Creating and Editing an Archiving Plan e Delete Delete the selected archiving plans e Enable Enable the selected archiving plans e Disable Disable the selected archiving plans e Run Now Run the selected archiving plans immediately You can select Job Monitor on the ribbon to view the job details Select Job Monitor to view the job information Select Close to close the interfac
302. for the remote farm If the License Type is Trial the following two columns appear Max Scanning Files The maximum number of files that can be scanned Remaining Scanning Files The number of the files that can still be scanned Compliance Guardian Installation and Administration User Guide Note You are only able to view the SharePoint you are licensed for o File System Select the File System tab under License Details to see the file system license information specific to License Type The type of license purchased for the product Number of Agents The number of agents you have bought Registered Agents The number of agents you have used Expiration Time The expiration time of the license for the file system Status The current status of the file system which reflects proper licensing If the License Type is Trial the following two columns appear Max Scanning Files The maximum number of files that can be scanned Remaining Scanning Files The number of the files that can still be scanned o Website Select the Website tab under License Details to see Website license information specific to License Type The type of license purchased for the product Expiration Time The expiration time of the license for the website Status The current status of the website which reflects proper licensing Test Suite Groups Display the Check group
303. g checks and removing checks You can also edit the checks in the test suite For more information refer to Editing Checks in Test Suite e Test Suite Edit the selected test suites file For more information refer to Editing Test Suite Editing Checks in Test Suite If selecting Checks in Test Suite from the Edit drop down menu you will be brought to the Edit interface where you can configure the following settings e Name and Description Edit the test suite s name and description e Check Selection All the checks that are included in the selected test suite will be loaded here Refer to the description field for an overview of each check Perform the following actions as needed o Inthe Status column you can select the down arrow and then select Enable or Disable to enable or disable a check If you disable a check the check will not be used in the test suite Note The Status column only appears if you are editing a Test Suite for Compliance Reporting o To delete one or more checks from the test suite select the checkboxes before the checks and select Delete on the ribbon o To edita single check select the checkbox to the left of the check and then select Edit on the ribbon of this interface Refer to Editing a Check You can also perform the following additional actions when selecting the checks in the Check Selection section 128 F e D e e Compliance Guardian Installation and Administratio
304. g file 3 Open the ComplianceSetting config file 4 Locate the IMSAttachmentSetting node hast 379 Compliance Guardian Installation and Administration User Guide e SingleFileSizeMax The value is the current allowed maximum size of uploading each attachment You can change the value to the desired size You can also change the unit of the size by change the value of SizeUnit e Blacklist The values are the files that are currently restricted to upload to Compliance Guardian Add the extension of the file types that are restricted to upload to AvePoint Privacy Impact Assessment in the node Use the comma as the separator lt settings gt lt TimeoutSetting timeout 1800 gt lt configureFilePath Isconfigured false path C temp gt lt FSScanJobSetting depth 1 gt lt Websitesetting CheckUniguePageTitle true DepthFirst true gt lt uUserProfile Used false gt lt UserProfile gt ai pb coe te SingleFilesizemax 50 SizeUnit MB gt lt Blacklists gt ade adp asa ashx asmx asp bas bat cdx cer chm class cmd cnt com config cpl Cp dil exe fxp gadget grp hlp hpj hta htr htw ida idc idq ins isp its jse json ksh Ink mad maf mag mam maq mar mas mat mau mav maw mcf mda mdb mde mdt mdw mdz msc msh mshl mshixm msh2 msh2xml mshxml msi ms one stub msp mst ops pcd pif pl prf prg printer ps psixml ps2 ps2xml pscl psc2 pst reg rem scf
305. g the scan if Replace is selected you must specify a value and configure the related attributes refer to Value Configuration Field The found instance will be replaced with the value you specified This element has the following attributes SearchAll Specify whether or not to check the comments and scripts ListLocation Specify whether or not to record the instance s location in the Compliance Guardian database If Yes is selected in the drop down list under the ListLocation attribute then every location of the instance found will be recorded in the Compliance Guardian database If No is selected in the drop down list under the ListLocation attribute the check continues but the locations of the instances found will not be recorded in the database 341 Compliance Guardian Installation and Administration User Guide e ListLocStatus Specify the status for the instance that is found The status will be recorded in the Compliance Guardian database Note that if the status set for True Result or False Result is Failed in the Report Text step the value for the ListLocStatus will be Fail and the value cannot be changed e CaseSensitive Specify if the text being tested for must match the case exactly e CompareType Select MustContain or MustEqual for this attribute e Dictionary Configure the following attributes o Separator Specify a separator if multiple values are specified o Value Define one or mor
306. g the similarity of these files refer to the following steps 1 Enter the o buildcomparematrix command 2 Enter the folder command and then enter the folder path The files in these folders will compare with each other 3 Enter the type command and then enter RAW TEXT or EXACT to specify the matching form 4 Enter the output command and then enter a full path of the generated CSV report 5 Press Enter The matrix CSV report will be generated in the specified path F AvePoint Conpliance Guardian Agent binXCCE FingerPrint ingIlool exe o buildcomparematrix fol der G SimilarityNlest Data type text output G Similarity TIest Data matrix csy Start generating fingerprint and calculating similarity Start analyzing the similarity and generating report Please go to G SimilarityNIest Data matrix csv to view the report Figure 51 Using the o comparefile command To generate a report grouping the files whose similarity is greater than the specified similarity threshold based on the function 3 refer to the following steps 1 Enter the o reportcluster command 2 Enter the matrix command and then enter the full path of the matrix CSV report 3 Enter the threshold command and then enter the similarity threshold 4 Enter the output command and then enter a full path of the generated report 270 Compliance Guardian Installation and Administration User Guide 5 Press Enter The report will
307. g updates for the Compliance Guardian Manager services since all of the available manager services must be updated at the same time o Inthe Agent tab select a farm to update all Compliance Guardian Agents in that farm e Delete Select Delete to delete the selected updates from Compliance Guardian The downloaded browsed update files will be deleted at the same time Reviewing the Installation History of Updates To review the installation history of your Compliance Guardian updates select View History on the ribbon You will see a list of all of the previously installed Compliance Guardian updates You can customize how the list is displayed in the following ways e Search Filter the updates displayed by the keyword you designate the keyword must be contained in a column value At the top of the viewing pane enter the keyword for the update you want to display You can select to Search all pages or Search current page e Manage columns Manage which columns are displayed in the list so that only the information you want to see is shown Select manage columns button then check the checkbox next to the column name to have that column shown in the list e Hide the column Hover over a column name and then select the hide the column button in the column name to hide the column e Filter the column T Filter which item in the list is displayed Unlike Search you can filter whichever item you want rath
308. ge it with Compliance Guardian In order to configure site collections for a SharePoint Sites Group select the SharePoint Sites Group and then select Manage Site Collection on the ribbon In the Manage Site Collection interface for a SharePoint Sites Group you will see a list of previously configured site collections To view information about a previously configured site collection select the site collection and then select View Details on the ribbon To modify to a previously configured site collection select the site collection and then select Edit on the ribbon To delete a previously configured site collection select the site collection and then select Delete on the ribbon Configuring Site Collections To add a site collection select Add on the ribbon of the Manage Site Collection interface In the Add Site Collection interface or Edit Site Collection interface configure the following settings e Site Collection URL Enter the URL of an existing site collection within this SharePoint Sites Group e Site Collection User Specify the user who has access to this site collection o Username Enter the username to use in order to manage this site collection o Password Enter the password for the specified account Note To register a site collection the specified user must have the Design permission at a minimum However the Design permission is not sufficient to use the registered PE p 107 Compliance Gua
309. getName parameter this parameter must be entered Note When using this parameter both the destination machine and the machine where you run this command must support IPv6 ReceivelnfoPort Optional This is an optional parameter to specify a port for the source machine to receive the data from the destination machine This port and the destination machine s IP are added to an inbound rule of the source machine s firewall so it allows all the connections from the destination machine Compliance Guardian recommends you configure this parameter to ensure smooth communication between the source machine and the destination machine Timeout Optional This is an optional parameter to specify a timeout value for the connection to the destination machine A PE 51 Compliance Guardian Installation and Administration User Guide lt lt Parameter Type Description timeout error will occur if there is no connection to the destination machine in the specified period 52 P D F e E Compliance Guardian Installation and Administration User Guide Unattended Installation Compliance Guardian Agent The Compliance Guardian Agent can be installed remotely using the unattended installation after the Manager s services have started Ensure the system requirements are met before starting the Compliance Guardian Agent unattended installation For more information refer to System Requirements for
310. gure the database settings for the Control Service 9 Configure a database for storing the relevant data of Control Service e Database Type Only MS SQL Server is supported to serve as the database server for Control Service e Database Server Enter the MS SQL server name e Control Database Name Enter a database name for the Control Service If the database does not exist it will be created in the provided MS SQL server e Database Credentials Select the credential for this Control Service database o Windows Authentication the default option Use this method when you want the user identity to be confirmed by Windows The specified account must have the necessary permission to access the SQL Server machine where you want to create the control service database o SQL Authentication SQL server will confirm the user identity itself according to the specified account and password The specified account must have the following permission DB Owner of the existing Compliance Guardian Control Database or DB Creator of the newly created Compliance Guardian Control Database e Passphrase Settings Enter the passphrase you want to use for protecting Compliance Guardian Manager data e Advanced Database Settings You can choose to associate the Compliance Guardian Control Database with a specific failover SQL server that is used in conjunction with SQL Server database mirroring Select Next 10 Once all of t
311. h box above the farm tree to a Select the relevant content from which you want to perform further operations by selecting the radio button to the left of the content 2 Select Create Rule from the Rule Management group on the ribbon 3 Configure the following rule settings e Report Database Select a Report Database for storing the Real Time Classification Scanner result 198 S e rae e Compliance Guardian Installation and Administration User Guide e Report Group Select the report groups Users in this group have permission to the corresponding reports e Scan Policy Select a scan policy from the drop down list or create a new scan policy to define the scan rules for scanning content For more information on working with scan policies refer to Managing Scan Policies If selecting the For Compliance Guardian Tag Assist Manager only checkbox below the Scan Policy selection drop down box the Action Policy and Filter Policy will be grayed out in this screen Instead in SharePoint through activating the Compliance Guardian Tag Assist Manager feature you can manually scan the selected content based on the scan policy defined in Compliance Guardian you can change the search results according to your requirements Note Only used for scanning documents For more detailed about using the Compliance Guardian Tag Assist Manager feature in SharePoint refer to Using Compliance Guardian Tag Assist Manager in SharePoint
312. h s Specify on which occurrence of which days of the month and the frequency to run the pruning jobs For example if you select The First Monday of every 3 month s the pruning jobs will run every three months on the first Monday of the month o The of Specify on which occurrence of which days of which month to run the pruning jobs For example if you select The First Monday of January and July the pruning jobs will run on the first Monday of January and July Range of Recurrence Specify the Start time for pruning jobs Select one of the following options for the end time and configure its settings e No end date The pruning jobs will run on the configured schedule until you manually end it e End after occurrence s The pruning jobs will stop running after the number of times you specify here e End by __ The pruning jobs will end on the date and time you specify here When you are finished configuring the new schedule you want to add select OK to save or select Cancel to close the Add Schedule interface without saving Compliance Guardian Installation and Administration User Guide Log Manager Log Manager allows you to manage the logs of all of the Compliance Guardian services Logs provide the Compliance Guardian support staff with important information for quicker troubleshooting Log Manager has Job Monitor integrated within the interface To see the progress of your log collection jobs select Job
313. h violates the scan language defined in the TDF 508 office a 1 xml Scan Engine Test File AavePoint 1 Line Color Title Line Style Shadow Description Reflection Glow and Soft Edges 3 D Format 3 D Rotation Picture Corrections Titles and descriptions provide alternative text based representations of the information contained in tables diagrams images and other Picture Color objects This information is useful for people with vision or cognitive impairments who may not be able to see or understand the object Artistic Effects A title can be read to a person with a disability and is used to Crop determine whether they wish to hear the description of the content Text Box Figure 63 Screenshot of the sample Microsoft Word document 1 The screenshot shows the pages in a sample word document with a page number set up This fulfills the TDF 508 office j xml 370 S Se e Compliance Guardian Installation and Administration User Guide Home Inset Page Layout References Mailings Review View Add Ins Design Layout Design ES B E Bal E Previous E Different First Page D Header from Top 0 5 S S es BE E Next Different Odd amp Even Pages 3 Footer from Bottom 0 5 Header Footer Page Date amp Quick Picture Clip Goto Goto a m gt Close Header z er EE Art Header Footer Link to Previous Wl Show Document Text B Inser
314. he Microsoft SharePoint Foundation Web Application service hast 119 Compliance Guardian Installation and Administration User Guide e Number of Available Agents Number of the Compliance Guardian Agents with an up Vd and Active status e Deployment Method Currently the solution can only be locally deployed In other words solution files are deployed only to the Compliance Guardian Agent Server from which the deployment operation was initiated Viewing the Solution s Information You can view the following information of the solutions in the corresponding table e Solution Name of the Compliance Guardian solution e Module Name of the module this solution is intended for The following information is only available if you have a farm selected e Version Version of the solution e Status Deployment status of the solution file o N A The solution is not installed o Not Deployed The solution is installed but not deployed o Deployed The solution is deployed to all of the Agent servers o Partially Deployed The solution is deployed to some of the Agent servers e Last Refreshed Time Last modified time of the corresponding solution e Message Detailed information about the solution deployment Operations on the Solutions Select a solution from the table by checking the corresponding checkbox You can perform the following actions e Install Select Install on the ribbon
315. he algorithm from this value Node lt Parameters gt is for the parameters needed for specific algorithms all content will be passed internally as a String lt CustomCheck Node gt lt CustomCheck Name Credit Card Number Class DocAve ContentCompliance Engine Checksum CommonChecksum gt lt Parameters gt lt CDATA Parameter as string gt lt Parameters gt lt CustomCheck gt Note In order to load the external DLLs they must be put either in the agent bin folder or in GAC Example lt Canadian SIN amp Credit Card Number gt lt RegEx CaseSensitive No ListLocStatus Fail ListLoc Yes SearchAll True TrueIf NotFound CustomCheck Credit Card Number gt lt CDATA lt b d 3 I d 3 1 d 3 2 b J 1 gt lt RegEx gt This is an example that how a checksum is defined in check Note the checksum algorithm to the RegEx is defined by CustomCheck Credit Card Number A Class example which implements the interface public class LuhnAlgorithm IValidation public string Parameters get set public LuhnAlgorithm string parameters this Parameters parameters public bool Validate string number ME f 363 Compliance Guardian Installation and Administration User Guide if string IsNullOrEmpty this Parameters return ValidateInternal number else return ValidateInternal number this Parameters pub
316. he corresponding rule You may select Edit on the ribbon to make changes to the rule of the selected node You will be brought to the Edit page where you can change the rule settings for the node Select Apply on the ribbon to save the changes and apply the rule Select Cancel on the ribbon to return to the home page without saving any of your changes Real Time Classification Scanner for SharePoint The SharePoint mode is used to scan contents in SharePoint classify them and then perform actions to the scanned contents in real time Note The posts and replies in SharePoint 2013 Newsfeed are also supported being scanned The notes in Note Board in SharePoint are also supported being scanned Launching Real Time Classification Scanner SharePoint Mode On the Real Time Classification Scanner Home interface select Create on the ribbon A drop down list appears Select SharePoint from the drop down list to enter the Real Time Classification SharePoint Mode Using Real Time Classification Scanner Rules in SharePoint Mode Refer to the following section for using Real Time Classification Scanner rules Creating Real Time Classification Scanner Rules in SharePoint Mode To create a Real Time Classification Scanner rule complete the following steps 1 Select the scope of the content you want to scan a From the Scope panel on the left select the farm that contains the relevant SharePoint content You can enter a keyword into the Searc
317. he current user E mail Enter the e mail address of the current logged on user Description Enter the optional description for future reference o Password Change the user password and configure the security settings for the logged on user Check the Change my password checkbox supply the New password and re enter the new password in the Confirm new password field Select the desired security settings by checking the corresponding checkboxes If desired select a deactivation method for the password Never The password never expires After day s Enter the number of days you wish the password to be valid for before it expires Dn Select the calendar button OS to choose the date when you wish the password to expire o Group Change the group the logged on user belongs to Select the desired group from the drop down menu The user will have all of the permissions of the specified group When you are finished select Save to save your changes and return to the Users interface or select Cancel to return to the Users interface without saving any changes made e Delete User To delete previously configured users select the users by checking the corresponding checkbox then select Delete User on the ribbon A confirmation window will pop up for this deletion Select OK to delete the selected users or select Cancel to return to the Account Manager interface without deleting the selected users e Activa
318. he description for the test group In Scan Result of Compliance Guardian report the description will display in the file s corresponding detailed report e SubCheck Configure the following attributes for this element O CheckName Select a check Refer to the following steps for selecting the check Select the text field under the CheckName attribute a pop up window appears Inthe pop up window select the radio button before the desired check and select OK RunCheck If True is selected for this attribute when running a Compliance Guardian job using the test suite the files will be scanned according to the rule set in this check If False is selected for this attribute the corresponding check will not be used to scan the files RiskLevel r1 The Item Initial Risk value assigned on the initial occurrence of the compliance failure related to the check being tested for in the document or stream Allowed values for RiskLevel r1 are 1 10 RiskLevel r2 The Item Additional Risk Level factor that the risk level grows at for every additional failure at the check level for the same type found in the document or stream This number is optional where the integer 1 means ignore the value allowing to use the third value If the value is 1 then the factor will be 1 Allowed values are 1 to 10 This is optional RiskLevel r3 The Item risk in relation to other checks This Item is optional If this
319. he drop down menu or you can directly select Start with Wizard Mode on the landing page 3 Enter a Plan Name for the plan and an optional Description 4 Select Next on the ribbon or on the lower right section of the screen The Report Settings screen appears 5 Configure the following report settings e Report Database Select a report database for storing the job result e Report Group Select a Compliance Guardian group from the drop down list Once a group is specified as the Report Group all of the users in the specified group will be able to access the Classification Report gt Action Report module and perform actions to the 224 Compliance Guardian Installation and Administration User Guide related files Multiple groups can be specified here Choose Select All to select all of the listed groups 6 Select Next on the ribbon or on the lower right section of the screen The Scan Settings screen appears 7 Configure the following scan settings e Action Policy Select an action policy from the drop down list or create a new action policy to define the actions to the content that will be scanned out For more information on working with action policies refer to Managing Action Policies e Scan Policy Select a scan policy from the drop down list or create a new scan policy to define the scan rules for scanning content For more information on working with scan policies refer to Configuring Scan Policies e
320. he files are uploaded to the corresponding library Note SP2013CustomUploadPage wsp is used to deploy on a SharePoint 2013 farm and SP2010CustomUploadPage wsp is used to deploy on a SharePoint 2010 farm In SharePoint 2013 if you want to edit the library settings in a site collection that is created using the 2010 experience version you must also deploy SP2010CustomUploadPage wsp on the SharePoint 2013 farm Customizing SharePoint Page and Message Compliance Guardian allows users to customize pages and error messages which appear when a Real Time Classification action is triggered This does not affect SharePoint s own behaviors Although the user customizes their own error message or page when some errors occur due to the SharePoint s own behaviors the SharePoint built in error page will appears Basic Customization The Basic Customization feature allows you to customize your own page You can use Visual Studio to create the SharePoint solution and then create a SharePoint page Use the code of the created page to invoke the HttpContext Current Items ErrorText property for accessing the error message string To configure the RTS process complete the following steps 1 Open RTSv2 exe config apply to SharePoint 2007 or SharePoint 2010 or RTSv4 exe config apply to SharePoint 2013 in AvePoint Compliance Guardian Agent bin 202 e a e Compliance Guardian Installation and Administration User Guide 2 F
321. he following steps to log into Yammer 1 Select Log into Yammer 2 Select a connection Select Login 3 Enter the account used to log into Yammer Then select Log In When you post messages refresh data or get messages using this login account the messages will be scanned according to the Real Time Classification Scanner rule configured in Compliance Guardian Note You can only post message to one group at a time using the Web part 208 e D e e Compliance Guardian Installation and Administration User Guide A 4vePoint Yammer Connector e What are you working on Log Out John Smith Top All Following Refresh John Smith To IT John Smith To All Campany working ViewConversation Like Reply Share More 05 30 01 31pm J Approve John Smith A To All Company hi O Approve 2 Hi John Smith To All Company Saas Like Reply Share More 05 30 01 24pm Saas Figure 24 AvePoint Yammer Connector Web Part Scheduled Classification Scanner Scheduled Classification Scanner enables you to define a scan scope and then it performs a scheduled or immediate job to scan out the related content according to the scan policy at last take the specified actions to the scanned content Pre Configurations Configuring Scan Policies Scan policies define the compliance rules to be used when scanning the contents in the specified scope To configure the scan policies select Scan Policy on the ribbon of the Schedu
322. he permissions required for each Compliance Guardian module refer to the section of that module in this user guide The ideal account permissions for all Compliance Guardian products are listed below Local System Permissions The specified Agent Account will be granted Full Control permission to the following groups and folders during Compliance Guardian Agent installation Note The local administrator permission is required for the Agent Account when you are installing the Compliance Guardian solutions using the Agent Account in Solution Manager o IIS_WPG for IIS6 0 or IIS_IUSRS for IIS7 o Performance Monitor Users a 33 Compliance Guardian Installation and Administration User Guide a o Compliance Guardian Users the group is created by Compliance Guardian automatically and it has the following permissions Full Control to the Registry of HKEY_LOCAL_MACHINE SOFTWARE AvePoint ComplianceGuardian Full Control to the Registry of HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet services eventlog Full Control to the Communication Certificate Permission of Log on as a batch job it can be found within Control Panel Administrative Tools Local Security Policy Security Settings Local Policies User Rights Assignment Full Control Permission of Compliance Guardian Agent installation directory SharePoint Permissions for SharePoint 2007 o Member of the Farm Administrators group o Full Control permission to all zones
323. he pop up window and select Save to save the file You can view configuration information on the file and then save the test suite in Compliance Guardian after you have previewed the file and confirmed the file information Uploading Checks and Test Suites Select Upload on the ribbon A window will pop up and then you can select the desired test suite or check The uploaded test suite will display in the test suite list in the Test Suite Manager interface the uploaded check will be loaded when you create a test suite You can upload multiple test suites or checks at one time Before uploading the test suites or checks you must zip the test suites to one file or zip the checks to one file first and then select the ZIP file to upload them to Compliance Guardian hast 127 Compliance Guardian Installation and Administration User Guide Downloading a Test Suite Select a test suite from the list of previously configured test suites and then select Download on the ribbon Viewing Details about a Test Suite Select a test suite from the list of previously configured test suites and then select View Details on the ribbon Editing a Previously Configured Check or Test Suite In the Test Suite Manager interface select the test suite that you want to edit and then select Edit on the ribbon A drop down menu appears Choose one of the following options e Checks in Test Suite Edit the test suite by enabling or disablin
324. he required information has been configured all of the information configured in the previous steps is listed on the Installation Summary page Select Save and specify the path you want to save the Answer file to You can also modify the Answer file s name in the pop up window 48 F e D e e C Compliance Guardian Installation and Administration User Guide Import the Unattendedinstallation dll File Before performing the Compliance Guardian Manager unattended installation the UnattendedInstallation dll file must be imported into Windows PowerShell using either of the two methods below Note If the Unattendedinstallation dill file is not imported successfully use the Set ExecutionPolicy command to set the execution policy to Unrestricted RemoteSigned or AllSigned in Windows PowerShell and perform the import again using one of the following methods To manually import the UnattendedInstallation dll file complete the following steps 1 Select Start on the server with the unzipped Manager installation package residing in and find Windows PowerShell Right click on it and select Run as administrator to run it 2 Enter the following command and press Enter to import the Unattendedinstallation dll file Import Module UnattendedInstall PowerShellModules UnattendediInstallation dll To automatically import the UnattendedInstallation dll file complete the following steps 1 Navigate to the Unattendedinstall PowerShellMo
325. he sections below for important information on getting started with Real Time Classification Scanner Launching Real Time Classification Scanner To launch Real Time Classification Scanner complete the following steps 1 Log into Compliance Guardian If you are already in the software select the home page button Cai to go to the home page From the home page all of the products are displayed 2 Select Classification Scanner The Classification Scanner interface appears 3 Select the Real Time Classification Scanner tab e Greg f 195 Compliance Guardian Installation and Administration User Guide 4 Alternatively you can select Administration on the top left corner select the Classification Scanner tab on the appeared navigation bar and then select the Real Time Classification Scanner tab in the appeared interface Classification Manager gt Real Time Classification Scanner Report v Administration v Scheduled Classification Scanner Real Time Classification Scanner mg Create Manage Search all pages Search current page bh 2 W Data Source Node Scan Policy Action Policy Filter Policy Modified Time There are no items to show in this view m Show rows 15 v Goto 1 of1 0 of 0 selected Figure 22 Launching Real Time Classification Scanner 196 F S sn e e Compliance Guardian Installation and Administration User Guide Home Page Overview The Real Time Classification Scanner home page
326. heck The content of the file A that will be tested contains the following two values 508 508 Create and configure the FindText check test logic 1 Create a FindText Type check In the Report Text step in the False Result and Message field select User Review Required in the False Result drop down list 2 Configure the elements in the check Select NotFound in the drop down list under the Truelf attribute Select Yes in the drop down list under the SearchAll attribute Select Yes in the drop down list under the ListLocation attribute Select Note in the drop down list under the ListLocStatus attribute Select No in the drop down list under the CaseSensitive attribute Enter 2 as the value for the MustRepeat attribute Select MustEqual for the CompareType attribute Enter 508 in the Value field 3 Save the check 4 Run a Compliance Scanner job The test suite used in this job contains the check configured above Review the FindText Check test logic 312 If MustEqual is selected for the CompareType attribute then the content must exactly equal the value we specified in order to be found If MustContain is selected for this attribute then the content only needs to contain the value in order to be found For example if the tested file contains the word Front end and we select MustEqual for the CompareType attribute with the value specified as end then the word Front end will not be found but if we select MustContain f
327. heck In the Report Text step in the False Result and Message field select User Review Required in the False Result drop down list 2 Configure the Element section e Specify the element name A for the Name attribute e Select No in the drop down list under the CaseSensitive attribute Au p 3 303 Compliance Guardian Installation and Administration User Guide Select ResultNA in the drop down list under the ResultNA attribute Select One in the drop down list under the Truelf attribute Select False in the drop down list under the ValidWhen attribute 3 Inthe ListLoc section Select Valid in the drop down list under the Type attribute Select Warn in the drop down list under the Status attribute 4 Select the checkbox before TextCompare and configure the following attributes Select MustContain in the drop down list under the CompareType attribute Enter as the separator Select Yes in the drop down list under the CaseSensitive attribute Enter google in the Value field 5 Select the checkbox before SecondaryElement and configure the following attributes 6 Save the check Specify the element name IMG for the Name attribute Select No in the drop down list under the CaseSensitive attribute Select Yes in the drop down list under the MustExist attribute Select One in the drop down list under the Truelf attribute Select Yes in the drop down list under the MustNext attribute Select the chec
328. hen enter the relative path or full path of a library or folder to move the files to the library or a folder within the same site You can also enter a full path of a library or folder to move the files to another site in the same farm e Quarantine Option Select the If the files fail to move they will be quarantined checkbox if you want to deal with the files that are failed to be moved With this option 188 Compliance Guardian Installation and Administration User Guide enabled the files that are failed to be moved will then be quarantined The following conditions will lead to the failure of moving files o There is no content type that matches the source file s content type in the target library o The matched content type of the target library where the allowed location is does not contain all of the source file s columns o Other unknown system issues If the If the files fail to move they will be quarantined checkbox is selected configure the following settings o Manage Quarantine Files or Items Configure the following settings Specify a SharePoint group that has the permissions to view or manage the quarantined data in SharePoint Specify who can view and manage the quarantined data in Compliance Guardian Quarantine Manager in SharePoint For more information on managing the quarantined files refer to Using Compliance Guardian Quarantine Manager in SharePoint SharePoint Group Name Enter
329. here the command is run and the destination machine that the Compliance Guardian Agent is installed to If an IPv6 address is entered in TargetName parameter this parameter must be entered Note When using this parameter both the destination machine and the machine where you run this command must support IPv6 ReceivelnfoPort Optional This is an optional parameter to specify a port for the source machine to receive the data from the destination machine This port and the destination machine s IP are added to an inbound rule of the source machine s firewall so it allows all the connections from the destination machine Compliance Guardian recommends you configure this parameter to ensure smooth communication between the source machine and the destination machine Timeout Optional This is an optional parameter to specify a timeout value for the connection to the destination machine A timeout error will occur if there is no connection to the destination machine in the specified period oe 57 Compliance Guardian Installation and Administration User Guide pe Installing Compliance Guardian App for Real Time Classification Compliance Guardian App for Real Time Classification is used to support scanning SharePoint Online sites in real time To scan SharePoint Online sites you must first install the app and then activate the app in Control Panel gt SharePoint Sites For more information on Real Time
330. hips And and Or By default the logic is set to And To change the logical relationship select the logical relationship link The And logical relationship means that the content which meets all of the rules will be filtered and included in the result The Or logic means that the content which meets any one of the rules will be filtered and included in the result Select OK in the interface to save the changes or select Cancel to return to the Create Action Policy interface or Edit Action Policy interface without saving any changes 193 Compliance Guardian Installation and Administration User Guide After you finished configuring the Conditions settings select the right arrow br after Conditions in the Create or Edit Action Policy interface to review the configured settings e Actions Select an action to handle the content which is found by performing the classification jobs Then select Add an Action Repeat the above step to add multiple actions The actions then will be added If the Configure button appears after the added action you must select it to configure the settings for the action Select the delete 25 button after an action to deselect to add this action You can change the order of the action configuration by selecting the textbox before the added action to determine the priority of the action For details of each action refer to Classification Actions Select the right arrow b after Actions to review
331. i AgentToolExportClassificationResults exe Mim E3 Start getting the classification report database information from the Control sepi rvice 2 database information are retrieved from the Control service Start exporting the action report to Event Viewer Start exporting data from the database 1636 Start exporting the tag results Exporting tag results finished Start exporting the action results Exporting the action results finished Exporting data from the database 1030 finished Start exporting the social tag results Exporting social data tag results finished Start exporting the social action results Exporting the social data action results finished Start exporting data from the database Report_leol Start exporting the tag results Exporting tag results finished Start exporting the action results Exporting the action results finished Exporting data from the database Report_leol finished Start exporting the social tag results Exporting social data tag results finished Start exporting the social action results Exporting the social data action results finished Exporting data finished Press any key to exit Figure 47 The interface of running AgentToolExportClassificationResults exe 3 The action reports and social reports are exported to Event Viewer after the exporting job finishes Select Start on the machine find Event Viewer and select it Select Applications and Services L
332. iance Guardian Installation and Administration User Guide SS Launching Real Time Classification Scanner 195 HOME Page OVER GW NE E die geg deeg E ee E ee da eee Seen 197 Configuring Actions ON the Ribbon sirisssnisiiieiiissecrnisiurdesirininriiiordesriidedn sitiena itasse dn kaiari setni 197 Selecting ModE career ear oe ae re en ee eee eee 197 Managing ee 198 Real Time Classification Scanner for SharePoint A 198 Launching Real Time Classification Scanner SharePoint Mode 198 Using Real Time Classification Scanner Rules in SharePoint Mode 198 Customizing SharePoint Page and Message 202 Real Time Classification Scanner for Social Network 00 0 eeseeesseceenceceeeeeceaeeeeaaeceeaeeceseeeeaaeeeeaaeeeeeeeenas 204 Launching Real Time Classification Scanner Social Network Mode cccccsesssceeeeeeessessneeeeeeesesees 204 Configuring Connections tO vVammer ssssssessrsssssssreesrsssssseretnrssssenrneenrssssesrrnennssnseeennesnssnseennnesnssnne 204 Using Real Time Classification Scanner Rules in Social Network Mode sssssssessssssssesressssssrsrres 205 Using AvePoint Yammer Connector Web Part to Post Messages tovammer 208 Enable the AvePoint Yammer Connector Feature oo cecceessceesceceeeeeceeeeeeaeeeeaaeceeeeeseaeeeeaaeeeeaeeeaes 208 Adding the AvePoint Yammer Connector Web Part 208 Posting Messages to Yammer through the AvePoint Yammer Connector Web bart 208 Scheduled Classification Scanner 209 Me ele E LC e EE
333. iance Guardian modules and functionalities you want to use For more information on where to install the Compliance Guardian Agents refer to Where to Install Compliance Guardian Agent Note Compliance Guardian supports scanning Microsoft Office files in a 2003 or earlier format using iFilter If you are using an earlier version of Compliance Guardian or if you updated to Compliance Guardian 3 SP3 from an earlier version you must download a compatibility pack and download an update pack to scan the Microsoft Office files can keep the file s accessibility attributes If you prefer to scan these files through installing the compatibility pack but not through iFilter you can install Microsoft Office Compatibility Pack for Word Excel and PowerPoint File Formats and install Microsoft Office Compatibility Pack Service Pack 3 SP3 Then add the following node under the OfficeFileMapping node in the configuration file ContentComplianceConfig xml you can find the file under the path Compliance Guardian Agent Bin lt NeedConvert gt lt Extension gt xls lt Extension gt lt NeedConvert gt oe 23 Compliance Guardian Installation and Administration User Guide SSS lt OfficeFileMapping gt lt Word gt lt Excel gt lt Supported gt lt Extension gt xIsx lt Extension gt lt Extension gt xIlsm lt Extension gt lt Extension gt xltm lt Extension gt lt Extension gt xlam lt Extension gt lt
334. iance Manager V E x Compliance Scanner Compliance Report Classification Manager Q Ce Classification Scanner Classification Report System Manager Iess Control Panel Job Monitor Figure 31 Classification Report module launch window 248 F e a e Compliance Guardian Installation and Administration User Guide Job Monitor Job Monitor allows you to view the status or details of jobs download reports and manage the jobs all from a central interface Job Monitor is also integrated into other Compliance Guardian products which enables you to manage the jobs inside its corresponding modules with additional features specific to the product itself These additional features are also available in the stand alone Job Monitor module Getting Started Refer to the following sections for important information on getting started with Job Monitor Launching Job Monitor To launch Job Monitor and access its functionality complete the following steps 1 Log in to Compliance Guardian If you are already in the software select the home page button fal on the left corner to go the home page 2 From the home page select Job Monitor to launch the module fi Report Y Administration v Welcome What do you want to do next A Compliance Manager mo TR Compliance Scanner Compliance Report Classification Manager ZC E E Classification Scanner Classification Report System Manager
335. ice 365 Account Profile Manager interface e Select Create on the ribbon to create a new Office 365 account profile Configure the following setting o Profile Name Enter a name for the Office 365 account profile you are about to create o Office 365 Credentials Specify the Office 365 credentials for the Office 365 account profile you are about to create Office 365 User ID Enter the user ID for the Office 365 account profile SharePoint admin center URL Enter the corresponding password for the Office 365 account profile o Select Save on the ribbon to save your configurations and go back to the Office 365 Account Profile Manager interface or select Cancel on the ribbon to go back to the Office 365 Account Profile Manager interface without saving any configurations e Select Edit on the ribbon to edit the selected Office 365 account profile o Profile Name Enter a name for the Office 365 account profile you are about to create o Office 365 Credentials Specify the Office 365 credentials for the Office 365 account profile you are about to create Office 365 User ID Enter the user ID for the Office 365 account profile SharePoint admin center URL Enter the corresponding password for the Office 365 account profile o Select Save on the ribbon to save your configurations and go back to the Office 365 Account Profile Manager interface or select Cancel on the ribbon to go back to the Office
336. ided solution You can also re scan the rules after you have solved the issue to ensure that the provided solution solved the problem To access Self Checker in the Control Panel interface click Self Checker under the Self Checker heading Click Close on the ribbon to close the Self Checker interface Managing Self Checker Profiles Use the Self Checker profile to include the rules you are about to check for your Compliance Guardian modules In the Self Checker interface click Profile Manager on the ribbon In the appeared interface you can see a list of previously configured profiles and perform the following actions to the profiles e Create Creates a profile To do so click Create on the ribbon e View Details Views the detailed information of the selected profile To do so select a profile by selecting the corresponding checkbox and then click View Details on the ribbon e Edit Edits the selected profile To do so select a profile by selecting the corresponding checkbox and then click Edit on the ribbon e Delete Deletes the selected profiles To do so select one or more profiles by selecting the corresponding checkboxes and then click Delete on the ribbon e Run Now Run the selected profile immediately To do so select a profile by selecting the corresponding checkbox and then click Run Now on the ribbon e Job Monitor View and manage the profiles jobs To do so click Job Monitor on the ribbo
337. ield View the files in the selected nodes e File Details Display a file s detailed information kret 241 Compliance Guardian Installation and Administration User Guide gintama Welcome System Account My Ste MyLinkss 8 gintama publish_pagel this i a pagenot a wiki page Compliance Guardian Quarantine Manager Use this page to manage the quarantined fies PB view content view Properties DA Download Details A Restore X Delete UploadContent Data Range Type Name Original Location Crested Crested By Modified Time Modified By Quarantine Method A nitpsr10 1 4228 9627 There are no items to show in this view Files Field File Details File Name File Location File Details Violation Figure 28 SharePoint 2007 Compliance Guardian Quarantine Manager Interface 4 To manage the quarantined files complete the following steps a Inthe scope area of the screen select the site collection to expand to the node in which the files you want to manage are b Select the node and you will see all of the files listed in the Files field to the right of the Scope field c Select the specific files by checking the checkbox in front of the file in the Files field The file details will display in the File Details field Note In the File Details field only one file s details can be displayed If you select several files only the last selected file s d
338. ification from the drop down menu in the Report column Select either Summary Report Recipient or Detailed Report Recipient o Enter the notification recipient s e mail address in the Recipient column o Repeat the settings above to add more recipients e Report Setting Only for Notification Select the type of information to include for the report levels the recipients of the corresponding report types must exist before you can 100 S e e e Compliance Guardian Installation and Administration User Guide configure the report levels If Notification was selected you can configure the following settings o Summary report level s Set when to send the summary report By default Success Failure and Warning are all selected After the job completed failed or completed with exception a summary report will be sent to the recipient o Detailed report level s Set when to send the detailed report By default Success Failure and Warning are all selected After the job completed failed or completed with exception a detailed report will be sent to the recipient o Send all logs to recipient according to status Select what kind of logs will be sent to recipient You can select Success Failure or Warning By default Failure is selected o Message format Select the format which the message will be delivered in HTML or Plain text Select Save on the ribbon to save the settings or select Cancel to return to
339. ify D Delete L7eList ErExit H Help gt peration gt 1 PS1 UNCPath 1 3 2 12 f test UserName bjhazy qhquo PS2 UNCPath 18 3 2 199Nd5 UserName corpadnministrator Please select the operation CA fAdd M Modify D Delete L List E Exit H He lp peration gt a The total number of PileShares need to be added 2 DEKE UNCPath 1 3 2 139 Nd test UserName corp adnministrator Password ssa Figure 85 Doing Operations on the lt FS gt Node Configuring Communication Settings All of the Compliance Guardian Agents must configure the communication settings for supporting Network Load Balancing To configure the communication settings complete the following steps 1 Find the ContentComplianceConfig xml file under the path Compliance Guardian Agent Bin 2 Open the ContentComplianceConfig xml file with Notepad A p p 385 Compliance Guardian Installation and Administration User Guide 3 Find the lt Communication gt node For the agent server that has been added in the cluster the first line of the node is lt Communication IsSingleProcess False IsRemote False InCluster True gt For the agent server that has been added into the agent group the first line of the node is lt Communication IsSingleProcess False IsRemote True InCluster False gt Configure the following attributes for the lt Communication gt node to support Network Load Balancing RemotelP Ente
340. ilder complete the following steps 1 After selecting the archiving plans select Plan Builder on the ribbon of the Compliance Scanner page 2 From the drop down menu select Wizard Mode for step by step guidance during configuration or select Form Mode recommended for advanced users only to set up a plan quickly Refer to the section below that is applicable to your choice for information about performing a Compliance Scanner plan Performing a Compliance Scanner Plan in Wizard Mode To configure a plan using Wizard Mode complete the following steps Note An asterisk in the user interface indicates a mandatory field or step 1 Enter a Plan Name and an optional Description Select Next The Report Settings page appears 2 Configure the report settings Database Policy Select a database policy from the drop down list to store the results of a Compliance Scanner job If you want to set up a new database policy select the New Database Policy link in the drop down list Report Group Select a Compliance Guardian group from the drop down list Once a group is selected all of the users in the group will be able to view and download the reports in the Compliance Report module Multiple groups can be selected Choose Select All to select all of the listed groups Select Next The Scan Settings page appears 3 Configure the scan settings Scan Policy Select a scan policy from the drop down list Filte
341. ime Classification Scanner is used to scan contents classify them and then perform actions to the scanned contents in real time The Real Time Classification Scanner rule must first be applied on the desired scope before using Real Time Classification Scanner to scan contents in the specified scope For more information refer to Creating Real Time Classification Scanner Rules After you apply the Real Time Classification Scanner rule the updated content in the defined scope will be scanned and dealt with according to the specified rule in real time Pre Configurations Configuring Scan Policies Ascan policy defines the compliance rules to be used when scanning the contents in the specified scope To configure the scan policies select the Real Time Classification Scanner select a data source then select Edit on the ribbon or select Create and select SharePoint or Social Network from the drop down list Then select Scan Policy Managing Scan Policies The Scan Policy interface displays all of the scan policies that you have previously created In the Scan Policy interface you can change the number of scan policies displayed per page and the order in which they are displayed To change the number of scan policies displayed per page select the desired number from the Show rows drop down menu in the lower right hand corner To sort the action policies select a column heading such as Scan Policy Name Description or Last Modified Time
342. in the Create Action Policy or Edit Action Policy interface configure the Alert settings in the appeared Configure interface 194 e D e e Compliance Guardian Installation and Administration User Guide e Specify a default e mail template You must select a default e mail template before select the recipients Select the New Notification Template link to create a new template e Creator e mail template Select this checkbox to send an alert e mail to the creator of the post content If this option is selected you must select an e mail template from the corresponding drop down list If you do not select an e mail template Compliance Guardian will use the default e mail template e Userin the selected notification profile Select this checkbox to send an alert e mail to the recipients configured in the selected alert notification profile If this option is selected you must select an alert notification profile from the appeared drop down list Select OK to save the changes or select Cancel to exit the Configure interface without any changes Block The posts that meet the condition configured in the action policy will be blocked Redact The posts that meet the condition configured in the action policy will be redacted according to the Redaction type test suite selected in the corresponding scan policy Delete The posts that meet the condition configured in the action policy will be deleted Getting Started Refer to t
343. ind the node lt configuration gt lt appSettings gt lt add key ErrorPagePath gt Change the value to be the path of the customized page Refer to Method to Get the Page Path Method to Get the Page Path To get the customized page path complete the following steps Open the IIS Manager Find the _layouts node in the left pane of IIS Manager Right click the _layouts node A drop down list appears Select Explore and then find the customized page Open the page St 2 es Ss Copy the part after layouts or layouts 15 of the pages URL and then paste it in the lt configuration gt lt appSettings gt lt add key ErrorPagePath gt node Advanced Customization The Advanced Customization feature allows you to customize the pop up message Write the DLL file implement the interface of Content Compliance Scanner PAL IMailFormatter CCS PAL Version 1 0 0 0 Culture neutral PublicKeyToken fffb45e56dd478e3 You can receive IEnumerable lt TagResult gt tagResults storing the tagging information ActionScope storing the action information and the string template parameter through the interface Read and obtain the data structure and then convert to the desired character strings After the character strings return the RTS process will submit the strings to the SharePoint built in error page or submit the strings to the customized page Advanced Customization also allows you to format messages through different method
344. ine Manager in SharePoint SP2007AssistManager wsp SP2010AssistManager wsp SP2013AssistManager wsp This solution is only used for the Real Time Classification Scanner module After enabling this feature you can manually scan the document in the specified scope defined in Compliance Guardian and view the scanned results or you can directly modify the tag values for the scanned document without modifying the checks SP2007InstallEventReceiver wsp SP2010InstallEventReceiver wsp This solution is only used for the Real Time Classification Scanner module If you deploy this solution the Compliance Guardian Newly Created Sites Real Time Scan feature will be enabled on the Web application automatically The newly created site s corresponding Compliance Guardian Real Time Scan feature will also be enabled and then the newly created site will apply its parent s Real Time Classification rule if the parent has applied a rule hast 121 Compliance Guardian Installation and Administration User Guide YammerConnector wsp This solution is used for the Real Time Classification Scanner module After enabling this feature and configuring related settings in Real Time Classification Scanner Compliance Guardian will scan the content posted through the SharePoint Web part to Yammer Database Manager Database Manager allows you to create and configure the databases for a Compliance Scan job and Classification Scan job to use A dat
345. ing Compliance Guardian Manager installation e IIS_WPG for IIS 6 0 or IIS_IUSRS for IIS 7 0 e Full Control to HKEY_LOCAL_MACHINE SOFTWARE AvePoint ComplianceGuardian e Full Control to Compliance Guardian Manager folder e Member of the Performance Monitor Users group e Full Control to Compliance Guardian Certificate private keys e Full Control or Read Write Modify and Delete to C WINDOWS Temp only for Windows 2003 environment You can add the application pool account to the local Administrators group to meet the required permissions The application pool account must have the following permissions to use the AvePoint Yammer Connector Web Part 22 e ae e E Compliance Guardian Installation and Administration User Guide e Full Control to Compliance Guardian Agent folder e Full Control HKEY_LOCAL_MACHINE SOFTWARE AvePoint ComplianceGuardian Compliance Guardian Agent System Requirements The Compliance Guardian Agent has one service called the Compliance Guardian Agent Service A Compliance Guardian Agent communicates with SharePoint based on the commands it receives from the Compliance Guardian Manager s Control Service Multiple agent setups provide redundancy as well as scalability for large environments by allowing you to use different accounts for different farms where multiple farms exist The Compliance Guardian Agent can be installed on different machines according to the role of the machine and the Compl
346. ing attributes appear e CompareType Specify a compare type The attributes for CompareType are MustContain MustNotContain MustEqual MustNotEqual MustMatch and MustNotMatch e Separator Specify a separator if multiple values are specified e CaseSensitive Specify if the attribute being tested for must match the case exactly e Value Define one or more values for the test use the separator specified before to separate the values Select the delete button 4 to delete this check rule Select Add Another TextCompare to add another rule 330 e ae e Compliance Guardian Installation and Administration User Guide TextCompare Check Test Logic Example Refer to the following example for better understanding the test logic of the SSL type check The webpage that will be scanned contains a node lt input type password name Passwad id Passwd gt Create and configure the SSL check test logic 1 Create a SSL Type check In the Report Text step in the True Result and Message field select Passed in the True Result drop down list 2 Configure the elements in the check e Specify the element name input for the ElementName attribute e Select No in the drop down list under the CaseSensitive attribute e Select ResultNA in the drop down list under the ResultNA attribute e Specify the attribute name id for the AttrName attribute e Select No in the drop down list under the AttrCaseSensitive attribute e Enter
347. ing the CSV file refer to xx If you enter a scope URL you must enter scope and then enter the scope level e path Enter the path of the exported file with the discovery results File Edit Format View Help cd C Program Files AvePoint Compliance Guardian Agent bin CCS Toolkit v2 exe o spd input url location http slsp2010 Shared Documents Forms AllItems aspx scope list path c new folder Figure 95 The XML File 3 Save the file 4 Change the file s extension from xml to bat 5 Double click the BAT file The discovery progress will start Once the process has finished you can check the results in the specified folder Configuring the CSV File You must specify two columns in the CSV file URL and Type e URL The URL of the site collection site or list e Type The scope type Site Collection Site or List A B E D a 1 URL Type 2 http alan sites asdf layouts 15 start aspx SitePages Home aspx site collection 3 http alan _layouts 15 start aspx SitePages Home aspx site collection 4 v Figure 96 The CSV File 399 Compliance Guardian Installation and Administration User Guide Notices and Copyright Information Notice The materials contained in this publication are owned or provided by AvePoint Inc and are the property of AvePoint or its licensors and are protected by copyright trademark and other intellectual property laws No trademark or copyright notice in this publicatio
348. ini e iens eaii eain 386 Installing Compliance Guardian Manager Control Service Load Balancing Environment 386 Appendix l Compliance Guardian Control Service Disaster Recovery ccssccccccccessssssssceeeeecessesenteaeeeeeens 390 Preparations and Configuration in aiia ia aa aa iiia 390 Mee UE ne eee Ee EE REES E EE E EE E E E E cease REEERE E 390 Compliance Guardian Installation 390 Synchronizing Databases from PROD Environment to DR Emironment 391 Simulating the Disaster Recovery Drorcess ccccsssssssecececeseesesneeeeeeecesseeaaeaeeececeseesuaaeseeeeecesseseaaeaeeeeeens 391 Appendix J Limitations of Scanning Oracle Database and SQL Server 393 Prerequisite and Limitation of Scanning Oracle Database ssesssessrssssesrennnssssesrrernnssssesrnennnssssenns 393 Mee UNE dE 393 Installing ODP NET Provide siir ee e eeE eessen ee 393 Limitation of Scanning Oracle Database eu 395 Limitation of Scanning SQL Server 396 12 F D e C Compliance Guardian Installation and Administration User Guide Appendix K Customizing the Interval of Retrieving Social Report Data 397 Appendix L Using the Discovery Functlon 398 Using the dE 398 Usine the BAT RiGee EE 399 Configuring th CSV File scacetseseccctaccecsssatascectackestasstasacukacdearaantasteatechessgaatestestocgeavaeatesteedechesaeaidenteoee 399 Notices and Copyright Information ccccssssccccecessssssnsaeeececessesseaesececeeseseseaaeeeeeessessesaea
349. interface appears Refer to the following steps to configure the action policy filter rules O Select a category select Add an Action Level Group to add a new rule of the specified category level Configure the following fields for the rule Rule Select the new rule you want to create from the drop down list Condition Select the condition for the rule Value Enter a value you want the rule to use in the text box Select the delete button to delete the rule that is no longer needed The filter rule contains three category levels Message Filter Based on the message information you specified here to define the scope in which content that is not compliant will be affected by the specified actions Classification Result Based on the tag value you specified here to define the scope in which the content will be affected by the specified actions Redaction Result Based on the result of whether the content has been redacted to define the scope where the content is affected by the specified actions To add more filters repeat the previous step Note Depending on the filters you enter you can change the order of the rules by selecting the down arrow before the Rule value and then select the order of the rule from the appeared drop down list to determine the priority of the rule You can also change the logical relationships between the rules There are currently two logical relations
350. ion Expiration Time The expiration time of the license for using the Lync function Status The current status of the Yammer license o Database Select the Database tab under License Details to see Database license information License Type The type of license purchased for the product Expiration Time The expiration time of the license for using the Database function Status The current status of the Yammer license Importing and Exporting the License File In License Manager you can import a license file to apply that new license Since all of Compliance Guardian products are installed as a single platform activating any product is as simple as applying the new license file To import a license file select Import on the ribbon In the Import License interface select Browse Find and choose the desired LIC file then select Open You will see a summary view of this license Select Apply to apply this license or select Cancel to return to the previous page without applying this license To export a license file complete the following steps 1 Select Export on the ribbon 2 Select to export the license file or license report Compliance Guardian Installation and Administration User Guide 3 Save the exported file or report Note Compliance Guardian will automatically log you off in order to use the new license upon logging in again Configuring License Renewal Notifications Com
351. ion refer to Security Profile Encrypt and Quarantine The scanned files or items that are not compliant will be encrypted and then quarantined After you select Configure after the Encrypt and Quarantine action in the Create Action Policy or Edit Action Policy interface configure the following settings in the Configure interface e Manage Encrypted Files or Items Configure the following settings o Select one or more groups from the Specify a SharePoint group that has permission to manage the data affected by this action in SharePoint drop down list The users in the selected groups can view and manage the scanned PE 187 Compliance Guardian Installation and Administration User Guide files or items that are not compliant in Compliance Guardian gt Classification Report gt Incident Manager gt Encryption Select New Group to create a new group in Control Panel For more information refer to Account Manager e Security Profile Select a security profile for encrypting the non compliant files or items Select New Security Profile to create a new security profile For more information refer to Security Profile e Quarantine Method Select a Quarantine Method Q Lock In place quarantine The non compliant files or items will be quarantined The users in the groups selected in the Manage Encrypted Files Items field can view and manage these files or items in Compliance Guardian gt Classification Rep
352. ion Scanner Job Monitor Control Panel What do you want to do next JM Compliance Manager V Compliance Scanner Compliance Report 5l ed Classification Scanner Classification Report Classification Manager Be System Manager A A d LAV Control Panel Job Monitor Figure 13 Control Panel module launch window Understanding the Control Panel Control Panel has three key groups of components e System Settings View and manage your Compliance Guardian settings managers agents authentication licenses and product version All of these functions are performed in Control Panel so that you can easily access them without leaving the interface for your current task in Compliance Guardian e Application Settings Configure settings affect common tasks performed by all Compliance Guardian products All of these settings are configured in Control Panel so that you can easily access them without leaving the interface for your current task in Compliance Guardian e Specific Products Settings Certain products in Compliance Guardian use preset configurations for certain functionalities While these settings may not affect all Compliance Guardian products all of these settings are configured in Control Panel because they can be leveraged by more than one product C Compliance Guardian Installation and Administration User Guide Accessing the Control Panel Since features in Control Panel overlap
353. ion by selecting the text box before the added action to determine the priority of the action For details of each action refer to Classification Actions Select the right arrow b after Actions to review the configured settings e Alert Select Configure The Configure interface appears This is optional Select if you want to send an alert e mail if the action failed to execute or successfully executed Then select an e mail template Select OK to save the changes or select Cancel to return to the Create Action Policy interface or Edit Action Policy interface without saving any changes After you have finished configuring the Alert settings select the right arrow P after Alert in the Create or Edit Action Policy interface to review the configured settings hast 217 Compliance Guardian Installation and Administration User Guide Select Add a Condition Group to add another condition group Select the delete button after a condition group to delete the condition group You can change the order of the condition group configuration by selecting the textbox on the top of each condition group to determine the priority of the condition group Select the right arrow E or down arrow H to expand or retract the settings of a condition group Classification Actions Refer to the following section for details about each classification action Alert Only The posts that meet the configured condition in the action policy
354. ion using the following conditions e Default Directory The Compliance Guardian Agent will be installed to the default installation location on the specified destination server which is Program Files AvePoint Compliance Guardian Agent e Customized Directory If select this option the Installation Path field will be enabled enter a customized path and the Compliance Guardian Agent will be installed to the specified path on the destination server hast 53 Compliance Guardian Installation and Administration User Guide _ o Use the default directory if your customized directory is invalid If this option is selected the Compliance Guardian Agent will be installed to the default directory when the customized directory is invalid For example the path you specified is on a drive which does not exist on the destination server 7 Set up the Control Service configuration e Compliance Guardian Control Service Host The hostname or IP address of the machine where installed Control Service e Compliance Guardian Control Service Port This is the port used for communication with Control Service and should match the information provided during the Manager configuration The default port number is 14100 8 Set up the Agent port e Compliance Guardian Agent Port The port specified here is used by the Manager or other Agents for communication The default port number is 14004 o Use a random port n
355. is URL to scan all of the junk e mails in Gmail https mail google com mail h amp t a Enter this URL to scan all of the deleted e mails in Gmail e Scan Policy Specify a scan policy for scanning the defined URL Select View beside the drop down list to view details of the scan policy or select New Scan Policy from the drop down list The following type of checks are not supported for scanning Gmail o 0 o 0 0 LinkValidation FileProperty FindFile Cookie SSL e Maximum Pages Specify the maximum e mail numbers allowed to crawl in a single job 1 means unlimited If you enter 100 Compliance Guardian will stop the job after it scans 100 e mails and the related index pages e User Agent Select the saved user agent profile to specify the user agent for the backend web server when scanning Gmail content Compliance Guardian recommends you to use the default user agent profile Compliance Scanner for Website e Enable headless browser You must select the Yes radio button to scan Gmail content For other settings in creating a plan refer to Using Plan Builder to Perform a Compliance Guardian Scanner Plan for Website for more details Select Save to save the plan select Save and Run Now to run the plan immediately or you can select Cancel to exit the Create Plan interface without any changes 166 Compliance Guardian Installation and Administration User Guide Compliance Guardian Scanner
356. ist Note It is recommended that you specify a reference time when the recurrence schedule configured in Range of Recurrence is End after 1 occurrence You can see the review details about the plan s execution in Job Monitor Run Now Select Run Now on the ribbon to execute the plan immediately After you select Run Now a pop up window appears You can select to run a full job or an incremental job If Incremental Scan is selected the Reference Time option is enabled o Reference Time Choose whether to scan contents created or modified at a specified interval If you choose to use a reference time specify the time to scan contents created or modified Enter an integer into the textbox and select Minute s Hour s Day s or Month s from the drop down list Compliance Guardian Installation and Administration User Guide Note It is recommended that you specify a reference time when the recurrence schedule configured in Range of Recurrence is End after 1 occurrence You can see the review details about the plan s execution in Job Monitor Scheduled Classification Scanner for SharePoint The SharePoint Mode allows you to define a scan scope in SharePoint and then it performs a scheduled or immediate job to scan out the related content according to the scan policy at last take the specified actions to the scanned content Note The posts and replies in SharePoint 2013 Newsfeed and the notes in Note Board in SharePoint
357. it can only be edited e The target library where the allowed location is must contain a content type that matches with the source file s content type and the matched content type must contain all the source s files columns Export Location Export Location allows you to export SharePoint data to a specified location To access Export Location settings for Compliance Guardian in the Control Panel interface select Export Location under the Export Location heading Select Close on the ribbon to close the Export Location interface ME 135 Compliance Guardian Installation and Administration User Guide Managing Export Locations In Export Location you can create a new export location view details about an export location edit a previously configured export location or delete a previously configured export location For more information about creating or editing an export location refer to Configuring Export Locations To view details about an export location select it from the list of previously configured export locations then select View Details on the ribbon You will see the previously configured settings for this export location Select Edit on the ribbon to change the configurations for this export location For more information about editing configurations for an export location refer to Configuring Export Locations To delete an export location from Compliance Guardian select it from the list of previously co
358. itch between the Browse tab and the Quarantine Manager tab e Ribbon Use the ribbon to manage the quarantined files You can download the files details restore the files or delete the files in bulk through the ribbon o View Content View the selected file s content For the SharePoint files or items that are affected by the In place quarantine method after you select View Content You can view the files on SharePoint site webpage You can directly edit the content of the file SharePoint items cannot be performed this action For the SharePoint files or items that are affected by the Out of place quarantine method after you select View Content The file will be downloaded SharePoint items cannot be performed this action since there is no content in an item o View Properties View the file or item s properties For the SharePoint files or items that are affected by the In place quarantine method after you select View Properties The corresponding SharePoint webpage appears displaying the file s properties The corresponding SharePoint webpage appears displaying the item s properties You can open the item attachment in the Se p 243 Compliance Guardian Installation and Administration User Guide appeared SharePoint webpage and then edit the content of the attachment For the SharePoint files or items that are affected by the Out of place quarantine metho
359. ite Use Social Features o Managed Metadata Service Term Store Administrator o Business Data Connectivity Service Full Control o Search Service Full Control SharePoint Online o For regular scan Site collection administrator of the target site collections o In scan mode Global administrator role and the user must apply a valid SharePoint Online license SQL Server Permissions o Database role of db_owner for all of the databases related with SharePoint including content databases SharePoint configuration database and Central Admin database and for Compliance Report database and Classification Report database o Database role of dbcreator and Security Admin to SQL Server and database role of dbcreator for creating new Compliance Report database and Classification Report database Select Next ME 35 Compliance Guardian Installation and Administration User Guide 12 In the Ready to install Compliance Guardian Agent Page review the customer information you defined and then select Install to begin the installation Select Back to change any of the previous settings Select Cancel to abandon all configurations and exit the installation wizard 13 After the installation is complete select Finish to exit the installation wizard Congratulations Compliance Guardian is now installed and configured Once you have completed the product installation you can begin to configure the report database needed
360. ity View Details Allows you to view a job report of the selected job Select the job by checking the corresponding checkbox Select View Details on the ribbon The Job Details tab appears with the job report displayed in the viewing pane with the Summary tab selected The Summary tab displays general information about the job For more in depth information select the Details tab in the viewing pane Select Download to download the job report Select TXT CSV or XLS as the format for the report then select to download the Current columns or All columns from the Details tab and then select OK to download the report or Cancel to return to the Job Details tab Delete Deletes job information without sending a notification to anyone Select the checkboxes before the jobs and then select Delete A confirmation pop up window will appear to confirm the operation Select OK to delete the selected jobs or select Cancel to return to the interface without deleting the jobs Download Allows you to download the job report of the selected jobs to a specified location You have the option to set the Report Format to download in TXT CSV or XLS format Here you can only choose to download All columns from the Details tab Note Prior to downloading the job report make sure the Internet Explorer IE download settings are configured properly You can configure the download settings for IE by following the steps below UY Ne oe Navigate
361. ity Group if SQL 2012 Note Change the Recovery Mode of the Compliance Guardian databases to full before setting up the Synchronization Simulating the Disaster Recovery Process To simulate the disaster recovery process complete the following steps e Shut down the PROD environment for testing purposes e Start up the database on DR environment e Start the Compliance Guardian Manager Control Service at the DR side Start all of the Compliance Guardian Manager Control Services within the DR environment Make sure at i 391 Compliance Guardian Installation and Administration User Guide 392 all of the Compliance Guardian Manager Control Services are started before proceeding to the next step Switch to the DR Compliance Guardian Manager Control Service in DNS Alias Record Go to the DNS server and change the IP address of the DNS alias record Modify the IP address to the one of the machine where the Compliance Guardian Manager Control Service is installed on DR environment Compliance Guardian Installation and Administration User Guide Appendix J Limitations of Scanning Oracle Database and SQL Server Prerequisite and Limitation of Scanning Oracle Database Compliance Guardian supports scanning Oracle Database Before you can begin a scan in Oracle you have to complete the prerequisites There are some limitation to this feature Prerequisite Before you run an Oracle Database scan make sure the Net fram
362. k Select Scan Mode on the ribbon in the Manage Site Collection interface to access the Scan Mode interface To scan the SharePoint Online site collections complete the following steps 1 Select Scan on the ribbon A pop up window appears 2 Specify the Office 365 account information that will be used to scan all of the site collections in SharePoint Online Use an existing Office 365 account profile Select an Office 365 account profile from the drop down list Once an Office 365 account profile is selected the following fields appear o Office 365 User ID The user that will be used to scan the SharePoint Online site collections o Password Enter the corresponding password o SharePoint Admin Center URL The URL of the SharePoint admin center site Enter new Office 365 account information Configure the Office 365 account that will be used to scan the site collections o Office 365 User ID Enter the ID of the user that will be used to scan the SharePoint Online site collections o Password Enter the corresponding password 109 Compliance Guardian Installation and Administration User Guide o SharePoint Admin Center URL The URL of the SharePoint admin center site Select the Save as a new Office 365 account profile checkbox to save the entered information as a new Office 365 account profile Once this checkbox is selected you are required to enter the profile name in the Profile Name text b
363. kbox before Attributes and configure the following attributes O O Specify the attribute name alt for the Name attribute Select No in the drop down list under the CaseSensitive attribute Select Yes in the drop down list under the AllowNull attribute Select Yes in the drop down list under the MustExist attribute Select the checkbox before the WordsRepeat element and then enter 2 in the Number field 7 Run a Compliance Scanner job The test suite used in this job contains the check configured above Review the check test logic 304 See the TextCompare section the node lt a href http www google com lt http www google com gt gt google lt a gt in the file contains the value google so the check result in the TextCompare section is True Compliance Guardian Installation and Administration User Guide e See the attributes under Element True has been selected in the drop down list under ValidWhen and the check result for the element A in this check is True so the result for ValidWhen section is Valid e See the ListLoc section the result for ValidWhen is Valid so the location of the node lt a href http www google com lt http www google com gt gt google lt a gt will be temporarily recorded the location of the node is TEMPORARILY recorded but is NOT really recorded in the Compliance Guardian database For this type of check only the location of the instance found by the SecondaryElement check
364. l have three risk levels after the scan job Select the delete button 4 to delete the SubCheck check rule Select Add Another Check to add another rule Select Add Another Tag to add another test suite rule Test Suite for Redaction Configure the following attributes for the test suite for redaction file RiskFormula If you have selected False as the value of the NoRisk attribute you must configure the RiskFormula field or this field will be grayed out Select a Raw Risk Formula Stepped Risk Formula and a Weighted Risk Formula in the corresponding drop down list You can create a new Risk Formula by selecting New Formula in the drop down list A pop up window will appear if you select New Formula In the pop up window enter the name and the optional description for the Risk formula define your own formula and select OK The new Risk Formula then will be created Test Suite Attributes Configure the following attributes e CheckName Select a check Select the text field under the CheckName attribute a pop up window appears All of the Redaction type checks are displayed in the pop up window Select the radio button before the desired Redaction check and then select OK hast 359 Compliance Guardian Installation and Administration User Guide e RiskLevel r1 The Item Initial Risk value assigned on the initial occurrence of the compliance failure related to the check being tested for in the document o
365. la by selecting New Formula in the drop down list A pop up window will appear if you select New Formula In the pop up window enter the name and the optional description for the Risk formula define your own formula and select OK The new Risk Formula then will be created RunAsTestGroup Group the specified checks The checks can test files according to one checkpoint e Select the checkbox before the RunAsTestGroup element and configure the following attributes o Name Entera name for the test group o DatabaseField This is the location in the Compliance Guardian database where the scan result data is stored Compliance Guardian will automatically specify the location for storing data o ContentType Select the content types that will be scanned If you do not select the content types all the file content types that are supported to be scanned in Compliance Guardian will be scanned Refer to the following steps for selecting the content types Select the text field under the ContentType attribute a pop up window appears 350 S F ae e Compliance Guardian Installation and Administration User Guide Inthe pop up window select the checkbox before the desired content types and select OK Select the delete button 4 to delete the RunAsTestGroup check rule O Policy URL Specify a URL that will link to a website defining rules for how checks in this check group will test files Description Enter t
366. lation By default the installation location is C Program Files AvePoint Select Next Compliance Guardian will perform a brief pre scan of the environment to ensure that all rules meet the requirements The status for each rule will be listed in the Status column Select the hyperlink of the status and the detailed information about the scan result will be listed in the pop up window You may select Details to view the detailed information of all of the requirements 58 F ae e EE Compliance Guardian Installation and Administration User Guide If any rules have failed the pre scan update your environment to meet the requirements and then select the Rescan button to check your environment again Once all the rules pass select Next 8 Set up the Communication Configuration e Compliance Guardian App Host Specify the current server s hostname IP address or fully qualified domain name FQDN e Compliance Guardian App Port The port entered here is used by the Manager or other Agents for communication The default port number is 14105 e Control Service Host The hostname or IP address of the machine where the Compliance Guardian Control Service is installed e Control Service Port This is the port used for communication with the Compliance Guardian Control Service and should match the information provided during the Manager configuration The default port number is 14100 e Manager Passphrase Manager Pa
367. le In this case we specified A B in the Value field and selected MustNotContain for the CompareType value The img elements whose values of the src attributes do not contain the characters A and B will be tested the link elements whose values of the href attributes do not contain the characters A and B will be tested The object elements whose values of the data attributes do not contain the characters A and B will tested e Inthe Type section after the check in the Filter section the img elements link elements and the object elements that meet the Filter check section in this case the img elements whose values of the sre attributes do not contain the characters A and B the link elements whose values of the href attributes do not contain the characters A and B and the object elements whose values of the data attributes do not contain the characters A and B meet the Filter check section will be taken to the check in the Type section In this case if one of the Content types of the file or the three kinds of attributes src href and data values is not text html text xml mage gif or image jpeg the check in the Type section will be False e Inthe Size section the size the file size the size of the src attribute s value in the img element in the file the corresponding image s size the size of the href 340 F rae e e Compliance Guardian Installation and Administration User Guide attribute s value in the link
368. lect CCS Toolkit v4 exe Select Run as administrator The command line interface appears Enter spd to select the Discovery SharePoint function Enter the job mode e 1 Enter1 and then enter the URL of the site collection site or list that will be discovered Then enter the scope level e 2 Enter 2 and then enter a path of a CSV file containing the URLs that will be discovered You can discovery multiple site collections sites or lists by entering 2 For details on configuring the CSV file refer to Configuring the CSV File Please enter the job mode i or 2 Enter 1 then enter the URL directly in the t ool Enter 2 then import a CSU file with the specified URLs into the tool Figure 94 Enter the job mode Compliance Guardian Installation and Administration User Guide 6 Enter the folder path of the exported file that contains the discovery results 7 The tool take action and then export a file with the discovery results in the specified folder path Using the BAT File Refer to the following step to create a BAT file to realize the function 1 Create an XML file under the directory Compliance Guardian Agent Bin 2 Configure the file e cd Enter the path of the CCS Toolkit v2 exe or CCS Toolkit v4 exe file that will be invoked e o Enter spd to use the discovery function e Location Enter the scope URL or enter a path of a CSV file that contains the URLs that will be discovered For details on configur
369. lect E mail Address and then select Add a Notification Address Enter the address to which the e mail will be sent and select a corresponding e mail template Select SharePoint Group and then select Add a SharePoint Group Enter the SharePoint group whose users will receive the e mail and then enter the corresponding e mail template Note that the SharePoint group must exist in the selected SharePoint scope Select Add a Notification Address or Add a SharePoint Group again to add more addresses or groups Select the delete i button to delete an address or group o Job Report Select this checkbox to send an e mail notification with a job report Select a notification profile from the Select a profile with address only drop down list or choose to create a new e mail notification profile For more information on configuring the e mail notification profiles refer to Configuring Receive E Mail Settings e User Profiles Filter This option appears only when you select the User Profile Service node in the tree Configure this option if you want to filter the user profiles Select download a template to download the template file which is used for filtering user profiles Edit the file according to your own requirement and then select Upload to upload the configured file Refer to Editing Template File for Filtering User Profiles for details about editing the template file hast 227 Compliance Guardian Installation an
370. led Classification Scanner page to go to the Scan Policy interface hase 209 Compliance Guardian Installation and Administration User Guide Managing Scan Policies For more information about how to manage scan policies refer to Managing Scan Policies in the Real Time Classification Scanner section of this guide Creating and Editing Scan Policies For more information about how to create and edit scan policies refer to Managing Scan Policies in the Real Time Classification Scanner section of this guide Configuring Filter Policies For more information refer to Filter Policy Configuring Action Policies for SharePoint Action policies for SharePoint allow you to define the actions to the scanned contents in the specified SharePoint scope To configure the action policies navigate to Scheduled Classification Scanner gt Create gt SharePoint under the SharePoint tab and select Action Policy on the ribbon to go to the Action Policy interface Managing Action Policies For more information about how to manage action policies refer to Managing Action Policies in the Real Time Classification Scanner section of this guide Creating and Editing Action Policies For more information about how to create and edit action policies refer to Creating and Editing Action Policies in the Real Time Classification Scanner section of this guide Configuring Action Policies for File System Action policies for File System allow you to
371. liance Guardian by selecting a date format from the Date format drop down menu and selecting a time format from the Time format drop down menu e Customize Logo Customize the logo for Compliance Guardian system reports and e mail templates Select Browse to find the desired logo file in the pop up then select the 70 e ae e BE Compliance Guardian Installation and Administration User Guide logo and select Open to open it Select Preview to view the logo in the Show Preview area To hide the Show Preview area select Hide Preview Select and drag the logo in the display field to change its placement Select the zoom in button 8 the zoom out button 2 or the reset button A to reset the settings of the new logo Select Restore to Default button to roll back to the default logo e Farm Name Mapping Customize the display names for your farms in Compliance Guardian To find a specific farm enter the farm name in the search text box and select the search button For each farm enter the desired display name in the corresponding Display Name in Compliance Guardian text field Note The search function is not case sensitive When you are finished configuring Compliance Guardian General Settings select Save to save all changes then Close to exit the System Options interface If you select Close without saving first any changes you have made will be lost Configuring Security Settings To access Security Settings f
372. liance Guardian fAgent bin gt CCR SP2610RiskAnalyzer e xe FullPath http 48umi5 sites test2 Shared Documents abc xlsx DBName CCR2 6136626183117454846 860 db ExportLocation C ReportFolder _ Figure 44 The command line overview 2 Press Enter to execute the job After the job completes a prompt is shown as below es Administrator Command Prompt Microsoft Windows Version 6 1 76611 Copyright lt c gt 2669 Microsoft Corporation All rights reserved C Windows system32 gt cd C Program Files AvePoint Compliance Guardian fgent bin C Program Files AvePoint Compliance Guardian fAgent bin gt CCR S P2616RiskAnalyzer e xe FullPath http 48um15 sites test2 Shared Documents abc xlsx DBName CCR2 6130626183117454806 666 db ExvortLocation C data Successfully generated the report Figure 45 The command line overview You can then navigate to the specified export location to view the risk report Compliance Guardian Installation and Administration User Guide Using Compliance Guardian Transaction Capture Compliance Guardian Transaction Capture is used to record the webpages that you access and then you can save the recorded results as a transaction file which is used by Compliance Guardian Website Scanner The recorded URLs in the transaction file will be the start URLs used in Compliance Guardian scans Note Make sure Microsoft Visual C 2010 x86 Redistributabl
373. liance Report module Launching Compliance Guardian Scanner in Database Mode On the Compliance Guardian Scanner Home interface select Create on the ribbon and a drop down list appears Select Database from the drop down list and you will be brought to the Compliance Guardian Scanner Website Create Plan interface Selecting the Scan Scope After launching the Compliance Scanner Database mode the Scope panel on the left of the screen displays all of the connections Select the database connection the tables in the connected database will load Select the tables or select the database connections the content in the tables will be scanned Using Plan Builder to Perform a Compliance Guardian Scanner Plan for Database Use the Plan Builder to set up a Compliance Scanner plan To use Plan Builder complete the following steps 1 After selecting the scope for the compliance scan select Plan Builder on the ribbon of Compliance Scanner page 2 From the drop down menu select Wizard Mode for step by step guidance during configuration or select Form Mode recommended for advanced users only to set up a plan quickly Refer to the following section that is applicable to your choice for information about performing a Compliance Scanner plan Performing a Compliance Scanner Plan in Wizard Mode Wizard Mode provides you with step by step guidance on how to configure a new plan To configure a plan using Wizard Mode complete the following steps
374. lic bool ValidateInternal string number Method without parameter public bool ValidateInternal string number string parameters Method with parameter Related Configuration File The configuration file ContentComplianceConfig xml provides several built in CustomCheck methods The configuration file resides in Compliance Guardian Agent Bin You can add your customized CustomCheck methods in the configuration file 364 e D e Compliance Guardian Installation and Administration User Guide Appendix C Supported File Types in Compliance Guardian Condition File Type Supported for Scanning DOC DOCX XLS XLSX PPT PPTX PDF ASP ASPX HTM HTML TXT XML ZIP JSP PHP Supported for Adding Tag DOCX XLSX PDF HTM HTML ASPX PPTX PPT DOC XLS Note Compliance Guardian currently supports to scan Microsoft Office 2003 files after installing a compatibility pack In the XLS file and the XLSX file the hidden sheet whose Visible property is set to 2 xlSheetVeryHidden is also supported to be scanned Note PDFs with unstructured textual content are not supported to be scanned in Compliance Guardian Compliance Guardian Installation and Administration User Guide Appendix D Compliance Guardian Configuration File When a user uploads checks or test suites to Compli
375. list 314 Compliance Guardian Installation and Administration User Guide 2 Configure the Primary section Select Found in the drop down list under the Truelf attribute Select Yes in the drop down list under the SearchAll attribute Select Yes in the drop down list under the ListLocation attribute Select Note in the drop down list under the ListLocStatus attribute Select No in the drop down list under the CaseSensitive attribute Select MustContain in the drop down list under the CompareType attribute Select FalseResult in the drop down list under the ResultNA attribute Enter 508 in the Value field 3 Configure the Secondary section Select NotFound in the drop down list under the Truelf attribute Select Yes in the drop down list under the SearchAll attribute Select Yes in the drop down list under the ListLocation attribute Select Note in the drop down list under the ListLocStatus attribute Select No in the drop down list under the CaseSensitive attribute Select MustContain in the drop down list under the CompareType attribute Enter 10 in the MaxDistanceToPrimary attribute field Enter JUSTICE in the Value field 4 Save the check 5 Run a Compliance Scanner job the test suite used in this job contains the check configured above Review the check test logic If MustEqual is selected for the CompareType attribute then the content must exactly equal the value we specified in order to be found If Mu
376. ll scan and it reduces the execution time of the scan job However it is important to note that for each incremental scan the latest full scan job in the full scan cycle must be available If the incremental scan is based ona former incremental scan job the former incremental scan must also be available If selecting Incremental Scan the Reference Time option is available for configuration Reference Time Choose whether to scan content generated or modified at a specified interval If you choose to use a reference time specify the time to scan content generated or modified Enter an integer into the textbox and select Minute s Hour s Day s or Month s from the drop down list Note It is recommended that you specify a reference time when the recurrence schedule configured in Range of Recurrence is End after 1 occurrence e Schedule Settings Set up the frequency for the scheduled Compliance Scanner job Select one time unit from Minute s Hour s Day s Week s and Month s and then enter an integer into the text box The scheduled Compliance Scanner job will be run according to the interval configured here e Range of Recurrence Select the start time and end time for the schedule o Start time Set up the time to start the Compliance Scanner plan and modify the time zone as required Note The start time cannot be earlier than the current time o No end date Select this option to repeat running the pl
377. llow us to more accurately show risk against checks or test suites and based on importance of repetitive failure in a document hast 131 Compliance Guardian Installation and Administration User Guide Viewing a Test Suite s or Check s Version History Compliance Guardian supports you viewing the version history of a check or a test suite In the Test Suite Manager interface the latest version of a test suite is displayed in the Version column To view the detailed version history of a test suite as well as the version history of the checks in a test suite select the test suite and then select Version History on the ribbon The Version History interface appears Select Close on the ribbon to return to the Test Suite Manager interface Viewing a Test Suite s History Version Select a test suite version that you want to view and select the down arrow after the corresponding test suite A drop down list appears Select View Test Suite from the drop down list Then save the test suite version for your reference Alternatively you can select the test suite version and select View on the ribbon A drop down list appears Select Test Suite from the appeared drop down list Then save the test suite version for your reference Deleting a Test Suite s History Version Select one or more test suite versions and select Delete on the ribbon The selected test suite versions are deleted from the Version History interface Viewing a
378. loaded attachment name must be same as the original attachment name o Data Range The first time you access Quarantine Manager the files or items that have been quarantined in the last 24 hours will be displayed automatically You can change it by selecting Data Range and then enter a value in the Latest _ Days Hours field Select OK to save the setting The next time you access Quarantine Manager the files or items that are quarantined in the specified time range will be displayed e Scope Define the scope of the files you want to manage 244 e ae e Compliance Guardian Installation and Administration User Guide e Files Field View the files in the selected nodes e File Details Display a file s detailed information Ribbon Libraries Site Pages R Shared Documents Abee Rts Library Rts Library_in Rts Library_en Rts Library_re Lists Calendar H m Di Files Field Discussions Team Discussion D Recycle Bin All Site Content File Details be File Details Violation Figure 29 SharePoint 2010 Compliance Guardian Quarantine Manager Interface System Account Ribbon Files Field H ERC Mem out H Lists Tasks 1 17 2014 SHAREPOINT system 1 17 2014 SHARE 2 45 56 2 45 56 PM Created By Modified Time Modifies BA to0 Level site Pa item_in_1 Lists Tasks 1 17 2014 SHAREPOINT system 1 17 2014 SHARE 2 45 46 2 45 46 PM PM item_out_1 Lists Tasks 1 17 2014 SHAREPOINT system 1
379. ls Change Classification Result Refer to Restoring the SharePoint Files or Items that Are Affected by the In Place Quarantine Method for details Conflict Resolution Refer to Restoring the SharePoint Files or Items that Are Affected by the In Place Quarantine Method for details For the SharePoint files or items that are affected by the Out of place quarantine method after they are restored to SharePoint the following related objects or properties will be affected Workflow The original related workflows will not associate to the restored file or item ID The file s or item s ID will be changed after the file or item is restored to SharePoint Web part Refer to the following scenarios for details o If the file s Web part is not saved together with the file or item saved in the different tables in SharePoint database the Web part will not exist after the file or item is restored no matter you select In place restore or Out of place restore as the Restore Type o If the file s Web part is saved together with the file or item saved in the same tables in SharePoint database and if you select In place restore as the Restore Type the Web part can be restored normally along with the file or item o If the file s Web part is saved together with the file or item saved in the same tables in SharePoint database and if you select Out of place restore as the Restore Type the Web part may be affected after the rest
380. m o Enter a positive integer into the text box and Compliance Guardian will send you a notification when the number of servers left of any farm is less than the specified value o Check the Interval checkbox to repeat the reminder at a set interval Enter a positive integer into the text box and select Day Week or Month from the drop down menu Configure the following settings for the Notification Method Note You must select at least one of the options in order for License Renewal Notifications to work hast 91 Compliance Guardian Installation and Administration User Guide E e Pop up message box when you login Select this option to have a message box pop up with a reminder for expiring licenses or maintenance e E mail notification Select this option to be notified of expiring licenses or maintenance by e mail based on the Notification Schedule you configured above A drop down menu will appear where you can either select a previously configured Notification Profile or you can choose New Notification Profile to set up a new e mail notification profile For more information on how to configure the notification profile refer to User Notification Settings When you are finished configuring License Renewal Notification Settings select OK to save and return to the License Manager interface or select Cancel to return to the License Manager interface without saving the new configurations Configuring Server Usage
381. maintain balanced work load for different agents and not have certain agents perform slower due to poor load distribution To access Agent Groups for Compliance Guardian open the Control Panel interface and then select Agent Groups under the Agent Groups heading Select Close on the ribbon to close the Agent Group interface If you have several Agents enabled for an agent type they will be displayed in different colors in the Available Agents table Managing Agent Groups In the Agent Groups interface you will see a list of previously configured Agent Groups The following settings can be configured in the Agent Groups interface e Create Select Create on the ribbon to create a new Agent Group In the Create interface you can configure the following settings o Agent Group Name Enter a name for the new Agent Group and then enter an optional description for future reference o Agent Group Type Select one of the three Agent Group Types SharePoint On premises File System Website and SharePoint Sites hast 97 Compliance Guardian Installation and Administration User Guide ber If SharePoint is selected you must select a farm where you want to create this new Agent Group o Available Agents Available agents will be displayed in the lower panel Select the desired agent by checking the corresponding checkbox then select Add to add the agent to the Agent Group To remove an agent from the Agent Group selec
382. ministration User Guide p26 4 7 8 262 Enter the fullpath command and then enter the full path of the file whose detailed risk report will be generated Enter the dbname command and then enter the database file name of the plan whose detailed risk report information will be exported To get the database file name go to the report location and find the request s corresponding TXT file the name of the TXF file is the Request ID _ the Request Name Open the TXT file you will find all the plans contained in this request the database file name is following the corresponding plan Then go back to the report location basing on the database file name in the TXF file you will find the database file s full name the database name db of the desired plan whose detailed risk information is going to be exported Enter the exportlocation command and then enter the export location where the detailed risk report will be generated The exportlocation command is optional if you do not enter the command and do not specify an export location by default the report will be generated under the directory AvePoint Compliance Guardian Agent bin Risk Analyzer cs Administrator Command Prompt Bl Ed Microsoft Windows Version 6 1 7601 Copyright lt c gt 2089 Microsoft Corporation All rights reserved C Windows system32 gt cd C Program Files AvePoint Compliance Guardian fgent bin C Program Files fAvePoint Comp
383. mments and scripts e ListLocation Specify whether or not to record the instance s location in the Compliance Guardian database If Yes is selected in the drop down list under the ListLocation attribute then every location of the instance found will be recorded in the Compliance Guardian database If No is selected in the drop down list under the ListLocation attribute the check continues but the locations of the instances found will not be recorded in the database e ListLocStatus Specify the status for the instance that is found The status will be recorded in the Compliance Guardian database Note that if the status set for True Result or False Result is Failed in the Report Text step the value for the ListLocStatus attribute will be Fail and the value cannot be changed e CaseSensitive Specify if the text being tested for must match the case exactly e MustRepeat Specify the amount of times a word or phrase must be found before considering the condition to be Found When configuring the check if you do not enter a value for this attribute the value for this attribute will be considered 1 in the test e CompareType Select MustContain or MustEqual for this attribute e Value Specify a scanned value e e Greg f 311 Compliance Guardian Installation and Administration User Guide FindText Check Test Logic Example Refer to the following example to better understand the test logic of the FindText type c
384. mum Concurrent Threads Allow user to specify the maximum concurrent threads that can be used during the crawling job for the scan If you select Breadth first in Crawl Mode the default value of Maximum Concurrent Threads is 2 if you select Depth first in Crawl Mode the default value of Maximum Concurrent Threads is 1 Time Out of One Scan Specify the maximum time of one entire scan job The default value is 24 hours Time Out of Link Specify the maximum time of waiting for a response from a link before skipping it during a crawl The default value is 100 seconds 163 Compliance Guardian Installation and Administration User Guide Note By default the crawl mode is Depth First If you want to change the crawl mode you can go to the machines with Compliance Guardian Manager installed and open the Compliance Guardian Manager Control Config directory to find the ComplianceSetting config file In the configuration file find the DepthFirst true node True means Depth First scans child nodes from the current node first False means Breadth First scans sibling nodes from the current node and the scan will only continue to a lower level after the scan finishes on all the pages of one level Enable headless browser Select whether or not to crawl the data that are loaded dynamically using JavaScript If you select Yes then specify the delayed time to wait for loading data in a webpage In the Where do you want to ou
385. n hast 115 Compliance Guardian Installation and Administration User Guide A default profile is created automatically after the installation or upgrade This profile will be run at midnight 00 00 00 every Monday and includes all of the existing Agents modules and rules Creating a Self Checker Profile In the Profile Manager interface click Create on the ribbon to create a new Self Checker profile Complete the following steps to create a new profile 1 116 Profile Name Enter a name for your profile and then enter an optional description for future reference Click Next Scan Filter Filters the modules and the Agents whose health you want to check e Module Filter Select one or more modules you are about to check by selecting the corresponding checkboxes e Agent Filter Select one or more available Agents you are about to check by selecting the corresponding checkboxes and select the Include New checkbox to include newly registered or restarted Agent services when scanning all of the available rules Click Next to proceed Scan Rules Select the rules you are about to include in your profile by selecting the corresponding checkboxes When running the newly created profile Compliance Guardian checks all of the rules included in the profile Click Next to proceed Scan Schedule Configure the scan schedule and notification settings for your profile e Schedule Selection Select one of th
386. n To modify an action policy select the action policy and then select Edit on the ribbon In the Create Action Policy interface or Edit Action Policy interface configure the following settings e Name Enter a name for the action policy e Description Enter an optional Description for future reference e Social Connection Select a social connection Configure the Set up the action rules section e Conditions Configure the action policy filter rules Select Configure The Configure interface appears Refer to the following steps to configure the action policy filter rules o Select a category select Add an Action Level Group to add a new Configure the following fields for the rule Rule Select the new rule you want to create from the drop down list Condition Select the condition for the rule Value Enter a value you want the rule to use in the text box Select the delete cz button to delete a rule that is no longer needed The filter rule contains two category levels Message Filter Filter based on messages Compliance Guardian will search for content within the message Then take action based on the policy that you ve selected 216 S e i e Compliance Guardian Installation and Administration User Guide Classification Result Filter based on tag value Compliance Guardian will search for that tag value and then take action on the job To add more filters repeat the pre
387. n 3 generate a file grouping the files whose similarity is greater than the specified similarity threshold In order to realize the functions the CCE FingerPrintingTool exe file must be run in the Command Line Go to the machine with Compliance Guardian Agent installed and open the AvePoint Compliance Guardian Agent bin directory to find the CCE FingerPrintingTool exe file On the machine navigate to Start gt All Programs gt Accessories gt Command Prompt In the command line interface enter the directory For example C Program Files AvePoint Compliance Guardian Agent bin CCE FingerPrintingTool exe and press Enter To add some files as templates in a Fingerprinting type check refer to the following steps 1 Enter the o registerfile command 2 Enter the file command and then enter the template file path You can also use to match files For example enter C 12 docx then all of the DOCX files that start with 12 under disk C will be used as the template files 3 Enter the tdf command and then enter the check file path The template files will be used in this check 4 Press Enter F fvel nt Conpliance wardian ioent bin gt CCE FingerPrintingTool exe o registerfile file G Similarity Test Data txt tdf G Similarity Check finger printing2 xml Start adding template files to the check Adding template files to check finished Check file path G Similarity Check fi nger printing2 xml Figure
388. n Agent page configure the Remove configuration file option Select this option if you want to remove all of the folders and configuration files generated by the Compliance Guardian Agent installation Note The Logs folder will not be removed whether you select the Remove configuration file option or not 5 Select Remove and the Agent uninstallation process starts 6 Select Finish to complete the uninstallation Resolve Issues Occurred During the Compliance Guardian Installation If you encounter other issues when installing the Compliance Guardian Manager or Agents follow the prompt messages to resolve the issue and run the installation program again If the issue persists refer to the site for additional help e Greg f 45 Compliance Guardian Installation and Administration User Guide __ Unattended Installation Compliance Guardian Manager Make sure the system requirements are met before starting the Compliance Guardian Manager unattended installation For more information refer to Compliance Guardian Manager System Requirements Generating the Installation Answer File for Compliance Guardian Manager The Answer file is an XML file which provides configuration information required for the unattended installation Before performing the unattended installation the Answer file must be generated using the Compliance Guardian Setup Manager Navigate to the Unattendedinstall SetupManager folder inside the u
389. n Auditor interface In the Compliance Guardian Auditor interface you will see all of the activities and the related information including the users of the activities the groups to which the users belong the time of the activities the modules in which the activities are performed and the statuses of the activities Configuring Pruning Settings There may be quite a number of activities that the users performed in Compliance Guardian for the consideration of performance you can configure the pruning settings and get your desired auditor data displayed in Compliance Guardian Auditor To configure pruning settings complete the following steps 1 Select Pruning on the ribbon of the Compliance Guardian Auditor interface The Configure Pruning Settings interface appears 2 Configure the following settings e Pruning Rule Configure the pruning rule a 113 Compliance Guardian Installation and Administration User Guide o No pruning Select this checkbox the auditor data will not be pruned o Keep the last _ items Enter a value to specify the number of items that will be kept in the Compliance Guardian Auditor interface o Keep the items of the last _ days weeks months Enter a value and select a unit Days Weeks or Months to specify a time the activities during the specified time will be kept in the Compliance Guardian Auditor interface e Schedule Selection Set up a schedule for Compliance Guardi
390. n User Guide o Sort Select the header row of each column to sort all of the values in the specified column according to the ascending descending order o To change the number of checks displayed per page select the desired number from 5 8 10 15 default value 20 25 50 100 in the Show rows drop down menu at the lower right corner o Togo to the specified page enter the page number in the Go to of text box at the lower right corner and press Enter o Togo to the next page select the gt button at the lower right corner to return to the previous page select the lt button at the lower right corner Select Save to save the changes or select Close to exit the interface without saving any changes Editing a Check After selecting a check and selecting Edit on the ribbon you will be brought to the check Edit interface Complete the following steps as needed 1 Edit the following settings in the Report Text screen e Name and Description Enter a name for the check The description is optional e URL Enter a hyperlink to provide additional information about this check including any official rules or articles of law that specify how the check will test files This field is optional e True Result and Message Select the returning status and message for this check when the checking result is True The checking logic determines whether a check result is false or true e False Result and Message Select the re
391. n add criterion to specify a rule condition and value to filter the desired users Then select Save to save your configuration e Participants Filter according to the participants of the Lync conversation If you select Participants as the rule after you select the value link a window appears You can add criterion to specify a rule condition and value to filter the desired users Then select Save to save your configuration e Subject Filter according to the subject of the Lync conversation e Start Time Filter according to the start time of the Lync conversation e End Time Filter according to the end time of the Lync conversation e Conversation Type Filter according to the Lync conversation type e Modes Filter according to the Lync conversation mode e Attachment Name Filter according to the name of the attachment sent in a Lync conversation e Attachment Size Filter according to the size of the attachment sent in a Lync conversation e Attachment Initiator Filter according to the attachment initiator If you select Attachment Initiator as the rule after you select the value link a window appears You can add criterion to specify a rule condition and value to filter the desired users Then select Save to save your configuration bas p 169 Compliance Guardian Installation and Administration User Guide Select Add a Criterion again to add more rules Note Depending on the rules yo
392. n and Administration User Guide Note You can only update the Compliance Guardian version in sequence For example if you want to update Compliance Guardian 3 SP1 to Compliance Guardian 3 SP3 you can only first update Compliance Guardian 3 SP1 to Compliance Guardian 3 SP2 and then update Compliance Guardian 3 SP2 to Compliance Guardian 3 SP3 9 Update the old report data in the Compliance Guardian Agent server 10 Go to the machines with Compliance Guardian Agent installed and open the Compliance Guardian Agent Bin directory to find the CCS Toolkit v2 exe or CCS Toolkit v4 exe file 11 In the SharePoint 2007 or SharePoint 2010 environment select CCS Toolkit v2 exe in the SharePoint 2013 environment select CCS Toolkit v4 exe 12 Select Run as administrator The command line interface appears 13 Enter 7 to update all of the old report data and press Enter Wait until Press Enter to exit appears after the report databases finishes updating ER C Program Files AvePoint Compliance Guardian Agent bin CCS Toolkit v2 exe 1 Check User s Permissions to Agent gt 2 Check the File s Encryption Information wee 3 Check the Installation Information of Microsoft Office Compatibility k lt MOCP gt gt wee 4 CAnalyze Quarantined Data 5 lt Import Quarantined Data to Report Database gt 6 Update Original Quarantined Data gt 7 Update Agent Data In progress Completed Waiting to close Press Enter to e
393. n is successful 9 Select Finish After updating Compliance Guardian and the IIS service finishes restarting you must update the report databases if you still want to use the databases in the updated Compliance Guardian version 10 Navigate to Control Panel gt Solution Manager 11 If a message appears after a solution The Current solution version is lower than the agent version then select the checkbox before the solution and select Upgrade on the ribbon to update the solution Compliance Guardian Report Database Upgrade Tool Compliance Guardian Report Database Upgrade tool is used to update the report database or out of quarantined files only applies to files created in a version earlier than Compliance Guardian 3 SP3 if you want use it in Compliance Guardian 3 SP3 ME 41 Compliance Guardian Installation and Administration User Guide ee Using the Tool To upgrade the Compliance Guardian report database or out of place quarantined files complete the following steps 1 2 No El oe Navigate to the machines with Compliance Guardian Manager installed Open the Compliance Guardian Manager Shared Tools CGReportDBUpgrade directory to find the CGReportDBUpgrade exe file Select CGReportDBUpgrade exe and then select Run as administrator The command line interface appears Enter the Compliance Guardian Manager Server IP address and press Enter Enter the Compliance Guardian Manager Server port
394. n may be removed or altered in any way Copyright Copyright 2013 2015 AvePoint Inc All rights reserved All materials contained in this publication are protected by United States and international copyright laws and no part of this publication may be reproduced modified displayed stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying recording or otherwise without the prior written consent of AvePoint 3 Second Street Jersey City NJ 07311 USA or in the case of materials in this publication owned by third parties without such third party s consent Notwithstanding the foregoing to the extent any AvePoint material in this publication is reproduced or modified in any way including derivative works and transformative works by you or on your behalf then such reproduced or modified materials shall be automatically assigned to AvePoint without any further act and you agree on behalf of yourself and your successors assigns heirs beneficiaries and executors to promptly do all things and sign all documents to confirm the transfer of such reproduced or modified materials to AvePoint Trademarks AvePoint DocAve the AvePoint logo and the AvePoint Pyramid logo are registered trademarks of AvePoint Inc with the United States Patent and Trademark Office These registered trademarks along with all other trademarks of AvePoint used in this publication are the exclusive property of
395. n the contrary if there are nothing recorded based on the SecondaryElement check the result of this check will be True e Since there is something recorded in the Compliance Guardian database in this use case the check result of this check is False According to the setting in False Result and Message in the Report Text step the returning status is User Review Required which will be displayed in the Compliance Guardian report MatchedElement Type Check The MatchedElement type check is used to validate the matching relationship between two elements The following section provides a general introduction about configuring attributes for this type of check as well as a test example for you to understand the test logic e ME EAR Compliance Guardian Installation and Administration User Guide Configuring Attributes for MatchedElement Type Check Configure the attributes for the MatchedElement type check according to the instructions in the following sections MatchElement There are the five attributes under this element For the details about the five attributes refer to the Configuring Attributes for Element Type section ListLoc There are two attributes under this element For the details about the two attributes refer to the Configuring Attributes for Element Type section Attributes This section is optional For the details about the attributes under this element refer to the Configuring Attributes for Element Typ
396. n the priority we specified for the AllowedTagValues attribute of this test suite e nese p 355 Compliance Guardian Installation and Administration User Guide If one of the two original values is specified for the AllowedTagValues attribute of this test suite Compliance Guardian will compare the priority of the original tag value and the tag value in this scan The one with the higher priority will be used to do the corresponding Classification action If none of the two original values is specified in this test suite the tag value of this scan will be used to do the corresponding Classification action Select the delete button 4 to delete the check rule AllowedTagValues Configure the following attributes for this element e Priority Specify the priority of the tag value When scanning a file different checks will return different scan results This is used to determine which tag value will be added to the file e Type Select Static or Dynamic as the type o Static Select this type to specify a certain value that will be used as the tag value o Dynamic Select this type and then specify a macro expression to search the corresponding value that will be used as the tag value e HolderName This feature is only available if you choose Dynamic If Static is selected as the type this field will be grayed out If Dynamic is selected as the type you must enter a holder name You can enter any value as
397. nce Guardian Transaction Script Recorder Setup wizard appears which helps you to install the Compliance Guardian Transaction Capture tool 4 Select Next on the wizard welcome page 5 Select a folder where the related files of this tool will reside The default location is C Program Files x86 AvePoint CG Transaction Script Recorder You can select Browse to select another location Select the Disk Cost button under the Browse button to view the drives you can install the tool and each drive s available and required disk space of the tool Select Next on this page 6 Confirm the installation on the Confirm Installation page and select Next 7 The tool will begin installing 8 After the installation completes select Close to exit the installation wizard Using the Tool To use Compliance Guardian Transaction Capture open Windows Internet Explorer x86 from the path Program Files x86 Internet Explorer select View on the Menu Bar and select Explorer Bars You will find Compliance Guardian Transaction Capture in the drop down menu that appears Select Compliance Guardian Transaction Capture to open this tool The tool interface appears on the bottom of the current webpage Refer to the following screenshot x D Record Stop Play Reset Save Options Delete A Import Help Operation Field Status Domain Recorded Information Field Compliance Guardian Transaction Figure 46 The Compliance Guar
398. nded not to change them once configured 4 Authentication Select the authentication mode for the report database The necessary information must be specified in the Account and Password fields You can also validate the database account by selecting Validation Test Alternatively you can configure the report settings in the Advanced settings by entering a connection string instead of configuring the settings Select Advanced and the Connection String section will appear Check the Edit Connection String directly checkbox to activate this feature and then enter the connection string according to the example listed in the left pane 5 Select OK to save the configurations and return to the Control Panel interface or select Back to return to the Control Panel interface without saving any changes Allowed Location Allowed Location allows you to configure a destination location where the scanned file is moved To access Allowed Location settings for Compliance Guardian in the Control Panel interface select Allowed Location under the Common Settings heading Select Close on the ribbon to close the Allowed Location interface Configuring Allowed Location In Allowed Location you can create a new allowed location edit a previously configured allowed location or view the information of the previously configured allowed locations To create a new allowed location select a scope you can configure an allowed location either in the site lev
399. ner Real Time Classification Scanner Emm HO Create Manage Action SS Search all pages Search current page D a Plan Name Description Scan Policy Scope Type Modified Time ET 80_quarantine_in None Scheduled Classification Scanner for ShareF 2014 01 07 17 02 15 leo_sp10_quarantine_in tag_example Scheduled Classification Scanner for ShareF 2013 12 09 14 23 48 EI yhli_Encrypt MCC_yhli Scheduled Classification Scanner for ShareF 2013 12 06 17 18 14 ET online_yhli MCC_yhli Scheduled Classification Scanner for ShareF 2013 12 05 16 45 57 E Encrypt_Fs redact_aaa Scheduled Classification Scanner for File Sy 2013 12 05 13 15 22 E mark test b mark scan 2 Scheduled Classification Scanner for ShareF 2013 12 04 17 45 23 EI mark test a mark scan 2 Scheduled Classification Scanner for ShareF 2013 12 04 17 35 49 EI en fe ous scan_example Scheduled Classification Scanner for File Sy 2013 11 29 17 24 41 E leo_fs_enrypt scan_example Scheduled Classification Scanner for File Sy 2013 11 29 16 42 51 xy_ol_encrypt xy_find_aaa_scanpolicy Scheduled Classification Scanner for ShareF 2013 11 29 16 30 42 EI FS Ou None Scheduled Classification Scanner for File Sy 2013 11 29 11 15 21 scan policy redact_aaa Scheduled Classification Scanner for ShareF 2013 11 29 10 53 35 CT sp_actioninfo None Scheduled Classification Scanner for ShareF 2013 11 27 15 07 00 0 of 13 selected Show rows 15 Goto 1 of1 Figure 26 Scheduled Classification Scanner home page Sele
400. new one select Save As on the ribbon At any time select Cancel on the ribbon to return to the Plan Manager without saving any of your changes Note If you change the scan policy when editing a Compliance Scanner plan or change the database policy when editing a Compliance Scanner plan after you save the changes the next time the plan will mandatorily run a full job although you select to run an incremental job thus to guarantee that the job can perform correctly as well as guarantee the job data is generated correctly e Delete Select Delete on the ribbon to delete the selected plan A warning message will appear to confirm the deletion Select OK to delete the selected plan or select Cancel to return to Plan Manager without deleting the selected plan e Run Now Select Run Now on the ribbon to execute the plan immediately After you select Run Now a pop up window appears you can select to run a full job or an incremental job If Incremental Scan is selected the Reference Time option is enabled o Reference Time Choose whether to scan contents created or modified at a specified interval If you choose to use a reference time specify the time to scan contents created or modified Enter an integer into the textbox and select Month s Day s Hour s or Minute s from the drop down list Note It is recommended that you specify a reference time when the recurrence schedule configured in Range of Recurrence is End after 1 o
401. nfigurations To make changes select the Edit button next to the name of the each configuration field to jump to the corresponding setting page and edit the configuration 160 S F e e Compliance Guardian Installation and Administration User Guide 7 Once you are satisfied with the plan settings choose one finishing option at the lower right section of the screen Select Finish to save the configuration of the plan without running it or Finish and Run Now to save the configuration and then run the saved plan immediately Scan Schedule Configure the following settings to build a new Compliance Scanner schedule in the Add Schedule pop up window e Options Select a scan type from the drop down list Q Full Scan Run a full scan of all of the documents and items in the specified scope Unlike incremental scan all full scans are independent of one another and do not have any dependencies on the other s scan results However because each of the full scans is comprehensive full scan jobs take the longest to complete of the two available options Incremental Scan Run a fractional scan It scans only the updated documents and items since the last successful full scan or incremental scan This kind of scan requires less storage than a full scan and it reduces the execution time of the scan job However it is important to note that for each incremental scan the latest full scan job in the full scan cycle must be availa
402. nfigured export locations and then select Delete on the ribbon A confirmation window will appear and ask if you are sure you want to proceed with the deletion Select OK to delete the selected export locations or select Cancel to return without deleting it Configuring Export Locations To create a new export location select Create on the ribbon To modify a previously configured export location select the export location and then select Edit on the ribbon In the Create Export Location or Edit Export Location interface configure the following settings 1 Name and Description Enter a Name for this export location and then enter an optional Description for this export location for future reference 2 Path The export location can be a file share storage area network SAN or network attached storage NAS e Enter the UNC Path in the following format admin PC c data or admin PC shared folder Note The path you specified must already exist e Enter the Username and Password in the corresponding text boxes and then select Validation Test Compliance Guardian will test the path and user information to make sure they are valid 3 Select OK to save the configurations and return to the Export Location interface or select Back to return to the Export Location interface without saving any changes Filter Policy Filter Policy allows you to set up filter rules so you can control what objects and data appear so that you
403. ng and Editing Connections Select Edit on the ribbon to change the configurations for the selected connection For information about editing configurations for the connection review Creating and Editing Connections To view a connection select it from the list of previously configured connections and then select View Details on the ribbon To delete a connection select it from the list of previously configured connections and then select Delete on the ribbon A confirmation window will pop up and ask if you are sure you want to proceed with the deletion Select OK to delete the selected connection or select Cancel to return without deleting it Creating and Editing Connections To create a new connection select Create in the Manage group on the Configure Connection page To modify a previously configured connection select the connection and then select Edit on the ribbon In the Create Connection or Edit Connection interface configure the following settings e Name and Description Enter a name for this connection You can also enter an optional description to distinguish this connection from the others e Type Select the file system type for the connection e Connection Configure the following settings o Agent Group Select the agent group that will perform the Compliance Scanner File System job o UNC Path Specify a path in the format admin PC c data or admin PC shared folder The files in the specified locati
404. ng configurations for an action policy refer to Creating and Editing Action Policies e Delete Select Delete on the ribbon A confirmation window will appear and ask if you are sure you want to proceed with the deletion Select OK to delete the selected action Pe F 183 Compliance Guardian Installation and Administration User Guide policies or select Cancel to return to the Action Policy interface without deleting the selected action policies Creating and Editing Action Policies To create a new action policy select Create on the ribbon To modify a previously configured action policy select the action policy and then select Edit on the ribbon In the Create Action Policy interface or Edit Action Policy interface enter a Name for the action policy and enter an optional Description for future reference Then configure the Set up the action rules section e Conditions Configure the action policy filter rules Select Configure The Configure interface appears Refer to the following steps to configure the action policy filter rules o Select a category select Add an Action Level Group to add a new rule of the specified category level Configure the following fields for the rule Rule Select the new rule you want to create from the drop down list Condition Select the condition for the rule Value Enter a value you want the rule to use in the text box Select the delete button to delete the r
405. nges Collecting Logs In order to collect logs you must first specify the Manager services or Agents that you want to collect the logs from in the Log Collection section of the Log Manager interface Select Collect on the ribbon to begin collecting logs for the selected services or agents To receive e mail notification containing the report select a previously configured e mail notification profile in the drop down list or select New Notification to set up a new e mail notification profile For more information about how to configure the e mail notification profile refer to User Notification Settings SharePoint Sites Use SharePoint Sites to map out your SharePoint Online sites so that you can manage the site collections within those objects with Compliance Guardian Note Compliance Guardian Manager requires internet access in order for you to configure SharePoint Sites settings To access SharePoint Sites for Compliance Guardian in the Control Panel interface select SharePoint Sites under the SharePoint Sites heading Select Close on the ribbon to close the SharePoint Sites interface Managing SharePoint Online Site Collection URLs In Compliance Guardian s SharePoint Sites interface any SharePoint Site Groups that you have previously configured will be displayed in the main display pane along with their associated Agent groups descriptions and last modified time To create a new SharePoint Sites Group select Create on
406. nges between different versions so they cannot be uninstalled Inthe Manager tab all of the installed Manager services will be displayed Select Uninstall the update from all the managers below when uninstalling updates from the Compliance Guardian Manager has 95 Compliance Guardian Installation and Administration User Guide lt lt lt _ services since all of the available manager services must be updated at the same time Inthe Agent tab select a farm to remove the update from all Compliance Guardian Agents in that farm e Browse Select Browse on the ribbon to look for the updates on your local server Select the desired update and then select Open to load the update file into Compliance Guardian The hotfix will be stored in the UNC path you specified in Update Settings If there is no UNC path configured the hotfix will be stored under the default path AvePoint Compliance Guardian Manager Work patchFolder e Download Select Download to download the selected updates from Compliance Guardian update server e Stop Select Stop to interrupt the selected downloading update Note The download progress will be reset to 0 e Install Select Install to install the selected updates The following options can be configured in the pop up window o Inthe Manager tab all of the installed Manager services will be displayed Select Install the update for all the managers below when installin
407. nload this software Accept License Agreement Decline License Agreement ODAC 12c Release 2 12 1 0 1 2 Rele Download the ODP NET Managed Driver ria version yn only ODP NET_Managed121012 zip 1 90 MB 1 999 520 bytes Installation instructions are included within the zip file Figure 91 32 bit Oracle Data Access Components ODAC Downloads interface 64 bit Oracle Data Access Components ODAC Downloads Important The 32 bit Oracle Developer Tools for Visual Studio download is required for Entity Framework design time features The downloads that support Entity Framework deployment below do not contain design time tools only run time support You must accept the OTN License Agreement to download this software Accept License Agreement Decline License Agreement 64 bit ODAC 12c Release 2 12 1 0 1 2 Xcopy for Windows x64 ODP NET_Managed121012 zip 1 90 MB 1 999 520 bytes This download contains ODP NET Managed Driver xcopy only Installation Instructions are included within the Zip file Figure 92 64 bit Oracle Data Access Components ODAC Downloads interface After download the Zip file unzip it to a specified location for example C ODP NET_Managed121012 Open the unzipped folder ODP NET_ManagedSerialNumber odp net managed 64 or ODP NET_Managedxxx odp net managed 32 and then find configure bat Right click configure bat and select Run as administrator to install ODP NET Provider Compliance G
408. nned files whose similarity is greater than 75 of the template file will be considered the passed files and then moved to another location These moved files will be the filled forms Context The Context check is used to discover SharePoint site list item properties file properties and AD properties that match the test conditions Configuring Attributes for Context Type Check Configure the attributes for the Context type check according to the instructions in the following sections NA If any of the configured conditions cannot find the properties the results will be the value selected in the NA drop down list TureResult FalseResult or NAResult Condition e Source Enter the macro expression You can define the search for SharePoint site list or item properties file properties AD properties or properties in Yammer The format is Sobject Name 346 S e ae e Compliance Guardian Installation and Administration User Guide o SharePoint Site List or Item Properties If you want to search a SharePoint site list or item properties the object is SSPSite SSPWeb SPltem SPSite Search properties of the scanned item s corresponding SharePoint site collection The format of the Source is SPSite Properties Property Name The Property Name can be URL Title Modified Time Created Time Primary Administrator Template Name or Template Id SPWeb Search properties of the scanned item s corresponding
409. ns any special character or space PackageFilesFolder Required The local path on the machine where you run the command The specified path stores the unzipped Compliance Guardian Agent installation package Agent ZIP file The format of the path is C package Quote the path if it contains any special character or space AnswerFilePath Required The local path where you saved the Answer file The path must be detailed to the name of the Answer file For example C AnswerFile xml RemoteTempPath Required A local path on the destination machine that the Compliance Guardian Agent is installed to The format of the path is C temp The path will be used to store the temporary files generated during the Compliance Guardian Agent unattended installation The temporary files will be deleted as soon as the unattended installation finishes Log Optional This is an optional parameter If used the logs of the unattended installation will be saved to the txt file in the specified path The path specified in this 56 e ae e C Compliance Guardian Installation and Administration User Guide Parameter Type Description parameter must be detailed to the name of the log file For example C Log txt If the specified log file does not exist it will be generated automatically Optional This is an optional parameter It specifies the UselPv6forCommunication communication method between the machine w
410. nt will be quarantined After you select Configure after the Quarantine Files Items action in the Create Action Policy or Edit Action Policy interface configure the following settings in the appeared Configure interface e Manage Quarantined Files or Items Configure the following settings 0 Specify a SharePoint group that has the permissions to view or manage the quarantined data in SharePoint Specify who can view and manage the quarantined data in Compliance Guardian Quarantine Manager in SharePoint For more information on managing the quarantined files refer to Using Compliance Guardian Quarantine Manager in SharePoint SharePoint Group Name Enter a group name If the group does not exist it will be created Group Permissions Specify permissions for the group Users in the group will have the specified permissions to view and manage the data that are quarantined in Compliance Guardian Quarantine Manager in SharePoint Select the groups that have the permission to manage the quarantined data in Compliance Guardian Specify who can view and manage the quarantined data in Compliance Guardian gt Classification Report gt Incident Manager gt Quarantine Select New Group to create a new group in Control Panel For more information refer to Account Manager e Quarantine Method Select one of the following Quarantine Methods O In place quarantine The non compliant files or items will be quaran
411. nterval If you choose to use a reference time specify the time to replicate contents created or modified Enter an integer into the text box and select Minute s Hour s or Day s from the drop down list Select OK to run the job oe 235 Compliance Guardian Installation and Administration User Guide Performing a Scheduled Classification Scanner Plan in Form Mode Select the Scope of the content you want to scan select Plan Builder from the Plan Management group on the ribbon Select Form Mode from the drop down menu or you can directly select Start with Form Mode on the landing page For detailed information about how to configure the Scheduled Classification Scan Plan settings refer to Performing a Scheduled Classification Scanner Plan in Wizard Mode Note If you are unfamiliar with this plan creation process it is not recommended that you use this mode to configure settings Using Compliance Guardian Features in SharePoint Refer to the following sections about the Compliance Guardian Tag Assist Manager feature and Compliance Guardian Quarantine Manager features Using Compliance Guardian Tag Assist Manager in SharePoint Compliance Guardian Tag Assist Manager is used in combination with the For Compliance Guardian Tag Assist Manager only option in Real Time Classification Scanner It allows you to manually scan the file in the specified scope defined in Compliance Guardian and view the scanned results or you c
412. nzipped Manager installation package and double select SetupManager exe to run it Complete the following steps 1 On the welcome screen select Next 2 Select Create a new answer file for Compliance Guardian Manager e Modify an existing answer file If you want to reuse an existing Answer file select Modify an existing answer file If this is selected the path field will be enabled Enter the full path of the answer file is or select Browse to browse for an answer file For example C AnswerFile xml Note We recommend you create a generic Answer file so that it can be reused later with modification Select Next 3 Carefully review the Compliance Guardian License Agreement 4 After you have read the terms in the license agreement check the accept the terms in the license agreement checkbox to agree to the terms Select Next 5 Enter your name and the organization into the provided field Select Next to continue the configuration or select Back to return to the previous interface 6 Set up the installation location using the following conditions e Default directory The Compliance Guardian Manager will be installed to the default installation location on the specified destination server which is Program Files AvePoint Compliance Guardian Manager e Customized directory If you select this option enter a customized path in the Installation Path field where you want to install the Compliance Guardian Manager
413. o ContentReq Specify whether the specified element must contain content If Yes is selected then the element must contain content or the check for this section will be False The following elements with specific attributes are within the optional ElementContent section o Length This section is optional Select the checkbox before this element the following attributes appear hast 301 Compliance Guardian Installation and Administration User Guide 302 O CompareType Specify a compare type for this length compare The attributes for CompareType are GreaterThan LessThan GreaterOrEqualThan LessOrEqualThan Equal and NotEqual Characters Specify the number of the characters used for the compare Select the delete button 4 to delete this check rule Select Add Another Length to add another rule TextCompare This section is optional Select the checkbox before this element the following attributes appear CompareType Specify a compare type The attributes for CompareType are MustContain MustNotContain MustEqual MustNotEqual MustMatch and MustNotMatch Separator Specify a separator if multiple values are specified CaseSensitive Specify if the attribute being tested for must match the case exactly Value Define one or more values for the test use the separator specified before to separate the values Select the delete button 4 to delete this check rule
414. o export particular scan results select the checkboxes of the rules you want to export and click Export Report 4 Click Export Report on the ribbon to export a Self Checker report The Export Report interface appears 5 Inthe Scan Results Selection field choose to export all of the scan results or only the selected scan results 6 Select a report format from the Select a report format drop down list in the Report Format field 7 Click OK The report will be exported to a location you specified Solution Manager Solution Manager provides an interface for you to manage all of the Compliance Guardian solutions To access Solution Manager for Compliance Guardian go to the Control Panel interface and then select Solution Manager under the Solution Manager heading Select Close on the ribbon to close the Solution Manager interface Note Be sure that you have Full Control of all zones of all Web applications via the User Policy for Web Applications in your SharePoint permissions Managing Solutions When you first access Solution Manager you will see two Compliance Guardian solutions In order to see some of the information for these solutions or to perform certain actions to these solutions you must first select a farm Farm Selection Select a farm from the Farm drop down menu the following information of the farm will be displayed in a table e Number of Front end Web Servers Number of the servers which have enabled t
415. o save this connection If you do not want to save the current configuration select Cancel to cancel the configuration Getting Started Refer to the sections below for important information on getting started with Scheduled Classification Scanner Launching Scheduled Classification Scanner To launch Scheduled Classification Scanner complete the following steps 1 Login to Compliance Guardian If you are already in the software go to the welcome page From the welcome page all of the products are displayed 2 Select the Classification Scanner to launch its interface The Classification Scanner interface appears Select the Scheduled Classification Scanner tab the default selected tab 3 Alternatively you can select Administration on the top left corner and select the Classification Scanner tab on the appeared navigation bar Then select the Scheduled Classification Scanner tab in the appeared interface ft Report v Administration v Classification Manager gt Scheduled Classification Scanner om Create Manage Action z Search all pages Search current page inj P W Plan Name Description Scan Policy Scope Type Modified Time EI s0_quarantine_in None Scheduled Classification Scanner for ShareF 2014 01 07 17 02 15 E leo_sp10_quarantine_in tag_example Scheduled Classification Scanner for ShareF 2013 12 09 14 23 48 E yhli_Encrypt MCC_yhli Scheduled Classification Scanner for ShareF 2013 12 06 17 18 14 online_yhli
416. ocation attribute the check continues but the locations of the instances found will not be recorded in the database ListLocStatus Specify the status for the instance that is found The status will be recorded in the Compliance Guardian database Note that if the status set for True Result or False Result is Failed in the Report Text step the value for the ListLocStatus attribute will be Fail and the value cannot be changed MustRepeat Specify the amount of times the value that matches the regular expression must be found before considering the condition to be True When configuring the check if you do not enter a value for this attribute the value for this attribute will be considered 1 in the test CustomCheck Enter a CustomCheck name for this attribute The CustomCheck is used to calculate check digit on the result of the regular expressions in order to validate the result For more information on CustomCheck refer to Using CustomScan in Compliance Guardian This attribute is optional If you want to configure the Filter section select the checkbox before the element this section is optional Select the checkbox before Text if you want to configure the Text section CaseSensitive Specify if the element being tested must match the case exactly Separator Specify a separator if multiple values are specified Value Define one or more values for the test and use the separator specified before to separate the
417. of the checks is Failed the Scan Result will be Failed The time that the scan takes will also be displayed Check Validator ll xi Check and He Selection Check Test Suite T buildin XML AlO Buildin XML AIO 508Html 508 html b 2 xml Test File F D doc Buildin XML AlO Buildin XML AIO SO8HtmI 508 htr Successfully scanned the file Scan S Not Applicable Ready Figure 37 Scan results of Check Validator 7 Select Export Report to generate the scan result After you select the Export Report button a pop up window appears select the location where you want to save the report and select OK on the window The detailed scan report will be saved in the specified location You can check the report to verify if the scan results are what you wanted 8 Before scanning the selected file the tool will first validate if the check or test suite is correct if the selected check or test suite is not correct after you select the Scan button the error message will be displayed on the tool interface you can then review the logs for the detailed information 9 After the scan job a report is also generated in AvePoint Compliance Guardian Agent bin TDFValidatorReport The report contains three kinds of files e The file that is scanned by Check Validator e af e P 257 Compliance Guardian Installation and Administration User Guide e The HTML format of the scanned file e The report that contains all
418. of the column you want to filter and then check the checkbox next to the item name to have that item shown in the list To remove all of the filters select Clear Filter To manage your integrated Active Directories you can perform the following actions e Add To add anew Active Directory select Add on the ribbon then enter the Domain Username and Password in the corresponding text box Select Validation Test to see if the values you entered are valid and then select OK to save the configurations for the new Active Directory and return to the AD Integration interface or select Cancel to return to the AD Integration interface without saving the configurations e Edit To make changes to a previously configured integrated Active Directory select the Active Directory by checking the corresponding checkbox then select Edit on the ribbon Make the necessary changes and then select OK to save the changes and return to the AD Integration interface or select Cancel to return to the AD Integration interface without saving any changes e Delete To delete a previously configured Active Directory select the Active Directory by checking the corresponding checkbox then select Delete on the ribbon You will be presented with a pop up window notifying you that The user s associated with the selected domain s will be disabled The user s can be enabled only by adding the selected domain s again Are you sure you want to proceed There is
419. of the scanned file s violations as well as the violation s locations lt xml version 1 0 gt lt TestResultCollection gt lt Result status Fail tdfID 508_office_A gt lt Groups gt lt Result status NA tdfID 508_office_1 gt lt Result status NA tdfID 508_office_2 gt lt Result status NA tdfID 508_office_3 gt lt Result status Fail tdfID 508_office_4 gt lt Units gt lt Unit status Fail tdfID 508_office_4 length 33 column 1 line 311 startIndex 10371 gt lt table name Table head true gt lt Unit gt lt Units gt lt Result gt lt Groups gt Figure 38 Check Validation report Related Configuration File The tool has a related configuration file named CCE TDFValidator exe config the file is located under the directory AvePoint Compliance Guardian Agent bin directory EI CCE TDFValidator exe config Notepad File Edit Format View Help lt xml _version 1 0 encoding utf 8 gt lt configuration gt lt appSettings gt lt appSettings gt lt configuration gt Figure 39 CCE TDFValidator exe config file overview You can configure the Value attribute to specify the maximum scan time If the time that the scan takes exceeds the specified scan time an error message will be displayed on the tool interface and the scan will stop By default the value for the Value attribute is 180 seconds 258 F e D e e Compliance Guardian Installation
420. ogs gt ComplianceGuardian in the Event Viewer interface Then you will find the events in the right pane Select each event to view the related action report or social report Compliance Guardian Installation and Administration User Guide File Action View Help Event Viewer Local gt 1 Custom Views b D Windows Logs a Applications and Services Lo E AvePoint LI ComplianceGuardian E Hardware Events E Internet Explorer L7 Key Management Service gt I Microsoft Microsoft Office Alerts E Microsoft SQLServerDate gt E Microsoft SQLServerDate E Preemptive fe VisualSVN Server E Windows PowerShell Subscriptions ComplianceGuardian Numt Level Date and Time Source EventID Task Category Information 2014 7 8 9 13 59 ComplianceGuardian 106 Classification Scan Information 2014 7 8 9 13 59 ComplianceGuardian 105 Classification Scan Information 2014 7 8 9 13 59 ComplianceGuardian 103 Classification Scan Q Information 2014 7 8 9 13 59 ComplianceGuardian 102 Classification Scan Information 2014 7 8 9 13 59 ComplianceGuardian 106 Classification Scan Q Information 2014 7 8 9 13 59 ComplianceGuardian 101 Classification Scan Information 2014 7 8 9 13 59 ComplianceGuardian 104 Classification Scan LU Information 2014 7 8 9 13 59 ComplianceGuardian 108 Classification Scan Kr Information 2014 7 8 9 13 59 ComplianceGuardian 106 Classification Scan Information 2014 7 8 9 13 59 ComplianceGuardian 10
421. olicies navigate to Scheduled Classification Scanner gt Create gt Social Network Under the Social Network tab select Action Policy on the ribbon to go to the Action Policy interface Managing Action Policies The Action Policy interface displays all of the action policies that you have previously created In this interface you can change the number of action policies displayed per page and the order in which they are displayed hase 215 Compliance Guardian Installation and Administration User Guide You can perform the following actions in the Action Policy interface e Create Select Create on the ribbon to create a new action policy For information about creating a new action policy refer to Creating and Editing Action Policies e View Select View on the ribbon and you will see the settings for the selected action policy e Edit Select Edit on the ribbon to change the configurations for the selected action policy For information about editing configurations for an action policy refer to Creating and Editing Action Policies e Delete Select Delete on the ribbon A confirmation window will appear and ask if you are sure you want to proceed with the deletion Select OK to delete the selected action policies or select Cancel to return to the Action Policy interface without deleting the selected action policies Creating and Editing Action Policies To create a new action policy select Create on the ribbo
422. ompareType MustNotContain gt bmp lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt dib lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt rle lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt gif lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt emz lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt wmz lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt pcz lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt tif lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt tiff lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt cgm lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt eps lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt pct lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt pict lt TextCompare gt lt TextCompare CaseSensitive No Separator CompareType MustNotContain gt wpg lt TextCompare gt lt Attribute gt lt Attributes gt lt
423. ompliance Guardian Agent 53 Generating the Installation Answer File for Compliance Guardian Agent 53 Import the UnattendedInstallation dll File 54 Commands and Command Parameters for Compliance Guardian Agent Unattended Installation 55 Installation COMMANG EE 55 Installing Compliance Guardian App for Real Time Cl sstfication 58 Uninstalling Compliance Guardian App for Real Time Classification ccccsccccccsssssesscceeececessesssssaeeeesens 61 Navigation Bal are E E E E E E EE EEE E E eadedvwaned eeesd toecwetarweveenseeies 62 Navigating Compliance Guardian 63 Regen EE 65 Getting Started eege eege eg 65 Launching Control Panel siccccaccc csseeeceedackes NSA ded ceacege SSES BERGERE E E a E EEE 65 Understanding the Control Panel 66 Accessing the Control Panel ege eege een 67 Ae aT na SAE EE P E E epee ed sanets ne sadel E A A Aabetenavacelnesaeees 67 Using the Manager MON tOT ssssseiesseosn ianen esinaine ee dues casted e e EE e eea E E Eais 67 Using the Agent Monitor 67 System ee EE 70 Configuring General Settings essercene e e eeccdebaasssadelenacdderaneedvebouecuedssesdedabenecds 70 Configuring Security Settings c ccccccccsssssssssecececesseseseseceeecesseseeaeseeeeecesseseaseseeeeecessesaaaeseeeessessesaaeess 71 Viewing Security IMPORMATION EE 73 Compliance Guardian Installation and Administration User Guide kb Authentication Manager s s cecscscdeccsceaiyertes doaceasedegesdacecdseeandeSeese
424. ompliance Scanner and Scheduled Classification Scanner when the personal site is not created The User Profile Service node is loaded on the farm tree by changing the UserProfile Used false node in the ComplianceSetting config file To change the node for displaying the User Profile Service node in the tree complete the following steps 1 Go to the machines with Compliance Guardian Manager installed 2 Open the Compliance Guardian Manager Contro Config directory to find the ComplianceSetting config file Open the ComplianceSetting config file Locate the UserProfile node Change the value of the Used attribute to true ow Es Save the file The User Profile Service node appears in the farm tree in Compliance Scanner and Scheduled Classification Scanner Configuring Restricted Attachment Types and Modifying the Allowed Maximum Size of Uploaded Attachments in Incident Manager Incident Manager allows the option to upload attachments when you add a comment to a quarantined encrypted or redacted file You can configure the file types that are restricted to upload to Classification Report gt Incident Manager as attachments and modify the allowed maximum size of the uploaded file by configuring the ComplianceSetting config file Refer to the following steps 1 Go to the machines with Compliance Guardian Manager installed 2 Open the Compliance Guardian Manager Contro Config directory to find the ComplianceSetting confi
425. on the destination server 46 F e D e e C Compliance Guardian Installation and Administration User Guide o Use the default directory if your customized directory is invalid Enable this option to install Compliance Guardian Manager to the default directory should the path you defined for customized directory be invalid For example if the drive indicated by the path you specified does not exist on the destination server 7 Select the Compliance Guardian Manager service you want to install There are only one service you can install e Control Service Manages all Compliance Guardian operations and communicates with Compliance Guardian allowing users to interact with the software All agents communicate with the Manager via the Control Service so it is imperative that the machine you install the Control Service on is accessible by all agent machines This service can be run on a Windows Network Load Balanced cluster to ensure load balancing which leverages the Windows Network Load Balancer to automatically select the proper Compliance Guardian Control Service for optimal performance Select Next 8 Set up the Control Service Configuration e IIS Website Settings Configure the IIS website settings for the Control Service The IIS website is used to access Compliance Guardian Manager o IIS website Enter the website name and create a new IIS website for the Control Service The default Website Port used to access Com
426. on User Guide To view details about a database policy select it from the list of database policies select View Details on the ribbon then select Database Policy in the drop down menu You will see the settings for this database policy Select Edit on the ribbon to change the configurations for this database policy For more information about editing configurations for a database policy refer to Configuring Database Policy To delete a database policy from Compliance Guardian select it from the list of database policies and select Delete on the ribbon and then select Database Policy in the drop down list A confirmation window will pop up and ask if you are sure you want to proceed with the deletion Select OK to delete the selected database policies or select Cancel to return without deleting it Configuring Database Policy To create a new database policy select Create on the ribbon and then select Database Policy in the drop down menu To modify a database policy select the policy and select Edit on the ribbon and then select Database Policy in the drop down list In the Create Database Policy or Edit Database Policy interface configure the following settings e Database Policy Name Specify a name for the database policy Enter a Report Database Policy Name and a Description in the corresponding fields The description is optional e Database Select an existing database or create a new one e Report Retention Rule
427. on are supported to be scanned o Username Specify a username that can access the specified location o Password Specify a password e 145 Compliance Guardian Installation and Administration User Guide Note The specified user must have the following permissions If the path is specified in the format admin PC cS data The specified user must have the local administrator permission to the connected server If the path is specified in the format admin PC shared folder The specified user must have the Log on as a batch job permission to the connected server or the user must be the member of the Backup Operators group of the connected server The specified user must have the Read and Change permissions to the shared folder After you are satisfied with the configuration of the connection select OK to save this connection If you do not want to save the current configuration select Cancel to cancel the configuration Configuring Connections for Database A database connection is used in the Compliance Guardian Scanner Database Mode Configure a connection with the database then the content in the connected database is supported to be scanned in Compliance Guardian Navigate to Compliance Scanner gt Create gt Database and select Configure Database Connection on the ribbon to enter the Configure Database Connection interface Managing Connections In the Configure Database Connection interface
428. on profile If this option is selected you must select an alert notification profile from the appeared drop down list You can also select the New Notification Profile link to create a new notification profile For more information refer to User Notification Settings Note Even though there may be more than one error when scanning a file the alert e mail will only be sent when the first error occurs ME 199 Compliance Guardian Installation and Administration User Guide After configuring the recipients choose one e mail template from the E mail template drop down list you can also select the New E mail template link to create a new e mail template For more information refer to Configuring E mail Templates e Filter Policy Select a filter policy from the drop down list or create a new policy to limit the scope of the job For more information on working with filter policies refer to Configuring Filter Policies e Custom Upload Page Select a custom upload page This feature will allow users to jump to the Compliance Guardian upload page when uploading files to SharePoint For more information refer to Enabling Custom Upload Page The function supports SharePoint 2013 and SharePoint 2010 OnPremises SharePoint Online is not supported Note Make sure SP2013CustomUploadPage wsp or SP2010CustomUploadPage wsp is deployed before using this function For more information on deploying the solution refer to Solution M
429. on the ribbon and then complete the following steps e E mail Template Name Enter a Name for this Notification profile and an optional Description for future reference hast 101 Compliance Guardian Installation and Administration User Guide e E mail Template Specify the Subject and Body of the e mail template There are three columns that can be added to the e mail subject Item Name Item URL and Scanned Time There are eight columns that can be added to the e mail body Job Name Plan Name Job Type Item Name Item URL Scanned Time Reason and Quarantine Manager this will be the Quarantine Manager URL in SharePoint The values of these columns will be displayed in the e mail is the columns are added in the e mail template Alternatively you can customize the subject and body of the e mail template with the desired content Select Save on the ribbon to save the settings or select Cancel without saving the e mail template settings Job Pruning Job pruning allows you to set up pruning rules for all job records across your farms When a job record is pruned it will be deleted from the Job Monitor and the Compliance Guardian Control database Note It is highly recommended that you configure a Job Pruning policy if you are running scan jobs frequently to ensure your databases are not overloaded with job data In Job Pruning you can configure Job Pruning Rules for Compliance Guardian modules to retain the desired
430. onfigured and users of this group have Full Control permissions for all modules Compliance Guardian Installation and Administration User Guide To manage your user groups you can perform the following actions e Add Group To add a new group select Add Group on the ribbon You will be directed to the configuration page accordingly and then you can perform the following actions o Group Information Enter a Group Name for the new group then enter an optional Description for future reference o Group Permissions In the Scope section select Global permission to grant the users of this group access to all farms with the permission levels configured here or select Permission for different farms to grant users of this system group access to specific farms with the configured system permission levels If Global permission is selected choose which or all of the Permission Levels you want to associate with this Group If Permission for different farms is selected for each farm choose which or all of the Permission Levels you want to associate with this group Note At least one permission level must be assigned to the new group When you are finished configuring the settings for the new group select OK to save and return to the Account Manager interface or select Cancel to return to the Account Manager interface without saving the configurations e Edit Group To edit a group select the group by checking the corre
431. onfiguring Attributes for RegularExpression Type Check Configure the attributes for the RegularExpression type check according to the instructions in the Configure the following attributes in this section e IsFindText Specify whether or not to extract the text as the scanning content If Yes is selected in the drop down list under this attribute the scan engine will extract the text as the scanning content if No is selected in the drop down list under this attribute the scan engine will use the source code as the scanning content Compliance Guardian Installation and Administration User Guide Filter SearchAll Specify whether or not to check the comments and scripts CaseSensitive Specify if the text being tested for must match the case exactly Truelf Specify the condition when the check result is True If Found is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be True If NotFound is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be False ListLocation Specify whether or not to record the instance s location in the Compliance Guardian database If Yes is selected in the drop down list under the ListLocation attribute then every location of the instance found will be recorded in the Compliance Guardian database If No is selected in the drop down list under the ListL
432. or Compliance Guardian open the Control Panel interface and then select General Settings under the System Options heading Select Security on the ribbon There are two tabs under Security Settings System Security Policy and System Password Policy System Security Policy In the System Security Policy tab the following options can be configured e Maximum User Session Configure the number of simultaneous logons allowed for Compliance Guardian For any new sessions that surpass the designated number the earliest session will be terminated e Session Timeout Configure how long a user can be inactive before being automatically logged off Enter an integer into the Logon will expire in text box and then select either Minute s or Hour s in the drop down menu Failed Logon Limitation Specify the maximum number of failed logon attempts allowed in one day If a specific account fails to provide the correct login information in a single day it will be locked To unlock the specified account refer to Account Manager Note The default admin account cannot be locked e Inactive Period Configure how long a user can be inactive before the account is automatically disabled Enter an integer into the Deactivate the account when the inactive period reaches text box then select either Day s or Month s in the drop down menu Once deactivated a Compliance Guardian administrator must activate the account before the user can log on
433. or the CompareType attribute the word Front end will be found We have set 2 for the MustRepeat attribute and the value 508 has repeated 2 times in the file A so the check is Found We have set NotFound for the Truelf value so the check result of this check is False According to the setting in False Result and Message in the Report Text step the returning status is User Review Required which will be displayed in the Compliance Guardian report We have set Yes for the ListLocation attribute and have set Note as the status so the location of 508 in the file A will be recorded in the Compliance Guardian database the status is Note Compliance Guardian Installation and Administration User Guide ComplexFindText Type Check The ComplexFindText type check offers a more complex way to detect if two text strings are coexisting in one document The functionality of the ComplexFindText type check is similar to the FindText type check The following section provides a general introduction about configuring attributes for this type of check as well as a test example for you to better understand the test logic Configuring Attributes for ComplexFindText Type Check Configure the attributes for the ComplexFindText type check according to the instructions in the following sections Primary Configure the following attributes in this section e Truelf Specify the condition when the check result is True If Found is selected in the drop
434. or the No option is selected e DepthScan only appears when Test Suite for Compliance Reporting type or Test Suite for Classification and Tagging type is selected Select an option for DepthScan o Hybrid Compliance Guardian scans the files with the supported file types If the files that will be scanned are the unsupported types in Compliance Guardian IFilter will be used for the scan o True Compliance Guardian scans the files If the files that will be scanned are the unsupported types in Compliance Guardian the exception message will be thrown and displayed in Compliance Guardian Report o False IFilter is used for the scan For more information on the supported file types in Compliance Guardian refer to Appendix C Supported File Types in Compliance Guardian 4 Select Next on the ribbon or on the lower right corner of the screen The File Body Configuration screen appears 5 Configure the attributes for the test suite For more information about configuring the file attributes refer to Configuring Test Suite File Attributes in Appendix B 6 Select Save on the ribbon or on the lower right corner of the screen to save the test suite If you want to preview the Test Suite for Compliance Reporting Test Suite for Classification and Tagging or Test Suite for Redaction file before saving it select Preview on the ribbon or on the lower right corner of the screen a pop up window appears Enter the file name in t
435. or trust domain will be integrated into Compliance Guardian and added to the Log on to drop down list in Compliance Guardian login page To view and manage users go to the Account Manager interface select Users on the ribbon In the Users interface you will see a list of previously added users To manage users you can perform the following actions e Add User To add a user for Compliance Guardian select Add User on the ribbon You will be brought to the Add User interface Select the User Type to configure the method for authentication o Local User Select Local User to manually enter the authentication credentials for this user Configure the following settings to add a local user Enter the Username and E mail of the user you are adding as well as an optional Description for future reference Enter the desired password into the Password and Confirm password text boxes and then configure the Password Settings The password entered here must meet the System Password Policy For more information refer to System Password Policy You can select to use the Default password settings or select Customized to configure the password settings manually Check the corresponding checkbox next to the User must change password at eeh 83 Compliance Guardian Installation and Administration User Guide EE next logon User cannot change password Password never expires Account is inactive setting Set the permissions fo
436. ord gt will be valid According to the logic of the ListLoc section the location of the node lt Input id keyword gt will be TEMPORARILY recorded the location of the node lt Input id keyword gt is TEMPORARILY recorded but is Not really recorded in the Compliance Guardian database only there are something temporarily recorded in the MatchElement check section can the SecondaryMatch section check start If there are nothing recorded in the MatchElement check the SecondaryMatch section check will not start and the result of the check will be True e Inthe SecondaryMatch section see the following nodes in file A lt Input id keyword gt lt Input id docx gt hast 309 Compliance Guardian Installation and Administration User Guide lt label For docx gt lt label For search keyword gt o According to the logic set in the MatchElement section the node lt Input id keyword gt meets the condition and is taken to participate to the secondary check o See the Attributes section under SecondaryMatch section see the node lt label For search keyword gt the value of the attribute For search keyword contains the value of the attribute id so the check result of the SecondaryMatch section is True o See the ValidWhen attribute under SecondaryMatch False has been selected in the drop down list under ValidWhen but the check result of this check is True so the result for ValidWhen attribute i
437. ord Excel and PowerPoint File Formats and install Microsoft Office Compatibility Pack Service Pack 3 SP3 Then add the following node under the Office FileMapping node in the configuration file ContentComplianceConfig xml you can find the file under the path Compliance Guardian Agent Bin lt NeedConvert gt lt Extension gt xls lt Extension gt lt NeedConvert gt lt OfficeFileMapping gt lt Word gt lt Excel gt lt Supported gt lt Extension gt xIsx lt Extension gt lt Extension gt xIlsm lt Extension gt lt Extension gt xltm lt Extension gt lt Extension gt xlam lt Extension gt lt Extension gt xItx lt Extension gt lt Supported gt lt NeedConvert gt lt Extension gt xIs lt Extension gt lt Extension gt xIsb lt Extension gt lt Extension gt xlit lt Extension gt lt Extension gt xla lt Extension gt lt NeedConvert gt lt Excel gt lt PowerPoint gt lt OfficeFileMapping gt Figure 21 NeedConvert node The value in the Extension attribute is the extension of the file that you want to scan through the compatibility pack 180 F e D e e Compliance Guardian Installation and Administration User Guide Classification Manager includes the Real Time Classification Scanner and Scheduled Classification Scanner Refer to Real Time Classification Scanner and Scheduled Classification Scanner for more information Real Time Classification Scanner The Real T
438. ore Permissions The restored file or item will inherit its parent s permissions Rating SharePoint Tags and Notes The restored file or item s rating and SharePoint tags and notes will no longer exist after it is restored Versions The file or item s versions will not be kept after the file or item is restored to SharePoint Only the version count can be kept 247 Compliance Guardian Installation and Administration User Guide Classification Report For details about classification reports and procedures for how to use them refer to the Compliance Guardian User Guide The Classification Report area includes Action Report Incident Report and Yammer Report It is used to view the report results of the files affected by Classification Scanner actions as well as provide operations to the quarantined files redacted files and encrypted files Launching Classification Report To launch Classification Report complete the following steps 1 Login to Compliance Guardian If you are already in the software select the home page button ah go to the home page From the home page all of the products are displayed 2 Select Classification Report to launch its interface 3 Alternatively you can select Administration on the top left corner and select the Classification Report tab on the appeared navigation bar to launch Classification Report fi Reporty Administration v What do you want to do next A Compl
439. ort gt Incident Manager gt Encryption Out of place quarantine The non compliant files or items will be quarantined to the specified location Quarantine Location If the Out of place quarantine option is selected you must select a location for storing the quarantined files or items Select New Export Location to create a new export location For more information refer to Export Location The scanned Newsfeed that is not compliant will be locked Users cannot reply to the locked newsfeed Move to the Allowed Location The scanned files that are not compliant will be moved to the specified allowed location configured previously You can select Allowed Location in the Create Action Policy interface or Edit Action Policy interface to go to the Control Panel gt Allowed Location page For more detailed information on how to configure the allowed location refer to Configuring Allowed Location Note Only the files in the document library can be moved After you select Configure after the Move to the Allowed Location action in the Create Action Policy or Edit Action Policy interface configure the following settings in the appeared Configure interface e Specified Location Select the location where the files will move O Global allowed location Select the radio button to move the files to the previously configured allowed location Specify the relative path of the library or folder Select the radio button and t
440. ou specified for the path attribute must exist 366 F sn e e Compliance Guardian Installation and Administration User Guide Appendix E Using the Scan Engine API Refer to the information below to use the Scan Engine API IMPORTANT In this appendix all references to TDFs refer to checks and all references to TDF collections refer to test suite Initialize the ScanEngine Class The use of Scan Engine API requires the support of the Compliance Guardian license The third party project must be compiled in the operating system where the Compliance Guardian agent is installed and the third party project must reference the CCE Engine dll in the bin folder of the Compliance Guardian agent installation path Currently the Scan Engine supports to perform the single thread scan When initializing the ScanEngine class the constructor requires taking one argument with ScanSetting Class The following coding sample indicates the construction ScanSetting setting new ScanSetting ScanEngine engine new ScanEngine setting Figure 53 Coding sample 1 Parameters of the ScanEngine Scan Method The following parameters are used for this method for completing the scan progress public object Scan string xml string url string filePath IDictionary lt string object gt metadata Figure 54 Parameters used for the ScanEngine Scan method e string xml A string in the XML format it combines the CCC MCC XML string with the TDF
441. ou to limit the jobs displayed by specifying the module where the jobs are run Searching Jobs Job Monitor also allows you to search for jobs to further customize which jobs are displayed to you The search interface is located under the toolbar ribbon Select the corresponding radio button to either Search all pages or Search current page Placing your cursor over the Search text box will bring up a tooltip informing you of the searchable parameters Note The search function is not case sensitive Since the Job ID includes the start time for the job you can search for a job by start time Enter the time as a numerical string in the text box then select the magnifying glass for example search for 2011 01 01 17 05 10 by typing 20110101170510 in the search text box 252 F e D e e Compliance Guardian Installation and Administration User Guide Managing Jobs The Job Monitor tab and the Scheduled Job Monitor tab offer different sets of tools more suitable for managing the different types of jobs Note If one tool is not supported for the selected job of the specified product the corresponding button of this tool will be greyed out and not available to select Operations in the Job Monitor Tab The Job Monitor tab provides you with a number of tools that allow you to perform actions to jobs you are currently running or have run in the past The Manage Toolbar This toolbar provides you with the following functional
442. our agents if an agent ever becomes unresponsive or is having issues or temporarily disable the Compliance Guardian Agent Service to perform server maintenance Using the Manager Monitor To access Manager Monitor in the Control Panel interface select Manager Monitor under the Monitor heading In Manager Monitor you will see the Compliance Guardian Control Service You can select the Control Service by checking the checkbox next to the service name then select View Details on the ribbon to bring up the View Details page with information about the selected Manager Service When you are finished viewing the information about the Control Service select Close on the ribbon to close the Manager Monitor tab and return to the Control Panel main page Using the Agent Monitor To access Agent Monitor open the Control Panel interface and then select Agent Monitor under the Monitor heading In Agent Monitor you will see a list of Compliance Guardian Agents which have been registered to the current Compliance Guardian Control Service ae 67 Compliance Guardian Installation and Administration User Guide Ee Once your Compliance Guardian Agents are appropriately displayed you can select an agent by checking the checkbox next to the Agent Name and then select e Configure Once you select an agent this button will become available Select Configure on the ribbon to access the Agent Configuration interface Here you can configure th
443. ox 3 Select Connect to start to scan the site collections in the specified SharePoint admin center Or select Cancel to close the pop up window without saving any configurations 4 Allofthe scanned site collections are displayed in the Site Collection column Select the site collections you are about to add to the specified SharePoint sites group Select Add to add them to the group You can also select Remove to remove the selected site collections from the SharePoint sites group 5 Select Save to save your changes or select Cancel to exit this page without saving any changes Retrieving Status of the Site Collections On the Manage Site Collection page select the site collections you want to retrieve the status Then select Retrieve Status on the ribbon to retrieve the status of the selected site collections Activating App for Real Time Classification If you want to scan SharePoint Online site collections using the Real Time Classification Scanner rule you must activate the app For more information on installing the Compliance Guardian App for Real Time Classification refer to Installing Compliance Guardian App for Real Time Classification Select the site collections and then select Activate App for Real Time Classification on the ribbon The Activate App for Real Time Classification interface appears e Get SharePoint Online Token Select Connect to the SharePoint Online site to get the token used to obtain the trust of
444. part refer to Using AvePoint Yammer Connector Web Part to Post Messages to Yammer Note The YammerConnector wsp solution must be deployed on SharePoint in order to use Real Time Classification Scanner for Yammer Receiver Register event receiver to Yammer server without dependency on SharePoint When users post messages on Yammer the receiver will synchronously get the event from the Yammer server then dispatch messages to Compliance Guardian Agents to execute scan and actions e User Scope Define the user scope The content posted by a specific user will be scanned 0 Add users Select the radio button to add users Select the Select Users link the Add specified users window appears In the left pane of the Add Users window enter a keyword in the search box the display names and e mail addresses of the related users who are associated with the network are displayed in the table You can also select the Advanced button to filter the results by user or groups Select Add a Criterion Rule Select Group or User as the rule Conditions Select Equals or Contains Value Enter the value for the rule Select the Delete L button to delete a rule To add more filters select Add a Criterion again Note Depending on the filters you enter you can change the logical relationships between the rules by selecting And and Or After configuring the filter rules select Search to search for the rela
445. pliance Guardian Control Service is 14100 you do not need to change it unless a known port conflict exists o Website Port Control Service communication port The default port is 14100 e Application Pool Settings Configure the IIS application pool settings for the corresponding website The application pool is used to handle the requests sent to the corresponding website o Application pool Enter the application pool name for the corresponding website o Application Pool Account Enter an application pool account to be the administrator of the specified application pool and the corresponding password Note The application pool account for connecting an existing IIS website or creating a new IIS website must have the following Local System Permissions Member of the following local group IS_WPG for IIS 6 or IIS_IUSRS for IIS 7 and IIS 8 Full Control to HKEY_LOCAL_MACHINE SOFTWARE AvePoint Compliance Guardian Full Control to Compliance Guardian Manager folder PA 47 Compliance Guardian Installation and Administration User Guide E Member of the Performance Monitor Users group Full Control to Compliance Guardian Certificate private keys Full Control or Read Write Modify and Delete to C WINDOWS Temp only for Windows 2003 environment You can add the application pool account to the local Administrators group to meet the required permissions Select Next to continue to confi
446. pliance Guardian Installation and Administration User Guide Update Compliance Guardian To update Compliance Guardian complete the following steps 1 Navigate to Compliance Guardian Manager gt Control Panel gt Update Manager The Update Manager interface appears 2 Select Manage Updates on the ribbon The Manage Updates interface appears 3 Select Download to download the selected update from Compliance Guardian update server or select Browse on the ribbon to browse and load the update file into Compliance Guardian Manager 4 Select the update you want to install and select Install The Server Selection pop up window shows all of the available Manager services on the Manager tab and all of the available Agents on the Agent tab 5 Onthe Manager tab select the Install the update for all the managers below checkbox to install the update on the Manager services 6 On the Agent tab select the farms whose Agent services you want to update by selecting the corresponding checkboxes The update will be installed on the selected Agents 7 Select Install on the ribbon or on the lower right corner A message appears to prompt you whether to automatically restart the IIS service immediately 8 Select OK to automatically restart the IIS service or select Cancel to manually restart the IIS service later The Update Installation page appears displaying the progress After installation a message appears to indicate that the installatio
447. pliance Guardian can be configured to notify you before licenses or maintenance expires You can set how many days prior to expiration and at what interval you want to be notified as well as configure the method of notification to use To configure License Renewal Notifications select Settings on the ribbon You will be brought to the License Renewal Notification Settings interface Here you can configure the following settings for Notification Schedule e By expiration date Configure these settings for notifications of license expiration o Enter a positive integer into the text box and select Day Week or Month from the Remind me starting from before license expires for any modules drop down menu o Check the Interval checkbox to have the reminder repeat at a set interval Enter a positive integer into the text box and select Day Week or Month from the drop down menu e By maintenance expiration date Configure these settings for notifications of maintenance expiration o Enter a positive integer into the text box and select Day Week or Month from the Remind me starting from before license maintenance expires drop down menu o Check the Interval checkbox to have the reminder repeat at a set interval Enter a positive integer into the text box and select Day Week or Month from the drop down menu e By number of servers Configure these settings for notifications of the number of available servers left for any far
448. press Enter Enter the Compliance Guardian login username and press Enter Enter the login password and press Enter Host Compliance Guardian Server IP Address Port Compliance Guardian Server Port Username Compliance Guardian Login Account Password Compliance Guardian Login Password Please enter the host Please enter the port Please enter the username Please enter the password Figure 8 The CGReportDBUpgrade exe file interface Enter the version to which you want to update e f you want to update the report databases that store the Compliance Scanner from the previous version the version lower than Compliance Guardian 3 SP1 to Compliance Guardian 3 SP1 enter 3 1 0 and then wait until the Press any key to exit message appears after the databases finishes updating e If you want to update the report databases that store the Compliance Scanner data and the report databases that store the Classification Scanner data from the previous Compliance Guardian version the Compliance Guardian 3 SP1 version or the version greater than Compliance Guardian 3 SP1 but lower than Compliance Guardian 3 SP2 or Compliance Guardian 3 SP3 to Compliance Guardian 3 SP2 or 3 SP3 Enter 3 2 0 or 3 3 0 Then wait until the Press any key to exit message appears If you have entered n you must finish the following steps step 4 and step 5 for completing the update of the report databases 42 S F e C Compliance Guardian Installatio
449. ptional Select the checkbox before this element the following attributes appear CompareType Specify a compare type for this length compare The attributes for CompareType are GreaterThan LessThan GreaterOrEqualThan LessOrEqualThan Equal and NotEqual Characters Specify the number of the characters used for the compare Select the delete button 4 to delete this check rule Select Add Another Length to add another rule o TextCompare This section is optional Select the checkbox before this element the following attributes appear CompareType Specify a compare type The attributes for CompareType are MustContain MustNotContain MustEqual MustNotEqual MustMatch and MustNotMatch Separator Specify a separator if multiple values are specified CaseSensitive Specify if the attribute being tested for must match the case exactly Value Define one or more values for the test use the Separator specified before to separate the values Select the delete button 4 to delete this check rule Select Add Another TextCompare to add another rule o WordsRepeat This section is optional Select the checkbox before this element the following attribute appears Number Define the number of times that words can repeat in the attribute value before the test fails e ElementContent This section is optional Select the checkbox before this element the following attribute appears
450. r the Text section and the Regex section appear o Text Select the checkbox before Text and configure the following attributes CaseSensitive Specify if the element being tested for must match the case exactly Separator Specify a separator if multiple values are specified Value Define one or more values for the test and use the separator specified before to separate the values If the scanned result that e bast 321 Compliance Guardian Installation and Administration User Guide matches the specified regular expression exactly matches the value specified here this result will be filtered out Select Add Another Text to add another Text filter check rule Select the delete button 4 to delete this filter check rule o Regex Select the checkbox before Text and configure the following attributes CaseSensitive Specify if the element being tested for must match the case exactly Separator Specify a separator if multiple values are specified Value Define a regular expression If the scanned result that matches the specified regular expression also matches the regular expression specified here this result will be filtered out Select Add Another Regex to add another Text filter check rule Select the delete button 4 to delete this Regex filter check rule e Value Specify a regular expression for the secondary check section The value that matches the regular expre
451. r Policy Select a filter policy If you want to set up a new filter policy select the New Filter Policy link in the drop down list Refer to Configuring Filter Policies for more information Alert If you want Compliance Guardian to send an e mail alert when an error occurs during a scan select an e mail profile to determine the users who will receive the e mail and select an e mail template You can also select the New E mail Template link to create a new e mail template Select Next The Schedule page appears 4 Configure the schedule settings 172 Compliance Guardian Installation and Administration User Guide e No schedule Select this option to run the plan immediately and save the plan in Plan Manager e Configure the schedule myself Select this option to configure a customized schedule Select Add Schedule to set up a schedule The Add Schedule window appears In the Options section select a scan type from the drop down list For more information review to Scan Schedule Select Next The Advanced page appears 5 Configure the advanced settings e Agent Group Select the agent group that will perform the job e Notification Configure the e mail notification settings Select a notification profile from the Select a profile with address only drop down list or choose to create a new e mail notification profile by selecting the New Notification Profile link Select View to view the detailed configur
452. r System Security Policy and System Password Policy This way you have control over the users that are able to access Compliance Guardian Configuring General Settings To access General Settings for Compliance Guardian open the Control Panel interface and then select General Settings under the System Options heading The following settings can be configured in this page e Language Preference Specify a language for Compliance Guardian to be displayed in or allow users to utilize a translation engine to have Compliance Guardian displayed in the language of the user s browser o Display for all users Select this option to display Compliance Guardian in the language specified here To change the display language select the drop down menu and select your desired language o Change to the end user browser used language Select this option to allow Compliance Guardian to be displayed in the language used by the user s browser Then select a language for Compliance Guardian to default to in the If the language does not change successfully please select to use a default language drop down menu This way if Compliance Guardian does not properly display in the user s browser language Compliance Guardian will be displayed in the language specified here e Date and Time Format Set the system location by selecting a location from the Locale Location drop down menu Set the format for all date and time displayed in Comp
453. r Weighted is r1 r2 r3 n 1 e The formula for Stepped is r1 r2 n 1 e The formula for Raw is r1 n User can also create a new risk formula Refer to the following section for the introduction about r1 r2 and r3 e r1 Item Initial Risk value this is the value assigned on the initial occurrence of the compliance failure related to the check being tested for in the document or stream Allowed Values for r1 are 1 10 e 2 Item Additional Risk Level factor Step that the risk level grows at for every additional failure at the check level for the same type found in the document or stream This number is optional where the integer 1 means ignore the value allowing to use the third value If the value is 1 then the factor will be 1 Allowed Values are 1 to 10 e r3 Item risk in relation to other checks This Item is optional If this number is missing then it is assumed that its value is 1 Allowed Values are 1 10 In addition the r3 value allows us to define importance of an item in a check against other checks allowing us to look at a document with 100 images with missing alternative text quite differently than a document that has 100 social security numbers In addition if we considered alt text errors and SSN numbers as errors that should grow risk at the same value for every new occurrence we could then define importance at a higher level for a specified test suite These two additional risk factors a
454. r example if you enter 5 in the text box only the 5 most recent reports in this report location will be kept All other reports will be deleted Keep the last Minute s Hour s Day s Week s Month s of report s Select this option to keep only the reports within the desired time frame in this report location Set the time frame for the reports you want to keep by entering a positive integer into the text box then select Minute s Hour s Day s Week s or Month s from the drop down menu For example if you enter 7 in the text box and select Day s only reports generated within the last 7 days in this report location will be kept All of the previous reports will be deleted 2 Maximum Number of Files Set the maximum number of files to display in the report interface by entering a positive integer into the text box For example if you enter 500 in the text box only 500 reports will be stored in the report location 3 Connect to DocAve Auditor Database Specify a Database Server where the DocAve Auditor database resides and a Database Name in the corresponding fields to connect to the specified 133 Compliance Guardian Installation and Administration User Guide DocAve Auditor database The DocAve Auditor information will be used with the risk analysis from Compliance Guardian to generate the Risk Report export Note Since any changes to the database server or database name may lead to loss it is strongly recomme
455. r launching the Compliance Scanner File System mode the Scope panel on the left of the screen displays all of the pre configured connections Select one or more connections The files in the connected locations will be scanned Using Plan Builder to Perform a Compliance Guardian Scanner Plan for File System Use the Plan Builder to set up a Compliance Scanner plan To use Plan Builder complete the following steps 1 After selecting the connections for the compliance scan select Plan Builder on the ribbon of Compliance Scanner page 2 From the drop down menu select Wizard Mode for step by step guidance during configuration or select Form Mode recommended for advanced users only to set up a plan quickly Refer to the section below that is applicable to your choice for information about performing a Compliance Scanner plan Performing a Compliance Scanner Plan in Wizard Mode Wizard Mode provides you with step by step guidance on how to configure a new plan To configure a plan using Wizard Mode complete the following steps Note An asterisk in the user interface indicates a mandatory field or step 1 Enter a Plan Name and an optional Description if desired Select Next The Report Settings page appears 2 Configure the report settings e Database Policy Select a database policy from the drop down list to store the result data of the Compliance Scanner job If you want to set up a new database policy select the New
456. r stream Allowed values for RiskLevel r1 are 1 10 e RiskLevel r2 The Item Additional Risk Level factor that the risk level grows at for every additional failure at the check level for the same type found in the document or stream This number is optional where the integer 1 means ignore the value allowing to use the third value If the value is 1 then the factor will be 1 Allowed values are 1 to 10 This is optional e RiskLevel r3 The Item risk in relation to other checks This Item is optional If this number is missing then it is assumed that its value is 1 Allowed values are 1 10 This is optional Select the delete button 4 to delete the SubCheck check rule Select Add Another DoRunCheck to add another rule Using CustomScan in Compliance Guardian CustomScan is used to implement a customized check method on the check level works as an extension of current check types It is used in combination with other checks to find information on a file and act on it Method Define an Interface ICustomTDF in CCE all the implementation classes need to implement the interface This interface is initially defined as public interface ICustomTDF ReportResult TrueResult get set ReportResult FalseResult get set TDFContentType ContentType get set i TestResult Scan ScanContext context ScanContent content ScanContext and ScanContent include everything a built in check nee
457. r the cluster IP address as the attribute s value RemotePort Enter the cluster IP address corresponding port ScanTimeOut Enter the timeout value for a scan This is optional The default value is 180 seconds RetryTimes Enter the value of the retrying scan times This is optional The default value is 3 times Checkinterval Enter the interval of checking scanning job This is optional The default value is 60 seconds Note The value of the RemotelP attribute and the value of the RemotePort attribute configured for each server must be same Control Service Load Balancing Refer to the following sections for details about the Compliance Guardian Control Service load balancing Installing Compliance Guardian Manager Control Service Load Balancing Environment To install the Compliance Guardian Manager Control Service Load Balancing environment complete the following steps 1 Prepare the environment a 386 Configure Windows Network Load Balancing There are two nodes in the environment which are node A and node B Node A s IP address is IP02 and node B s IP address is IP03 The public IP address is IP01 10 1 4 207 Node A s IP address IP02 is 10 1 4 203 its hostname is PerfA7 Node B s IP address IP03 is 10 1 4 204 its hostname is PerfB7 Compliance Guardian Installation and Administration User Guide 2 Install Compliance Guardian Manager Control service Control01 on node A
458. r the rule Value Enter a value you want the rule to use in the text box Select the delete 2 button to delete a rule that is no longer needed The filter rule contains two category levels Document Based on the Document property value you specified here to define the scope in which the files that are not compliant will be affected by the specified actions Classification Result Based on the tag value you specified here to define the scope in which the files that are not compliant will be moved Redaction Result Based on the result of whether the files have been redacted to define the scope where non compliant files are affected by the specified actions To add more filters repeat the previous step Note Depending on the filters you enter you can change the order of the rules by selecting the down arrow before the Rule value and then select the order of the rule from the appeared drop down list to determine the priority of the rule You can also change the logical relationships between the rules There are currently two logical relationships And and Or By default the logic is set to And To change the logical relationship select the logical relationship link The And logical relationship means that the content which meets all of the rules will be filtered and included in the result The Or logic means that the content which meets any one of the rules will be filtered and included in the result
459. r this element 336 Node Enter the node that you want to test Value Enter the corresponding node value Compliance Guardian Installation and Administration User Guide Select the delete button 4 to delete this check rule Select Add Another Attribute to add another rule LinkValidation Check Test Logic Example Refer to the following example to better understand the test logic of the LinkValidation type check The selected file 1 will be tested It contains two links one of the two links contain a character A while the other one does not Create and configure the LinkValidation check test logic 1 Create a LinkValidation type check In the Report Text step in the True Result and Message field select Passed in the True Result drop down list Configure the LinkValidation section e Select True in the drop down list under the ValidWhen attribute e Select All in the drop down list under the Truelf attribute e Select ResultNA in the drop down list under the ResultNA attribute e Select True in the drop down list under the ValidateBookmarks attribute Configure the ListLoc section e Select Invalid in the drop down list under the Type attribute e Select Warn in the drop down list under the Status attribute Configure the TextCompare section e Select MustContain in the drop down list under the CompareType attribute e Enter as the separator e Select No in the drop down list under the CaseSensitive attribute
460. r this user by adding the user to a previously configured Compliance Guardian user group or manually configure the user s permission levels Select the Add user to group s drop down menu and then select the desired user group from the drop down menu The user will have all of the permissions of the specified group o Active Directory User Group Select Active Directory User Group to utilize the user s active directory authentication credentials for this new user Configure the following settings to add an active directory user Enter the name of the user group you want to add into the AD User Group Name field and then select the check names button to verify that the username you entered is valid Alternatively you can select the browse button to search for the desired user group In the pop up window enter the value to search for in the Find text box then select the find names a button Select the desired user then select Add Select OK to add the users or select Cancel to close the window without adding the users Enter an optional description for future reference Set the permissions for this user by adding the user to a previously configured Compliance Guardian user group or manually configure the user s permission levels Select the Add user to group s option and then select the desired user group from the drop down menu The user will have all of the permissions of the specified group o Windows User Group
461. r using OBJECT Tag with type DLLName SDomNodeMSAA TagNameMatch ParamAndValueMatch MappingFlags 96 Param application x silverlight 2 TagName OBJECT StartString Silverlight application start EndString Silverlight application end ImplementationFlags 7 InteractionModeFlags 3 The user must disable the Virtual Cursor by pressing Ins Z after the page containing the Silverlight application Compliance Guardian interface has loaded 2 For the NVDA screen reader the following step must be performed in order to enable NVDA to read Silverlight The user must enable NVDA Virtual Buffer Pass through using Ins Space after the page containing the Silverlight application Compliance Guardian interface has loaded 18 F sn e e WE Compliance Guardian Installation and Administration User Guide Preparations Before the Installation Refer to the following sections for the prerequisites before installing Compliance Guardian Ports Used by Compliance Guardian Before the installation make sure the ports required for Compliance Guardian Manager and Agents can be accessed through the firewall software installed on the corresponding machines For example if the Windows Firewall is enabled on the servers which have installed Compliance Guardian you must make sure the 14100 and 14104 ports are allowed in the Inbound Rules on the corresponding servers Note If there are multiple Compliance Guardian services installed on the same serv
462. rd Compliance Guardian ET E Control Service Configuration License Agreement es Database Type Installation Location be gt Services Installation Database Server CGSP13PUB SQLIRAUL Control Service Database Name CGControlDB_CLB Installation Rule Scanning gt Control Service Configuration Database Credentials Control Database Settings Windows Authentication as CARNER 5 SQL Authentication Installation Summary Username QAROOTDC yangjian tong Installation Progress Complete Password IT Passphrase Settings Please enter the passphrase you want to use Passphrase 123 Advanced Database Settings E Failover Database Server Back Next Cancel Figure 87 Control Service Configuration 4 When installing Compliance Guardian Agents to connect to Control Service host ensure using the public IP IPO1 as Control Service Host 388 F S sn e e Compliance Guardian Installation and Administration User Guide eg Compliance Guardian Agent Installation Wizard Compliance Guardian Customer Information Communication Configuration Agent Service Settings Compliance Guardian Agent CGSP13PUB SQL Host License Agreement Installation Location eee ee Compliance Guardian Agent Port gt Communication Configuration Agent Configuration Control Service Address k Control Service Host Installation Summary d fice P Installation Progress Come aO Ror Complete S
463. rd you designate the keyword must be contained in a column value At the top of the viewing pane enter the keyword for the update you want to display You can select to Search all pages or Search current page o Manage columns Manage which columns are displayed in the list so that only the information you want to see is shown Select manage columns button then check the checkbox next to the column name to have that column shown in the list o Hide the column Hover over a column name and then select the hide the column button in the column name to hide the column o Filter the column 1 Filter which item in the list is displayed Unlike Search you can filter whichever item you want rather than search based on a keyword Hover over a column name and then select the filter the column button V of the column you want to filter then check the checkbox next to the item name to have that item shown in the list To remove all of the filters select Clear Filter To see more information about an update select the update by checking the corresponding checkbox and then select View Details on the ribbon In the pop up window you can perform the following actions o Uninstall Select Uninstall to uninstall the selected update The following options can be configured in the pop up window Note Only hotfixes and feature packs can be uninstalled Service packs and cumulative updates contain major important cha
464. rdian Installation and Administration User Guide site collection to run jobs Compliance Guardian recommends you use the site administrator who can access the site collection you specified here so you can normally use the registered SharePoint site to run jobs Note Compliance Guardian does not support to add subsites to the SharePoint sites group If you try to add a subsite to the SharePoint sites group the following two scenarios may occur o Ifthe user specified in the Site Collection User section does not have permission to the site collection where the subsite you are about to add resides a pop up window informs you the site failed to be added to the SharePoint sites group and the current user does not have sufficient permission to the specified site collection o Ifthe user specified in the Site Collection User section has permission to the site collection where the subsite you are about to add resides Compliance Guardian adds the site collection to the SharePoint sites group Select OK to save these configurations and return to the Manage Site Collection interface or select Cancel to return to the Manage Site Collection interface without saving these configurations After selecting OK Compliance Guardian will verify the connection between all of the Agents and the entered site collection If any agent cannot connect to the entered site collection a pop up window appears to inform the end users that the Agent cannot connect to th
465. recipients Select the New Notification Template link to create a new template o Creator e mail template Select this checkbox to send an alert e mail to the creator of the specified file where unsupported embedded files are found If this option is selected you must select an e mail template from the corresponding drop down list If you do not select an e mail template Compliance Guardian will use the default e mail template o Modifier e mail template Select this checkbox to send an alert e mail to the last modifier of the specified file where unsupported embedded files are found If this option is selected you must select an e mail template from the corresponding drop down list If you do not select an e mail template Compliance Guardian will use the default e mail template o User in the selected notification profile Select this checkbox to send an alert e mail to the recipients configured in the selected alert notification profile If this option is selected you must select an alert notification profile from the appeared drop down list You can also select the New Notification Profile link to create a new notification profile For more information refer to User Notification Settings Note Even though there may be more than one embedded file in one file the alert e mail will only be sent when the first unsupported embedded file is found The rest of the content in the file where the embedded file resides will be skipped
466. red is valid Alternatively you can select the browse button H to search for the desired user In the pop up window enter the value to search for in the Find text box and then select the search button amp Select the desired user and then select Add Select OK to add the users or select Cancel to close the window without adding the users o Remove User from Group To remove users from this group select the desired users by checking the corresponding checkbox then select Remove User from Group on the ribbon A confirmation pop up window will appear to confirm the remove operation Select OK to delete the selected users or select Cancel to return to the Show Users interface without deleting the users When you are finished select Cancel to add the defined users to this group and return to the Show Users interface There following groups are configured in advance e Administrators The permission scope is Global permission The users in this group have Full Control of all Compliance Guardian modules e Real Time_Classification_Scanner The permission scope is Global permission The users in this group can only access the Real Time Classification Scanner module e Scheduled_Classification_Scanner The permission scope is Global permission The users in this group can only access the Scheduled Classification Scanner module e Compliance_Report The permission scope is Global permission The users in this group c
467. redentials to access Compliance Guardian configure your Active Directories in the AD Integration interface 74 F e D e e D Compliance Guardian Installation and Administration User Guide To access your Active Directory integration configurations open the Authentication Manager interface and then select AD Integration on the ribbon In the AD Integration configuration interface you will see a list of previously configured Active Directories You can customize how these Active Directories are displayed in the following ways e Search Filter the Active Directories displayed by the keyword you designate the keyword must be contained in a column value At the top of the viewing pane enter the keyword for the Active Directory you want to display You can select to Search all pages or Search current page e Manage columns Manage which columns are displayed in the list so that only the information you want to see will be shown Select the manage columns button and then check the checkbox next to the column name to have that column shown in the list e Hide the column Hover over a column name and then select the hide the column button in the column name to hide the column e Filter the column VW Filter which item in the list is displayed Unlike Search you can filter whichever item you want rather than search based on a keyword Hover over a column name and then select the filter the column button Wf
468. rence Time Choose whether to scan contents created or modified at a specified interval If you choose to use a reference time specify the time to scan contents created or modified Enter an integer into the textbox and select Minute s Hour s or Day s from the drop down list Compliance Guardian Installation and Administration User Guide Note It is recommended specifying a reference time when the recurrence schedule configured in Range of Recurrence is End after 1 occurrence Schedule Settings Specify the frequency to run the rerunning schedule Enter an integer into the text box and select Minute s Hour s Day s Week s or Month s from the drop down list Range of Recurrence Specify when to start and end the running recurring schedule Start time Set up the time to start the plan and Time Zone can be changed under the Start time Note The start time cannot be earlier than the current time No end date Select this option to repeat running the plan until being stopped manually End after specified occurrence s Select this option to stop the plan after specified occurrences that you configure in the text box End by Set up the time to end the recurrence of plans Select OK to save the settings After configuring the schedule for this replication job select Calendar View to view the job in a calendar view e Select an agent group to so that the system will pick a fre
469. results that the transaction file records by selecting Play Help Select the Help button to view the Help information e Recorded Information Field The recorded results will be displayed in this field O O URL The webpage URLs that have been recorded Status The status code of a webpage Domain The domain of the URL Scan Select the checkboxes under this column The corresponding URL will be signed After you save the related transaction file for Compliance Guardian Website Scanner only the URLs that are signed here can be used as the Start URLs to be scanned Only the checkbox of the URL whose corresponding status code is 200 can be selected and scanned Select the close button x on the top right corner to close the Compliance Guardian Transaction Capture tool 265 Compliance Guardian Installation and Administration User Guide Exporting Action Reports and Social Reports to Event Viewer Compliance Guardian supports exporting the action reports and social reports to Windows Event Viewer Refer to the following steps to export the action report 1 Go to the machine with Compliance Guardian Agent installed and open the AvePoint Compliance Guardian Agent bin directory to find the AgentToolExportClassificationResults exe file 2 Right click on AgentToolExportClassificationResults exe and select Run as administrator to run it Program Files AvePoint Compliance Guardian Agent bin
470. rformance report Refer to the following steps a b He Expand Data Collector Sets in the left pane Right click User Defined under Data Collector Sets Select New in the appeared drop down list Then select Data Collector Set Select the Create manually Advanced radio button and enter a name in the Create new Data Collector Set window Select Next Select the Performance counter checkbox and then select Next Select Add Then add the Compliance Guardian category counters in the appeared window and select OK in the appeared window Specify the interval and units for collecting data Select Next Select a directory to store the report Select Next Select Finish The new data set is created Select the data set under User Defined and then select Start to start collecting the data Select the data set and select Stop to stop collecting data Then you can view the report Compliance Guardian Installation and Administration User Guide Using the Fingerprinting Tool The fingerprinting tool is used to compare the files and then help you to have a general view of file similarity for using the Fingerprinting type check The tool can achieve the following functions 1 Add some files as templates in a Fingerprinting type check 2 Compare a file with other files in a folder 3 Compare files in a folder and generate a matrix file reporting the similarity of these files 4 Based on the matrix report generated in functio
471. rming a Scheduled Classification Scanner Plan in Wizard Mode To configure a Scheduled Classification Scanner plan using Wizard Mode complete the following steps 1 7 From the Scope panel on the left select one or more connections You can enter a keyword into the Search box above the connections to filter out the relevant connections Select Plan Builder from the Plan Management group on the ribbon select Wizard Mode from the drop down menu or you can directly select Start with Wizard Mode on the landing page Enter a Plan Name for the plan and an optional Description Select Next on the ribbon or on the lower right section of the screen The Report Settings screen appears Select a Report Database for storing the job result Select Next on the ribbon or on the lower right section of the screen The Scan Settings screen appears Configure the following scan settings Filter Policy Select a filter policy from the drop down list or create a new policy to limit the scope of the job For more information on working with filter policies refer to Filter Policy Scan Policy Select a scan policy from the drop down list or create a new scan policy to define the scan rules for scanning content For more information on working with scan policies refer to Configuring Scan Policies Scan Hidden Files Option Select whether or not to scan the hidden files in the specified file system Alert If you want Compliance
472. rue Result or False Result is Failed in the Report Text step the value for the ListLocStatus attribute will be Fail and the value cannot be changed CaseSensitive Specify if the text being tested for must match the case exactly MustRepeat Specify the amount of times a word or phrase must be found before considering the condition to be True When configuring the check if you do not enter a value for this attribute the value for this attribute will be considered 1 in the test CompareType Select MustContain or MustEqual for this attribute MaxDistanceToPrimary Specify the number of the characters The scan engine extracts text as the scanning contents In the contents if the characters between a primary check instance instance found in the primary check and the secondary check instance instance found in the secondary check are less than the number specified here the secondary check is Found Value Specify a scanned value for the secondary check section ComplexFindText Check Test Logic Example Refer to the following example for better understanding the test logic of the ComplexFindText type check The content of the selected file A that will be tested contains the following values 508 Justice Create and configure the ComplexFindText check test logic 1 Create a FindText Type check In the Report Text step in the False Result and Message field select User Review Required in the False Result drop down
473. s Used Host The number of hosts you have used Remaining Host The number of hosts you have not used Used Domain The number of domains you have used Remaining Domain The number of domains you have not used If the License Type is Trial the following two columns appear Max Scanning Files The maximum number of files that can be scanned Remaining Scanning Files The number of the files that can still be scanned Select Details to the right of Test Suite Groups to view details about the used hosts remaining hosts used domains and remaining domains Select Close to return to the License Manager interface Compliance Guardian Installation and Administration User Guide EE o Social Network Select the Social Network tab under License Details to see the Yammer license information Source Yammer is displayed License Type The type of license purchased Number of Allowed Users The number of users who can use Yammer in one domain Expiration Time The expiration time of the license for using Yammer Status The current status of the Yammer license o Instant Message Communications Select the Instant Message Communications tab under License Details to see the Lync license information Source Instant Message Communications is displayed License Type The type of license purchased Number of Allowed Users The number of users who can use the Lync funct
474. s For example format the message to plain text or HTML text Refer to the following steps 1 After you finish the DLL file the user must open the Share config file at AvePoint Compliance Guardian Agent bin and find the following nodes lt SharedConfig gt lt config name IMailFormatter type default gt lt SharedConfig gt 2 Modify the type value to the users own class 3 Enter the assembly qualified name Install the DLL file to GAC or put it to AvePoint Compliance Guardian Agent bin Note The DLL file will be loaded to RTSv2 exe or RTSv4 exe so please be careful to avoid deleting checking adding or modifying in the DLL file these actions are not recommended Au 203 Compliance Guardian Installation and Administration User Guide Real Time Classification Scanner for Social Network The Social Network mode is used to scan content in your social network in real time Currently Compliance Guardian only supports scanning content in Yammer Launching Real Time Classification Scanner Social Network Mode On the Real Time Classification Scanner Home interface select Create on the ribbon a drop down list appears Select Social Network from the drop down list Configuring Connections to Yammer You must configure the connections before scanning content in Yammer Select Configure Connection on the ribbon The Configure Connection interface appears All of the connections are displayed in this
475. s Invalid o See the ListLoc field the result for ValidWhen is Invalid so the check status Note and the location of the node lt Input id keyword gt the location of the attribute specified in the SecondaryMatch section will not be recorded the location of the attribute that is specified in the MatchElement and meets the condition will be recorded in the database will be recorded in Compliance Guardian database users cannot see the status in the Compliance Guardian GUI In the SecondaryMatch section if you select the MatchElementValue radio button under the TextCompare section the result of this check is not determined by the check result of the MatchElement section and not determined by the check result of the SecondaryMatch section either In the MatchElement section if there are nothing temporarily recorded the SecondaryMatch section check will not start and the result of this check will be True while in the MatchElement section if there are something temporarily recorded the SecondaryMatch section check will start According to the logic in the SecondaryMatch section if there are something recorded in the SecondaryMatch check the result of this check will be False While if there are nothing recorded in the SecondaryMatch check the result of this check will be True In this use case according to the SecondaryMatch section the node lt Input id keyword gt will be recorded in Compliance Guardian database So the result o
476. s for creating a Compliance Guardian Website Scanner plan In the What do you want to scan field e Start From Enter a URL Compliance Guardian will scan the objects from this URL Optionally you can select to use the Compliance Guardian Transaction Capture tool to save a transaction file and select the Use Compliance Guardian Transaction Capture Export the following transaction file for the scan radio button in this interface to import a transaction file then the recorded URLs in the transaction file will be the start URLs For more information on the Compliance Guardian Transaction Capture tool refer to Using Compliance Guardian Transaction Capture 162 ae e Compliance Guardian Installation and Administration User Guide Maximum Depth It s used to specify the depth level needed to crawl For example If you enter 1 Compliance Guardian will only crawl the start URL specified and scan the objects in the URL If you enter 3 Compliance Guardian will crawl the start URL specified the linked pages on the start URL page and the linked pages from the pages one level deeper If you want to scan all the pages of an entire website you can enter 0 Maximum Pages Specify the maximum pages allowed to crawl in a single job 1 means unlimited If you enter 100 Compliance Guardian will stop the job after it scans 100 pages in the website Filter Policy Specify a defined filter policy to limit the scope of the scan job
477. s for this type of check as well as a test example for you to understand the test logic Configuring Attributes for FileProperty Type Check Configure the attributes for the FileProperty type check according to the instructions in the following sections FileProperty Configure the following attributes under this element e Truelf There are two values for this attribute All and One If One is selected the scan will stop when one instance is found to save scan time If All is selected the scan will only stop when all instances are found e ValidWhen This is used to indicate if the result is valid when the condition is one of two values True or False ListLoc Configure the following attributes under this element e Type There are two values for this attribute Valid and Invalid All elements that are considered valid or invalid are stored to the database the Location e Status This is used to indicate the disposition of the element and the severity selected by the user Note that in the Report Text step if the status set for True Result or False Result is Failed the value for the Status attribute will be Fail and the value cannot be changed Size Configure the following attributes under this element e MaxValue Specify a value as the maximum size select a unit in the drop down list 338 F e D e e Compliance Guardian Installation and Administration User Guide Type Configure the following attri
478. s is Passed which will be displayed in the Compliance Guardian report e We set Yes for the ListLocation attribute but no result that meets the condition in the check was found No location will be recorded in the Compliance Guardian database ComplexRegEx Type Check The ComplexRegEx type check offers a more complex way to detect if two strings of text are coexisting in one document The functionality of the ComplexRegEx type check is similar to the RegularExpression type check The following section provides a general introduction about configuring attributes for this type of check as well as a test example to better understand the test logic Configuring Attributes for ComplexRegEx Type Check Configure the attributes for the ComplexRegEx type check according to the instructions in the following sections ComplexRegex Configure the following attribute in this section e IsFindText Specify whether or not to extract the text as the scanning content If Yes is selected in the drop down list under this attribute the scan engine will extract the text as the scanning content if No is selected in the drop down list under this attribute the scan engine will use the source code as the scanning content Primary Check Configure the following attributes in this section e SearchAll Specify whether or not to check the comments and scripts e CaseSensitive Specify if the text being tested for must match the case exactly e
479. s used to connect to the website To configure authentication profiles in the Control Panel interface select Authentication Profile under the Website Scanner Settings heading Select Close on the ribbon to close the Authentication Profile interface Managing Authentication Profile In the Authentication Profile interface you will see a list of previously configured Authentication profiles In the Authentication Profile interface you can create a new authentication profile view details about an authentication profile edit a previously configured authentication profile or delete a previously configured authentication profile For more information about creating or editing an authentication profile refer to Creating and Editing Authentication Profile Select Edit on the ribbon to change the configurations for the selected authentication profile For more information about editing configurations for the authentication profile refer to Creating and Editing Authentication Profile To view an Authentication profile select it from the list of previously configured profiles and then select View Details on the ribbon To delete an authentication profile select it from the list of previously configured profiles and then select Delete on the ribbon A confirmation window will pop up and ask if you are sure you want to proceed with the deletion Select OK to delete the selected authentication profile or select Cancel to return without deleting it
480. scretion E 93 Compliance Guardian Installation and Administration User Guide rer o Please notify me of the new updates but do nothing to the updates Compliance Guardian will notify the configured users of available updates but will not download the updates automatically Note The maintenance license must already have been applied in order to select this option Select an e mail notification profile you previously configured from the drop down list or select New E mail Notification to set up a new e mail notification For more information about how to configure the notification refer to User Notification Settings o Turn off automatic updates The automatic updates function will be turned off and you will not be notified about the Compliance Guardian updates e Proxy Configure the settings of the proxy server you want to use to download Compliance Guardian updates Enter the proxy port to use when updating Compliance Guardian Control Service in the Update Port text box The default port is 14007 Select the proxy protocol you want to use from the Proxy Type drop down menu o No Proxy default No proxy server will be used o HTTP Proxy Select this to use the HTTP proxy then configure the following settings Proxy host Host name or IP address of the proxy server Proxy port Port used to access the proxy server Username Username to log on the proxy server Password Pass
481. section select the checkbox before the element this section is optional ContentReq Specify whether the specified element must contain content If Yes is selected then the element must contain content or the check for this section will be False The following elements with specific attributes are within the optional ElementContent section Length This section is optional Select the checkbox before this element the following attributes appear o CompareType Specify a compare type for this length compare The attributes for CompareType are GreaterThan LessThan GreaterOrEqualThan LessOrEqualThan Equal and NotEqual o Characters Specify the number of the characters used for the compare Select the delete button 4 to delete this check rule Select Add Another Length to add another rule Compliance Guardian Installation and Administration User Guide e TextCompare This section is optional Select the checkbox before this element the following attributes appear o CompareType Specify a compare type The attributes for CompareType are MustContain MustNotContain MustEqual and MustNotEqual o Separator Specify a separator if multiple values are specified o CaseSensitive Specify if the content being tested for must match the case exactly o Value Define one or more values for the test use the separator specified before to separate the values Select the delete button 4 to dele
482. select OK e Role Assign a role to the corresponding check o MaxRow After scanned by the check that is assigned to the MaxRow role the failed files will be reported in the Compliance Guardian File Errors Report the error type of the failed file is Maximum Row Exception o DataTable After scanned by the check that is assigned to the DataTable role the locations of the instances that are recorded will be reported in the Compliance Guardian Data Table Report o Cookie The check that is assigned this role can be used for the Cookie check Select the delete button 4 to delete the DoRunCheck check rule Select Add Another DoRunCheck to add another rule 354 F e D e e Compliance Guardian Installation and Administration User Guide Test Suite for Classification and Tagging File Body Configuration Configure the following attributes for the test suite for classification and tagging file RiskFormula If you have selected False as the value of the NoRisk attribute you must configure the RiskFormula field or this field will be grayed out Select a Raw Risk Formula Stepped Risk Formula and a Weighted Risk Formula in the corresponding drop down list You can create a new Risk Formula by selecting New Formula in the drop down list A pop up window will appear if you select New Formula In the pop up window enter the name and the optional description for the Risk formula define your own formula and select OK The new
483. selected in the drop down list under ValidWhen but the check result of this check is False so the result for the ValidWhen attribute is Invalid 298 S e ae e Compliance Guardian Installation and Administration User Guide e See the ListLoc section The result for ValidWhen is Invalid so the check status will be Warn and this check status will be recorded in the Compliance Guardian database users cannot see the status in the Compliance Guardian GUI EnhancedElement Type Check The EnhancedElement type check is used to validate two kinds of elements in one check during the scanning progress The functionality of the EnhancedElement type check is similar to the Element type check The following section provides a general introduction about configuring attributes for this type of check as well as a test example for you to understand the test logic Configuring Attributes for EnhancedElement Type Check Configure the attributes for the EnhancedElement type check according to the instructions in the following sections EnhancedElement There are the five attributes under this element For the details about the five attributes refer to the Configuring Attributes for Element Type section ListLoc There are the two attributes under this element For the details about the two attributes refer to the Configuring Attributes for Element Type section ElementRepeat This section is optional For the details about the attributes under this el
484. sing the Add Relying Party Trust Wizard e Option 1 Select the link to import relying party data that is published online from the local network Federation metadata address e Option 2 Select the link to download the Federation metadata XML file then upload the downloaded file to the ADFS server Follow the wizard to configure other settings e Option 3 Enter the relying party data and the relying party identifier manually in the ADFS configuration wizard hast 77 Compliance Guardian Installation and Administration User Guide E In this step you can also choose to export the current ADFS configuration information to a specified location by selecting Export on the ribbon then explore to the location you want to save the XML file to Select Finish to save your configurations and return to the Authentication Manager interface or select Cancel to return to the Authentication Manager interface without saving any of the configurations made Once you have configured an ADFS integration for Compliance Guardian the Add Federation Trust option will become available Add Federation Trust allows you to integrate another trusted ADFS with the ADFS you have already configured for Compliance Guardian To add integration with another trusted ADFS open the Authentication Manager interface select ADFS Integration on the ribbon and then select Add Federation Trust from the drop down menu In the Add Federation Trust interface enter
485. sion Level P Authentication AM Manager Close X Job Monitor J Close X Classification Scanner Page The following table provides a list of hot keys for the Scheduled Classification Scanner and Real Time Classification Scanner in Classification Scanner module S ae f 281 Compliance Guardian Installation and Administration User Guide Functionality Name and Hot Key Compliance Guardian 1 Report 2 Administration 3 Scheduled Classification Scanner P Real Time Classification Scanner H Scheduled Classification Scanner Page The following table provides a list of hot keys for the functionalities on the ribbon of the Scheduled Classification Scanner page Functionality Name and Hot Key Scheduled P Creat C SharePoin S SharePoin S Classification e t t Tab Scanner Plan C M Back B Builder Wizard Next N Mode Finish R Finish and O Run Now Cancel C Form L Save R Mode Save and O Run Now Cancel C Scan S Create C Policy View Details V Edit E Delete D Export W Close X 282 Compliance Guardian Installation and Administration User Guide Functionality Name and Hot Key Filter F Create N Policy View Details V Edit E Delete D Close X Action A Create C Policy View Details V Edit E D
486. sions of the specified group o ADFS Claim Select ADFS Claim to utilize the user s ADFS authentication credentials for this new user Configure the following settings to add an ADFS user Select a Claim name from the drop down menu Claims are configured in Authentication Manager Enter the username in the Claim value text box The value entered in the Claim value text box will be displayed as the logon name for the user in Compliance Guardian Set the permissions for this user by adding the user to a previously configured Compliance Guardian user group or manually configure the user s permission levels Select the Add user to group s option and then select the desired user group from the drop down menu The user then has all of the permissions of the specified group o Client Certificate User Before adding Client Certificate user to Compliance Guardian Manager make sure the Client Certificate Authentication has been enabled in Authentication Manager Select Client Certificate User in the User Type section to utilize the user s Client Certificate authentication credentials for this new user Configure the following settings to add a Windows user User Information Enter the username of the user group you want to add into the Windows User Group Name field and then select the check names button to verify that the username you entered is valid The users groups in the same domain as the Compliance Guardian Control
487. sitive attribute o Select TrueResult in the drop down list under the ResultNA attribute o Specify src for the AttrName attribute o Select No in the drop down list under the AttrCaseSensitive attribute o Select Yes in the drop down list under the ValidWhen attribute e Inthe Elements section o Select One in the drop down list under the Scope attribute e Inthe ListLoc section o Select Invalid in the drop down list under the Type attribute o Select Warn in the drop down list under the Status attribute e PR 333 Compliance Guardian Installation and Administration User Guide e Inthe DomainExclude section o Enter http www hello com in the Value field under the DomainExclude attribute 3 Save the check 4 Run a Compliance Scanner job The test suite used in this job contains the check configured above Review the check test logic e According to the logic set in the WebBeacons section the node lt img src http www hello com img img01 jpeg gt meets the condition e The domain of this webpage is simer com while the domain of the link in the node lt img src http www hello com img img01 jpeg gt is hello com but according to the value we specified for the DomainExclude attribute the domain hello com will not be checked So the result of this check is True e According to the logic set for the ValidWhen attribute as well as the logic set in the ListLoc section the location of this node will not be re
488. space refer to the Remarks section in http msdn microsoft com en us library bb510627 aspx o The captured columns must include a complete unique index list or include the primary key columns o You must adjust the schedule of Change Data Capture cleanup job and adjust the Compliance Guardian incremental job schedule For details about the Change Data Capture cleanup job schedule refer to http technet microsoft com en us library cc645885 28v sql 105 29 aspx o If you have enabled multiple Change Data Capture instances only two Change Data Capture instances can be enabled on one table at most on a table Compliance Guardian first selects the Change Data Capture instance that contains the columns of the unique index whose size is the smallest to scan content if both of the Change Data Capture instances contain the columns of the unique index the instance that captured more columns will be used SQL Server 2005 does not support Change Data Capture The incremental scan job will fail if Compliance Guardian scans SQL Server 2005 database Compliance Guardian Installation and Administration User Guide Appendix K Customizing the Interval of Retrieving Social Report Data Compliance Guardian retrieves social report data from the report database and updates the social report every hour You can customize the interval by modifying the related configuration file Complete the following steps to modify the interval 1 2 Go
489. specified Value Define a regular expression If the scanned result that matches the specified regular expression also matches the regular expression specified here this result will be filtered out Select Add Another Regex to add another Text filter check rule Select the delete button 4 to delete this Regex filter check rule e Value Specify a regular expression for the secondary check section The value that matches the regular expression will be scanned Compliance Guardian Installation and Administration User Guide Secondary Check Configure the following attributes in this section e SearchAll Specify whether or not to check the comments and scripts e CaseSensitive Specify if the text being tested for must match the case exactly e Truelf Specify the condition when the check result is True If Found is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be True If NotFound is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be False e ListLocation Specify whether or not to record the instance s location in the Compliance Guardian database If Yes is selected in the drop down list under the ListLocation attribute then every location of the instance found will be recorded in the Compliance Guardian database If No is selected in the drop down list under the
490. splay the corresponding social report e Agent Group Select the agent group that will perform the Scheduled Classification Scanner job e Event Receiver Select if you want to enable event receiver Then select an agent If you enable event receiver here you can register event receiver to Yammer server to achieve the Real Time Classification Scan 3 Select OK to save the settings or select Cancel to exit the interface without saving any changes Using Real Time Classification Scanner Rules in Social Network Mode Refer to the following section for using Real Time Classification Scanner rules to scan content in Yammer Creating Real Time Classification Scanner Rules To create a Real Time Classification Scanner rule complete the following steps 1 Select a connection in the Scope pane 2 Select Create Rule from the Rule Management group on the ribbon 3 Configure the following rule settings e Rule Name Enter a Rule Name and an optional Description hase 205 Compliance Guardian Installation and Administration User Guide e Apply To Select to use Web part or receiver to achieve the Real Time Classification Scan 0 Web part You must first add the AvePoint Yammer Connector Web Part to SharePoint each time a user posts messages through this Web part Compliance Guardian will synchronously capture and scan and then execute a specific actions For more information about the Yammer Connector Web
491. sponding checkbox then select Edit Group on the ribbon or select the name of the desired group You will be brought to the Edit Group interface Here you can change the description for this group as well as the permission scope and permission levels Note If you have a group with Full Control permission configured in Compliance Guardian after upgrading to Compliance Guardian this group will maintain the Full Control permission but this will not show up on the interface by default When you edit this group and change the permission it will pop up a warning message that the Full Control permission of this group will be replaced by the newly granted permissions You can select OK to continue the action and save the change or select Cancel to cancel the operation In Compliance Guardian only users of Administrators group have Full Control permission When you have finished making changes to the configurations for this group select OK to save and return to the Account Manager interface or select Cancel to return to the Account Manager interface without saving any changes e Show Users To view and manage the users in a group select the group by checking the corresponding checkbox then select Show Users on the ribbon You will be brought to the Show Users interface Here you will see a list of all of the users that belong to this group You can customize how these users are displayed in the following ways o Search Filter the users displa
492. ss or ID Enter the login username class or ID Username Enter the login username Password Class or ID Enter the login password class or ID Password Enter the login password Login Button Class or ID Enter the login button class or ID Select Save to save the configurations and return to the Authentication Profile interface At any time select Cancel to return to the Authentication Profile interface without saving any changes Configuring User Agent Profile A user agent profile is used for the backend web server when scanning the website To configure user agent profiles in the Control Panel interface select User Agent Profile under the Website Scanner Settings heading Select Close on the ribbon to close the User Agent Profile interface Managing User Agent Profile In the User Agent Profile interface you will see a list of previously configured User Agent profiles In the User Agent Profile interface you can create a new user agent profile view details about a user agent profile edit a previously configured user agent profile or delete a previously configured user agent profile For more information about creating or editing a user agent profile refer to Creating and Editing User Agent Profile Select Edit on the ribbon to change the configurations for the selected user agent profile For more information about editing configurations for the user agent profile refer to Creating and Editing User Ag
493. ssion cookie will be tested Create and configure the Cookie check test logic 1 Create a Cookie type check In the Report Text step in the True Result and Message field select Passed in the True Result drop down list 2 Configure the elements in the check e Select True in the drop down list under the ThirdParty attribute e Select True in the drop down list under the PrivacyLinkReq attribute e Select TrueResult in the drop down list under the ResultNA attribute e Select 1 in the drop down list under the CType attribute e Enter privacy htm in the PrivacyLink field 3 Save the check 4 Run a Compliance Scanner job The test suite used in this job contains the check configured above Review the Cookie check test logic e Ifthe cookie is from a third party the check result for this attribute will be True e Since we have selected True in the drop down list under the PrivacyLinkReq attribute and specified privacy htm in the PrivacyLink field so if the privacy link of the cookie contains privacy htm the check result for this attribute will be True e In this use case if the check result for the ThirdParty attribute is True and the check result for the PrivacyLinkReq attribute is True the check result of this check will be True e ME 329 Compliance Guardian Installation and Administration User Guide SSL Type Check The SSL type check is used to validate HTTPS protocol encryption levels The following section pro
494. ssion will be scanned ComplexRegEx Check Test Logic Example Refer to the following example to better understand the test logic of the ComplexRegEx type check The file A that will be tested contains a word Server Side and contains the Canadian Social Insurance Number 046 454 286 Create and configure the ComplexRegEx check test logic 1 Create a ComplexRegEx Type check In the Report Text step in the False Result and Message field select User Review Required in the False Result drop down list 2 Configure the elements in the check e Select Yes for the IsFindText attribute e Inthe Primary section o Select No in the drop down list under the SearchAll attribute o Select No in the drop down list under the CaseSensitive attribute o Select Found in the drop down list under the Truelf attribute o Select No in the drop down list under the ListLocation attribute o Select FalseResult in the drop down list under the ResultNA attribute o Enter 1 for the MustRepeat attribute o Enter the regular expression b a zA Z a zA Z b in the Value field A word that contains a hyphen can match the regular expression 322 F Se e Compliance Guardian Installation and Administration User Guide e Inthe Secondary section o Select No in the drop down list under the SearchAll attribute o Select No in the drop down list under the CaseSensitive attribute o Select Found in the drop down list under the Truelf attribute o Select No in th
495. ssphrase you entered to protect Compliance Guardian Manager data e SSL Certification Select the method for encrypting information and providing authentication for Compliance Guardian o Built in Certificate Uses the certificate provided by Compliance Guardian No additional configuration is necessary o User defined Certificate Enabling this option allows you to select a certificate from your local machine It will use the Certificate Authentication server of the current machine to check whether the certificate is revoked After the certificates are filtered only the certificates that are not revoked will be displayed Select Next 9 Set up the App Configuration e Configure the App Account settings o App Catalog Site Enter the catalog site URL used to store the app in SharePoint Online o Username Enter the username that is used to log into Office 365 o Password Enter the password e Configure the App Address settings Log into the SharePoint Online site page SharePoint Online site URL _layouts 15 AppRegnew aspx and then copy the Client ID Client Secret App Title App Domain Redirect URL information and then paste to the corresponding field of this App Settings information field to build trust Select Next 10 Set up the website configuration hast 59 Compliance Guardian Installation and Administration User Guide EE e IIS Website Settings Configure the IIS website settings for
496. stContain is selected for this attribute then the content only needs to contain the value in order to be found For example if the tested file contains the word Front end and we select MustEqual for the CompareType attribute with the value specified as end then the word Front end will not be found but if we select MustContain for the CompareType attribute the word Front end will be found In this type of check if the result of the primary check is True the secondary check can start for this check If the result of the primary check is False the secondary check will not start for this check and the result of this check will be determined by the primary check For the ResultNA attribute if TrueResult is set as the value of this attribute the result of this check will be True If FalseResult is set as the value of this attribute the result of this check will be False If NAResult is set as the value of this attribute the 315 Compliance Guardian Installation and Administration User Guide status of the tested file will be Not Applicable and Not Applicable will be displayed in the Compliance Guardian report According to the MaxDistanceToPrimary attribute if the secondary check starts in the extracted file content O If the characters between the instance found in the primary check and the instance found in the secondary check are less than the number of characters specified in the MaxDistanceToPrimary attribute the result of
497. sted file will be Not Applicable which will be displayed in the Compliance Guardian report This is basically stating that you have the option to set the result to Not Applicable if none of the elements are found e Expires Instruct the testing core to check when the cookie expires in N seconds e cPIITDF Instruct the testing core to use the specified check to identify PII in the webpage e CType Identify the cookie type to test for allowed values 1 2 3 o 1 Single session This tier encompasses any use of single session Web measurement and customization technologies 328 e D e e Compliance Guardian Installation and Administration User Guide o 2 Multi session without PII This tier encompasses any use of multi session Web measurement and customization technologies when no PII is collected including when the agency is unable to identify an individual as a result of its use of those technologies o 3 Multi session with PII This tier encompasses any use of multi session Web measurement and customization technologies when PII is collected including when the agency is able to identify an individual as a result of its use of those technologies e PrivacyLink Enter a value in this field if the privacy link in the file contains the value this check will be True Cookie Check Test Logic Example Refer to the following example for better understanding the test logic of the Cookie type check A user s se
498. stration User Guide Note The latest version of a check cannot be deleted Report Configuration Report Configuration allows you to configure the report settings To access Report Configuration settings for Compliance Guardian in the Control Panel interface select Report Configuration under the Common Settings heading Select Close on the ribbon to close the Report Configuration interface Managing Report Settings In Report Configuration you can specify a default report location specify the maximum number of files to display in the report interface connect to DocAve Auditor Database configure the authentication and advanced settings For more information about configuring the report settings refer to Configuring Report Settings Configuring Report Settings In the Report Configuration interface configure the following settings 1 Default Report Location Specify a Report Location as the default location for storing reports and then configure the pruning rule The following options can be configured No Pruning Select this option to choose not to prune the reports in the report location Depending on the report location you are configuring pruning rule for you will be presented with different options O Keep the last__ report s Select this option to keep only the desired number of most recent reports in this report location Set the number of reports to keep by entering a positive integer into the text box Fo
499. t Alignment Tab as Header amp Footer Insert Navigation Options Position Close Scan Engine Test File Figure 64 Screenshot of the sample Microsoft Word document 2 Basing this sample document settings the scan result status for this word document should be Fail the GetStatus value in the screenshot Furthermore when drilling down to the details the status in the TestResultList for the TDF 508 office a 1 xml is Fail and the status for TDF 508 office j xml is Pass object result engine Scan xml url testingFile metadata DocAve ContentCompliance Engine Errorinfo d Figure 65 Scanned result 1 object result engine Scan xml url testingFile metadata DocAve ContentCompliance Engine Errorinfo Fail false he Fanaa oP GetStatus FP ISAIINT TDFResult2 Count 1 e Engine TestResult oF ResultList F Status Figure 66 Scanned result 2 Af d F syal Compliance Guardian Installation and Administration User Guide object result engine Scan xml url testingFile metadata ER result DocAve ContentCompliance Engine TestResultCollection F ErrorMessage DocAve ContentCompliance Engine Errorinfo F GetStatus Fail oF IsAINT false F RiskScore 3 f TestResultList Count 2 E 0 DocAve ContentCompliance Engine TestResult E i DocAve ContentCompliance Engine TestResult E F DatabaseField amp TDFResult3 F ResultList Count
500. t Server 2013 RTM Microsoft SharePoint Foundation 2013 RTM hast f 25 Compliance Guardian Installation and Administration User Guide E Required Permissions for Scanning Lync Content In order to scan the Lync content the agent account must meet the following permission requirements e Local System Permissions o Compliance Guardian users must have Read permission to the Registry HKEY_LOCAL_MACHINE SOFTWARE Microsoft Real Time Communications A593FD00 64F1 4288 A6F4 E699ED9DCA35 e PowerShell Permission o The agent account must be member of Domain Users and RTCUniversalServerAdmins The PowerShell cmdlet Get CsSite Get CsPool Get CsManagementStoreReplicationStatus requires the permission of RTCUniversalServerAdmins e Database Permission o Database role of db_owner for all databases that are related with Lync including LcsLog and LcsCDR o Compliance Guardian archiving database db_owner for existing database and db_creator for new database o Compliance Guardian report database db_owner for existing database and db_creator for new database e Lync File Share Folder Permission o Atleast Read permission to the Files Stores that are defined in the topology to store attachments e Domain Permission o Member of the Domain Users group under Default Group Policy Required Permissions for Scanning Oracle Database In order to scan an Oracle database the user who creates the connection with the database must me
501. t Settings page appears Af d F 153 Compliance Guardian Installation and Administration User Guide 2 Configure the report settings Database Policy Select a database policy from the drop down list to store the result data of the Compliance Scanner job If you want to set up a new database policy select the New Database Policy link in the drop down list Refer to Configuring Database Policy for more information Report Group Select a Compliance Guardian group from the drop down list Once a group is specified as the Report Group all of the users in the specified group will be able to view and download the reports in the Compliance Report module Multiple groups can be specified here choose Select All to select all of the listed groups Select Next The Scan Settings page appears 3 Configure the scan settings 154 Scan Policy Select a scan policy from the drop down list and it will be used to scan the contents in the specified scope Only one scan policy can be selected here Content Option Specify the contents that will be scanned within the specified scope o Include user content This checkbox is selected by default and only the documents and items that are created by the end users will be scanned in the specified scope o Include system content Select this checkbox to also scan the system built in contents in the specified scope Scan File Item Versions Specify the method of scanning
502. t https ccga sharepoint com sites ttzhang h emily find Emily Alert only 2014 11 03 15 58 59 SharePoint https ccqa sharepoint com sites ttzhang S emily find emily encrypt 2014 11 03 13 47 27 m 0 of 11 selected Show rows 15 Goto bh of 1 Figure 23 Real Time Classification Scanner home page Configuring Actions on the Ribbon The ribbon provides the following configuration options e Edit Select Edit on the ribbon to make changes to the rule of the selected node You will be brought to the Edit page where you can change the rule settings for the node Select Apply on the ribbon to save the changes and apply the rule Select Cancel on the ribbon to return to the home page without saving any of your changes e Delete Select Delete on the ribbon to delete the rules of the selected nodes Selecting Mode Select Create on the ribbon A drop down list appears Select the corresponding mode from the drop down list SharePoint or Yammer Then you can enter the corresponding mode and configure settings to scan objects in SharePoint or Yammer e Af d P 197 Compliance Guardian Installation and Administration User Guide Managing Nodes The Real Time Classification Scanner home page displays the nodes that have applied Real Time Classification Scanner rules but the node that has an inherited rule is not displayed in this field This field also displays the Scan Policy Action Policy and Filter Policy that are selected in t
503. t the desired agent in the Agents in Group column by checking the corresponding checkbox then select Remove When you are finished select OK to save these configurations and return to the Agent Groups interface or select Cancel to return to the Agent Groups interface without saving this new Agent Group e View Details Select an Agent Group by checking the corresponding checkbox then select View Details on the ribbon to view detailed information about the Agent Group In the View Details interface select Edit on the ribbon to make changes to the configurations of this Agent Group Follow the instructions in the next bullet point to edit Agent Groups e Edit Select an Agent Group by checking the corresponding checkbox then select Edit on the ribbon to make changes to the configurations In the Edit Agent Group interface enter a new name for the Agent Group and then enter a description for future reference Select the desired agent by checking the corresponding checkbox and then select Add to add the agent to the Agent Group To remove an agent from the Agent Group select the desired agent in the Agents in Group column by checking the corresponding checkbox then select Remove When you are finished select Save to save all changes made to the configurations of this Agent Group select Save As to save the new configurations as a new Agent Group or select Cancel to return to the Agent Groups interface without saving any changes e Del
504. tCompliance bin Debug CCR SP2010RiskAnalyzer EXE Start exporting report Exporting report completed Figure 41 The CCR RiskReportTool exe file interface Information Included in the Exported Excel File The generated risk report excel contains the BasicInformation sheet that displays the basic information of the risk files Each risk file has its own sheet for displaying the file s risk information The number of the files whose risk information will be displayed in the report is based on the value of fileShowCount attribute that you specify in the CCR RiskReportTool exe config file You can view the following information in the exported report e Basic information sheet o The risk scores the risk scores calculated by the Raw type risk formula the risk scores calculated by the Stepped type risk formula and the risk scores calculated by the Weighted type risk formula of each site collection in the job A bar chart is displayed to help you view the information intuitively o The information of risk files that violated the regulations check in the job A pie chart is displayed to help you view the information intuitively o The detailed information of the risk files in each site collection including the risk scores the number of the Passed files Failed files User Review Required files Not Applicable files Not Tested files and Error files and the percentage of the failed files A bar chart is displayed for each site collec
505. tabase c ccccccccccsssssssssecececesseseeeseceescessesesaeeeeeesssesessaeess 27 Overview of Compliance Guardian Manager and Agent Services ssssssssssssssssenrrssssesrrernnssssesereernssso 28 Installing Compliance Guardian 29 Compliance Guardian Manager 29 Installing Compliance Guardian Manager 29 Compliance Guardian Agent 32 Installing Compliance Guardian Agent 32 Accessing the Compliance Guardian GU 36 internet Explorer ZEECHNEN 36 Logging In to Compliance Guardian 39 How to Use Your Keyboard in Compliance Guardian ccccccccsssssssscecececsesessneeeeeescessessaeeeeeeseesseseaeees 39 Compliance Guardian Manager and Agent Maintenance ccccccccccsssscecececesssssaeeeeeeesessesseaeeeseeeseeseas 40 Update Compliance Guardian E 41 E Compliance Guardian Installation and Administration User Guide Compliance Guardian Report Database Upgrade Tool 41 Usine CST e ee tee ee EE ee 42 Uninstalling Compliance Guardian 44 Uninstalling Compliance Guardian Manager 44 Uninstalling Compliance Guardian Agent 45 Resolve Issues Occurred During the Compliance Guardian Installatton 45 Unattended Installation Compliance Guardian Manager 46 Generating the Installation Answer File for Compliance Guardian Manager 46 Import the Unattended nstallation dll File 49 Commands and Command Parameters for Compliance Guardian Manager Unattended Installation 49 Installation COMMANG ME 49 Unattended Installation C
506. te To activate the Inactive user select the user by checking the corresponding checkbox then select Activate on the ribbon Note If a user fails to provide the correct credentials when attempting to log into Compliance Guardian they will receive the following alert Sorry the login ID or password is incorrect If the user receives this alert more times than the number of Failed Login Attempts the user s account will become Inactive e Deactivate To deactivate the Active user select the user by checking the corresponding checkbox then select Deactivate on the ribbon C Compliance Guardian Installation and Administration User Guide My Settings In Compliance Guardian some users do not have the permission to navigate to the Account Manager My Settings allows the user to edit his her own account information When you log into Compliance Guardian GUI the currently logged on user will be displayed at the top right corner of the Compliance Guardian interface Select the current username and a drop down list will appear Select My Settings and enter the My Settings interface where you can view detailed information of the current logged on user and the Compliance Guardian groups it belongs to Select Edit on the ribbon and you can configure the settings For more information about how to configure the settings refer to Managing Users In addition refer to the following steps 1 In the Password field if one user does not have
507. te cas cadeceasedteaceyeeasaegacteceveuvasscegactoceaceeiens eee 74 Configuring Windows Autbentication 74 Configuring AD Integration BEE 74 Configuring ADFS Integration c ccccccccccsssssssecececessesecsesecesecesceseuaeseeeeecesseseaaeseeeeecesseseaseseeseesessessaaeess 76 Configuring Client Certificate Autbentication 78 ACCOUNT Manage EE 79 Managing Permission Levels cccsessccccececessesnaecececeeseseeaeaeeeeecesseseaaeaeeeesseesesauaesesecesesseseaaeeeesesseeeees 79 Managing Heer geesde ee EEN ged E 80 ENTSTAN ER My Settlpge eebe SENNENG EE ENEE REEL SEENEN EE REENEN studies ER Be le HENNEN 88 Viewing License Information 88 Importing and Exporting the License Pie 90 Configuring License Renewal Notitfications 91 Configuring Server USE GOs vcs sisezces eegend DEET AED DEENEN Deeg 92 Update EE TE EE 92 Configuring Update Settings c ccccccccssssssssecececeeseseaeseceeecesseaaeseeeeecesseseaeeseeeeesesseseaseeeeseseessesenaeess 93 CHECKING tor Update E 94 Managing Dee 95 Reviewing the Installation History Of Updates cc cccssssecececessesseeeeeeeecesseseeaeeeeeesesesesssaeeeeeeseeeeees 96 BONE GhOUPS is coei ses cscs EA seed ccs EESE AEE EA EEE ERE EREE AERE E ATA EAEE AE EEN AET EE E 97 Managing Agent Groups ENEE AEN RAN RaKa Codadeacaodaceweeceence 97 User Notification Settihg Sencie easa a a a EE E E E EE 98 Configuring Send E Mail SettingS cccsssscccceceesesssnesecececesseseeaeeec
508. te this check rule Select Add Another TextCompare to add another rule ChildElement If you want to configure the ChildElement section select the checkbox before the element this section is optional e Name Specify the name of the child element that will be tested e CaseSensitive Specify if the element name being tested for must match the case exactly e MustExist Specify whether or not the child element must exist If True is selected then the test will fail if there is No child element The following elements with specific attributes are within the optional ChildElement section e ElementRepeat This section is optional Select the checkbox before this element the following attributes appear o Alert Specify whether to check for repeating elements o Value Specify the maximum times the element can repeat before the check is determined False e Attributes This section is optional Select the checkbox before this element the following attributes appear o Name Specify the attribute name that will be tested o CaseSensitive Specify if the attribute name being tested for must match the case exactly o AllowNull Specify whether the attribute that has no value will be tested o MustExist Specify whether or not the attribute has to exist If True is selected then the test will fail if the specified attribute does not exist e ME 295 Compliance Guardian Installation and Administra
509. te will be considered 1 in the test e CustomCheck Enter a CustomCheck name for this attribute The CustomCheck is used to calculate the check digit on the result of the regular expressions in order to validate the result For more information about CustomCheck refer to Using CustomScan in Compliance Guardian This is optional e ResultNA If the primary check in this check is not fulfilled the scan status will be the value you selected for the ResultNA attribute e Filter This field is optional Select the checkbox before Filter the Text section and the Regex section appear o Text Select the checkbox before Text and configure the following attributes CaseSensitive Specify if the element being tested for must match the case exactly Separator Specify a separator if multiple values are specified Value Define one or more values for the test and use the separator specified before to separate the values If the scanned result that matches the specified regular expression exactly matches the value specified here this result will be filtered out Select Add Another Text to add another Text filter check rule Select the delete button 4 to delete this check rule o Regex Select the checkbox before Text and configure the following attributes CaseSensitive Specify if the element being tested for must match the case exactly Separator Specify a separator if multiple values are
510. ted e Process Model NET Environment and Configuration APIs are installed World Wide Web World Wide Web Publishing Service is started Publishing Service 20 F e D e e sl Compliance Guardian Installation and Administration User Guide Rules Requirements Web Server IIS Role The following Windows features are installed e Web Server e Common HTTP Features Static Content Default Document e Application Development ASP NET NET Extensibility ISAPI Extensions and ISAPI Filters e Management Tools IIS Management Console IIS 6 Management Compatibility and IIS 6 Metabase Compatibility Operating System Edition Windows Server 2003 Windows Server 2003 R2 Total Physical Memory Required 512MB or above Recommended 2GB Available Disk Space Required 1GB or above Net Framework Version NET Framework 3 5 SP1 or above excluding NET Framework 4 0 Net Tcp Port Sharing Service Net Tcp Port Sharing Service is started World Wide Web World Wide Web Publishing Service is started Publishing Service ASP NET ASP Net 2 0 50727 or above Application Server e Network COM access is enabled e Internet Information Services IIS is started including the following installed features Common Files IIS Manager and World Wide Web Service IIS Service IIS Admin Service is started IIS version must be 6 0 or above HTTP SSL HTTP SSL Service is start
511. ted users or groups The results are displayed in the left pane of the Add Users window Select the user checkboxes and then select the Add button the users are added into the left table Select the Remove to cancel adding the users Select Save on the Add specified users window posts of the users added in the left pane will be scanned Compliance Guardian Installation and Administration User Guide o Add users according to the configured conditions Select the None link the Add users window appears Configure the condition to filter by groups or users Select Preview to review the users that meet the configured condition in the Preview window Select Save to save the changes and close the Add users window The posts of the users that meet the configured condition will be scanned o Import file with specified users Select the radio button to import a file along with the added user You can select Download Template and save the template file Edit the template file to add the users and then select Import to import the file e Scan Policy Select a scan policy from the drop down list or create a new scan policy to define the scan rules for scanning content e Action Policy Select an action policy from the drop down list or create a new action policy to define what actions will be taken to the scanned content e Alert Send an alert e mail when an error occurs during the scan Select an e mail profile and an e mail t
512. ter Actions to review the configured settings e Alert Specify whether to send out an alert e mail when a file is affected by the specified actions This is optional Select Configure The Configure interface appears o Alerts Specify whether to send an e mail when the action fails to execute or successfully executes to the scanned files that are not compliant and then specify who will receive the e mail You must select a default e mail template before select the recipients Select the New Notification Template link to create a new template Creator e mail template Select this checkbox to send an alert e mail to the creator of the specified file that will be taken action If this option is selected you must select an e mail template from the corresponding drop down list If you do not select an e mail template Compliance Guardian will use the default e mail template nest p i 185 Compliance Guardian Installation and Administration User Guide 186 Modifier e mail template Select this checkbox to send an alert e mail to the last modifier of the specified file that will be taken action If this option is selected you must select an e mail template from the corresponding drop down list If you do not select an e mail template Compliance Guardian will use the default e mail template User in the selected notification profile Select this checkbox to send an alert e mail to the recipients configured in the selecte
513. th the deletion Select OK to delete the selected databases or select Cancel to return without deleting it Configuring Database To create a new database select Create on the ribbon and then select Database in the drop down menu To modify a database select the database and select Edit on the ribbon and then select 122 F e D e e Compliance Guardian Installation and Administration User Guide Database in the drop down list menu In the Create Database or Edit Database interface configure the following settings e Configure Database Specify a report database Enter a new Database Server and a Database Name in the corresponding fields e Authentication Select the authentication mode for the report database If Windows Authentication is selected the application pool account and the Compliance Guardian Agent Account must have the db_owner permission for the report database If the report database does not exist and need to be created the application pool account and the Compliance Guardian Agent Account must have the dbcreator permission for the report database You can also validate the database account by selecting Validation Test The Validation Test only runs if the application pool account has enough permissions to the report database If SQL Authentication is selected the necessary information must be specified in the Account and Password fields You can also validate the database account by selecting Validation Test
514. the CCE EngineWorker exe file Refer to Doing Operations on the lt FS gt Node For security considerations the password must be encrypted Refer to Encrypting Passwords for Accessing File Share Locations for how to encrypt the password 6 Save the ContentComplianceConfig xml file Note The file share settings configured for each Compliance Guardian agent servers must be same Using CCE EngineService exe file to Encrypt Passwords and Do Operations on the lt FS gt Node Refer to the following section for using CCE EngineService exe file to encrypt passwords and do operations on the lt FileShares gt node Encrypting Passwords for Accessing File Share Locations For security considerations the password used to access the file share location must be encrypted Refer to the following steps to encrypt the password 1 Find the cmd exe on the servers where Compliance Guardian Agents added in the agent group install 2 Select cmd exe and then select Run as administrator The command line interface appears 3 Enter cd and the path of the CCE EngineWorker exe Compliance Guardian Agent Bin If the file is not in the disk C you must add disk before the path for example cd d d AvePoint Compliance Guardian Agent bin Press Enter 4 Enter Compliance Guardian Agent Bin CCE EngineWorker exe and then enter the command encrypt Press Enter The password will be encrypted inistrator Command Prompt CCE EngineWorker e
515. the specified scopes Note Compliance Guardian supports scanning Microsoft Office files that are in a 2003 or earlier format using iFilter in this version If you are using an earlier version of Compliance Guardian or if you updated to Compliance Guardian 3 SP 3 from an earlier version you must download a compatibility pack and download an update pack to scan the Microsoft Office files can keep the file s accessibility attributes If you prefer to scan these files through installing the compatibility pack but not through iFilter you can install Microsoft Office Compatibility Pack for Word Excel and PowerPoint File Formats and install Microsoft Office Compatibility Pack Service Pack 3 SP3 Then add the following node under the Office FileMapping node in the configuration file ContentComplianceConfig xml you can find the file under the path Compliance Guardian Agent Bin lt NeedConvert gt lt Extension gt xls lt Extension gt lt NeedConvert gt lt OfficeFileMapping gt e Words lt Excel gt lt Supported gt lt Extension gt xIsx lt Extension gt lt Extension gt xIlsm lt Extension gt lt Extension gt xlitm lt Extension gt lt Extension gt xlam lt Extension gt lt Extension gt xItx lt Extension gt lt Supported gt lt NeedConvert gt lt Extension gt xIs lt Extension gt lt Extension gt xIsb lt Extension gt lt Extension gt xit lt Extension gt lt Extension gt xla lt
516. the Compliance Guardian Agent 1 Download the Agent ZIP file either by requesting a demo version or by contacting an AvePoint representative for links to this package 2 Unzip this package and navigate to the Compliance Guardian Agent directory Run the Setup exe file 3 From the welcome screen select Next 4 Enter your Name and Organization into the provided fields and then select Next 5 Carefully review the Compliance Guardian License Agreement After you have read the terms in the license agreement check the I accept the terms in the license agreement checkbox and then select Next 6 Select Browse and then select the location for the Agent installation By default the installation location is C Program Files AvePoint Select Next 7 Compliance Guardian will perform a brief pre scan of the environment to ensure that all rules meet the requirements The status for each rule will be listed in the Status column Select the hyperlink of the status and the detailed information about the scan result will be listed in the pop up window 8 Select Details to view the detailed information of all of the requirements Update your environment to meet the requirements if there are some checked rules that failed 32 S e S e e C Compliance Guardian Installation and Administration User Guide 9 Select the Rescan button to check your environment again Once all rules pass select Next 10 Set up the Communication Configuration
517. the Manager Server and change them for the specified agents Select the desired Compliance Guardian Agents in Agent Monitor and select Configuration File on the ribbon to change the configuration file for them In the pop up window select OK to confirm the modification action and you will be redirected to the configuration page Refer to the instructions below to change the configuration file Note Since modifying the agent configuration files can be risky it is not recommended for end users to do it o Agent Information In this field you can view the agents you have selected previously o Browse Configuration File Upload the configuration file to the Manager Server Select Browse to find the specified config file and select Open to upload it You are able to upload multiple configuration files D Compliance Guardian Installation and Administration User Guide Note The name of the configuration file you upload must have the same name as the existing one and then you are able to apply the configuration file to destination o Destination Path Enter the place where you want to upload the configuration file Compliance Guardian supports configuration file change in Agent Bin and Agent data paths o Conflict Resolution Select a resolution when two configuration files have the same name Merge The content of the newly uploaded configuration file will be merged into the old one Replace The newly uploaded
518. the Receive E mail Settings interface without saving the profile Managing Receive E Mail Notification To see the configurations of a notification profile select a notification profile and then select View Details on the ribbon You will see the configuration details of this notification profile To change the configurations for a notification profile select the notification profile from the list of previously configured notification profiles and select Edit on the ribbon For more information about editing configurations for a notification refer to Configuring Receive E Mail Notification To set a notification profile as the default one select the notification profile from the list of previously configured notification profiles and select Set as Default Profile on the ribbon The default notification profile will be selected by default when you build up plans or configure notification settings for the Compliance Guardian Manager or Agent services To delete a notification profile which is no longer needed select the notification profile from the list of previously configured notification profiles and select Delete on the ribbon Select OK to confirm the deletion or select Cancel to cancel the operation Configuring E mail Templates E mail Template displays the e mail templates that previously configured and allows you to configure an e mail template to be used when sending alert emails To create a new e mail template select Create
519. the app You can select to use an existing IIS website or create a new IIS website The IIS website is used to communicate between Office 365 and Compliance Guardian o Use an existing IIS website Select an existing IIS website from the drop down list o Create a new IIS website Enter the website name and create a new IIS website for the app e Application Pool Settings Configure the IIS application pool settings for the corresponding website You can select to use an existing application pool or create a new application pool The application pool is used to handle the requests sent to the corresponding website The following settings can be configured o Use an existing application pool not recommended Select an existing application pool from the drop down list If you choose to use an existing application pool the Application Pool Account settings are greyed out and cannot be changed o Create a new application pool Enter the application pool name and application pool account settings to create a new IIS application pool for the corresponding website e IIS SSL Certification o Not Use llS SSL Certificate Do not select an IIS SSL certificate If you select this radio button you can still add a certificate in IIS for the website after you finish installing the app o Select SSL Certificate Select an IIS SSL certificate Select Next 11 In the Ready to install Compliance Guardian App page all of the
520. the configured settings e Alert Select Configure The Configure interface appears Select whether to send out an alert e mail if the action failed to execute or successfully executed Then select an e mail template Select OK in the interface to save the changes or select Cancel to return to the Create Action Policy interface or Edit Action Policy interface without saving any changes After you finished configuring the Alert settings select the right arrow P after Alert in the Create or Edit Action Policy interface to review the configured settings Select Add a Condition Group to add another condition group Select the delete button E after a condition group to delete the condition group You can change the order of the condition group configuration by selecting the textbox on the top of each condition group to determine the priority of the condition group Select the right arrow E or down arrow M to expand or retract the settings of a condition group Classification Actions If you select For Web Part as the action type there are three actions Alert Block and Redact If you select For Receiver as the action type there are two actions Alert and Delete Refer to the following section for details about each classification action Alert Only The posts that meet the configured condition in the action policy can be recorded in an e mail and sent to the specified users After you select Configure after the Alert Only action
521. the connection and then select Edit on the ribbon In the Create Connection or Edit Connection interface configure the following settings e Name and Description Enter a name for this connection You can also enter an optional description to distinguish this connection from the others e Type Select the file system type for the connection e Connection Configure the following settings o Agent Group Select the agent group that will perform the Scheduled Classification Scanner job o UNC Path Specify a path in the format admin PC cS data or admin PC shared folder the files in the specified location are supported to be scanned o Username Specify a username that can access the specified location o Password Specify a password Note The user must have the following permissions If the path is specified in the format admin PC cS data The specified user must have the local administrator permission to the connected server If the path is specified in the format admin PC shared folder The specified user must have the Log on as a batch job permission to the connected server or the user must be the member of the Backup Operators group of the connected server hast 219 Compliance Guardian Installation and Administration User Guide The specified user must have the Full Control permission to the shared folder After you are satisfied with the configuration of the connection select OK t
522. the holder name as long as it is not duplicated in another AllowedTagValues nodes The holder name is used when the Compliance Guardian engine analyzes the macro expression and finds the corresponding values e Value If Static is selected as the type specify the tag value If you do not want to add a tag value to a scanned file enter None or none The field is not case sensitive If Dynamic is selected as the type enter a macro expression to search the corresponding properties The results will be added to the file SharePoint and or Yammer The method of using the macro expression here are same as that of the macro expression specified in the Source field of the Context check For more details refer to Condition in the Context check section e NA If Dynamic is selected as the type you can enter a value as this attribute If no properties are found according to the macro expression this value will be used as the tag value to add to a file The default value is SEmpty then no value will be added e DefaultRiskValue_Raw Enter a value as the raw risk score of the file The attribute will take effect when the value of OverrideUser is No When the original file s metadata is not overridden the risk score is not calculated by the Raw type risk formula that is selected in the RiskFormula element field of the test suite The risk core is the value you specified here 356 e ae e Compliance Guardian Installation and Administration
523. the link will be checked using the HEAD method if the corresponding server does not support the HEAD method the GET method will be used If False is selected the link will be checked using the HEAD method if the corresponding server does not support the HEAD method the GET method will not be used Configure the following attributes under this element TextCompare Type There are two values for this attribute Valid and Invalid All elements that are considered valid or invalid are stored to the database the Location Status This is used to indicate the disposition of the element and the severity selected by the user In the Report Text step if the status set for True Result or False Result is Failed the value for the Status attribute will be Fail and the value cannot be changed Configure the following attributes under this element CompareType Specify a compare type The attributes for CompareType are MustContain MustNotContain MustEqual MustNotEqual MustMatch and MustNotMatch Separator Specify a separator if multiple values are specified CaseSensitive Specify if the attribute name being tested for must match the case exactly Value Define one or more values for the test use the separator specified before to separate the values Select the delete button 4 to delete this check rule Select Add Another TextCompare to add another rule Attributes Configure the following attributes unde
524. the permission to change the password the password field will be grayed out You must supply the Old password here 2 Inthe Group field refer to the following information e Only users of Administrators group have the permission to change the Compliance Guardian groups it belongs to If a user both belongs to Administrators group and the other groups it also has the permission to change the Compliance Guardian groups it belongs to If the user moves itself out of Administrators group the action will take effect the next time that user logs in e Ifthe user is admin Compliance Guardian default user it can view that it belongs to the Administrators group but is not able to edit the Group setting e For users who do not belong to the Administrators group they can only view the group names they belong to and are not able to edit the Group setting After you have saved the modifications select Cancel to exit the My Settings interface and return to the previous Compliance Guardian interface you are in oe 87 Compliance Guardian Installation and Administration User Guide Sa License Manager License Manager provides you with information regarding your Compliance Guardian licenses Here you are also able to import and export license files generate license reports set up expiration notifications as well as monitor the number of servers you have used up in your license To access License Manager for Compliance Guardian
525. the ribbon and then configure the following settings e SharePoint Sites Group Enter a name for this SharePoint Sites Group in the SharePoint Sites group name text box and then enter an optional description for future reference Keep in mind that while you are able to enter any name for this site group we recommend that you use names that provide some information about what type of SharePoint sites should be associated with this group 106 Compliance Guardian Installation and Administration User Guide e Agent Group Specify an agent group to perform Compliance Guardian jobs on this SharePoint site For detailed information on configuring agent groups refer to Agent Groups Select OK to save these configurations and return to the SharePoint Sites interface or select Cancel to return to the SharePoint Sites interface without saving these configurations To view information about a previously configured SharePoint Sites Group select the SharePoint Sites Group and then select View Details on the ribbon To modify the description for a previously configured SharePoint Sites Group select the SharePoint Sites Group and then select Edit on the ribbon To delete a previously configured SharePoint Sites Group select the SharePoint Sites Group and then select Delete on the ribbon Managing Site Collections For each SharePoint Sites Group you add to Compliance Guardian you must configure each site collection in order to mana
526. the secondary check is Found If the characters between the instance found in the primary check and instance found in the secondary check are greater than the number of characters specified in the MaxDistanceToPrimary attribute the result of the secondary check is Not Found e Inthis use case O following sections RegularExpression In the primary check the value that will be searched for in the file is 508 which can be found in the file A so the result is Found According to the logic of the Truelf attribute the result of the primary check is True The secondary check will start In the secondary check the value that will be searched for in the file is JUSTICE which can be found in the file A In the extracted file content the characters between JUSTICE and 508 are less than 10 characters so the result of the secondary check is Found According to the logic of the Truelf attribute the result of the secondary check is False According to the setting in False Result and Message in the Report Text step the returning status is User Review Required which will be displayed in the Compliance Guardian report RegularExpression Type Check The RegularExpression type check is used to find a string of text that fits the format of the defined regular expression The following section provides a general introduction about configuring attributes for this type of check as well as a test example for you to understand the test logic C
527. tification profile For more information on configuring the e mail notification profiles refer to Configuring Receive E Mail Settings Select Next The Overview page appears 6 Review and edit the plan configurations To make changes select the Edit button next to the name of the each configuration field to jump to the corresponding setting page and edit the configuration 7 Once you are satisfied with the plan settings choose one finishing option at the lower right section of the screen Select Finish to save the configuration of the plan without running it or Finish and Run Now to save the configuration and then run the saved plan immediately Scan Schedule Configure the following settings to build a new Compliance Scanner schedule in the Add Schedule pop up window e Options Select a scan type from the drop down list o Full Scan Run a full scan of all of the content in the specified scope Unlike incremental scan all full scans are independent of one another and do not have any dependencies on the other s scan results However because each of the full scans is comprehensive full scan jobs take the longest to complete of the two available options 176 S F ae e Compliance Guardian Installation and Administration User Guide o Incremental Scan Run a fractional scan It scans only the updated content since the last successful full scan or incremental scan This kind of scan requires less storage than a fu
528. tined but they are still in SharePoint Out of place quarantine The non compliant files or items will be quarantined to the specified location e Quarantine Location If the Out of place quarantine option is selected you must select a location for storing the quarantined files or items Select New Export Location to create a new export location For more information refer to Configuring Export Locations Redact Files Items Redact the files or items that are not compliant according to the Redaction type test suite selected in the corresponding scan policy 190 Compliance Guardian Installation and Administration User Guide Quarantine Before Redact The files or items that are not compliant will be backed up and the backed up files or items will be quarantined to a specified location The original files or items in SharePoint will be redacted After you select Configure after the Quarantine Before Redact action in the Create Action Policy or Edit Action Policy interface configure the following settings in the Configure interface e Manage Redacted Files or Items Select one or more groups from the Select the groups that have the permission to manage the redacted data in Compliance Guardian drop down list The users in the selected groups can view and manage the scanned files or items that are not compliant in Compliance Guardian gt Classification Report gt Incident Manager gt Redaction Select New Group to create a
529. tion User Guide The following elements with specific attributes are within the optional Attributes section o Length This section is optional Select the checkbox before this element the following attributes appear CompareType Specify a compare type for this length compare The attributes for CompareType are GreaterThan LessThan GreaterOrEqualThan LessOrEqualThan Equal and NotEqual Characters Specify the number of the characters used for the compare Select the delete button 4 to delete this check rule Select Add Another Length to add another rule o TextCompare This section is optional Select the checkbox before this element the following attributes appear CompareType Specify a compare type The attributes for CompareType are MustContain MustNotContain MustEqual and MustNotEqual Separator Specify a separator if multiple values are specified CaseSensitive Specify if the attribute being tested for must match the case exactly Value Define one or more values for the test use the separator specified before to separate the values Select the delete button 4 to delete this check rule Select Add Another TextCompare to add another check rule o WordsRepeat This section is optional Select the checkbox before this element the following attribute appears Number Define the number of times that words can repeat in the attribute value before the test fails
530. tion to help you view the information intuitively e Risk information of each file o The file information the risk scores and the regulations checks that the file violated o The related auditing information including the access time to the file the user who accessed the file the action type and some related details o The security information related information 260 S e e D e e Compliance Guardian Installation and Administration User Guide Generate Detailed Risk Report of a File Compliance Guardian supports to export the detailed risk report information of a file through the ccr sp2010riskananlyzer exe or CCR SP2007RiskAnalyzer exe files Compared with the Risk Report that is displayed in the Compliance Guardian Report or generated from Compliance Guardian Report the detailed risk report combines all of the risk report information of a file to one CSV file thus for user conveniently checking and viewing Before You Begin In order to generate the detailed risk report the ccr sp2010riskananlyzer exe or CCR SP2007RiskAnalyzer exe file must be run in the Command Line The DocAve Auditor database must be connected so as to get the related auditing information To get the risk report complete the following steps 1 Go to the machine with Compliance Guardian Agent installed and open the AvePoint Compliance Guardian Agent bin directory to find the ccr sp2010riskananlyzer exe file CCR SP2007RiskAnalyzer exe is
531. tions If you select the checkbox you must select an alert e mail profile from the appeared drop down list You can also select the New Notification Profile link to create a new notification profile also you must select an e mail template from the appeared drop down list You can also select the New E mail Template to create a new e mail template For more information refer to User Notification Settings If the action successfully executed Specify whether to send out an alert e mail when a file is successfully to be affected by the specified actions If you select the checkbox you must select an alert e mail profile from the appeared drop down list You can also select the New Notification Profile link to create a new notification profile also you must select an e mail template from the appeared drop down list You can also select the New E mail Template to create a new e mail template For more information refer to User Notification Settings Select OK in the interface to save the changes or select Cancel to return to the Create Action Policy interface or Edit Action Policy interface without saving any changes After you finished configuring the Alert settings select the right arrow after Alert in the Create or Edit Action Policy interface to review the configured settings Compliance Guardian Installation and Administration User Guide Select Add a Condition Group to add another condition group Select the delete a but
532. tions are configured you must specify the logical relationship among the Conditions The relationships are AND and OR Arrange the operator condition expression by using the relationships Condition ID the sequence of the Condition and parentheses For example if you have configured three Conditions and you specify 1 And 2 Or 3 The properties that meet both the Condition 1 and Condition 2 or meet the Condition 3 will be searched out Context Check Test Logic Example Refer to the following example to better understand the test logic of the Context type check Use a check to scan if the SharePoint files contain SSN The files that contain SSN will be scanned by the Context check Create and configure the Redaction check test logic 1 Create a Context type check In the Report Text step in the True Result and Message field select Failed in the True Result drop down list 2 Configure the Context section Select NAResult in the drop down list under the NA attribute 3 Configure the Condition section Enter SPltem Fields Created Time in the Source text box Select AND in the drop down list under the Operator attribute Select Add a Compare Select Before as the Compare Type and select 2014 10 20 as the Value Select Add a Compare again Select After as the Compare Type and select 2014 1 20 as the Value Select Add a Condition Configure settings in the newly added condition o Enter SAD Users SSPltem Fields Cre
533. to Compliance Guardian hast 71 Compliance Guardian Installation and Administration User Guide Eh SE e Network Security Configure the IP addresses to have the desired level of access to Compliance Guardian To access these settings check the Enable network security checkbox and then select either o Trusted network If selected only the IP addresses added to this field can access Compliance Guardian To add an IP address as a trusted network enter the IP address in the Equals text box and then select Add Repeat these steps to add additional IP addresses o Restricted network If selected the IP addresses added to this field cannot access Compliance Guardian To add an IP address as a restricted network enter the IP address in the Equals text box and then select Add Repeat these steps to add additional IP addresses System Password Policy In the System Password Policy tab the following options can be configured e Default Password Settings Specify the rules to be applied on the password after it has been saved Select Account is inactive if you would like to manually activate the account before it can be used Note If no option is selected in this field the password does not need to be modified at first login and it will never expire e Maximum and Minimum Password Length Enter an integer for the maximum and minimum number of characters allowed in a password e Password Rule Configure the
534. to add a solution package to the farm s solution store which is in the farm s configuration database Use this button when you only want to add the solution to the specified farm and do not want to deploy it e Deploy Select Deploy on the ribbon to unpack the solution package and copy its elements to their appropriate places This button can be used even when the solution has not been installed to the specified farm In that case the solution will be installed to the specified farm first and then be deployed e Retract Reverse the deployment of the farm solution s components The solution remains in the solution store and can be redeployed later e Remove Deletes the solution package from the solution store This button can be used even when the solution has not been retracted from the specified farm In that case the solution will be retracted from the specified farm first and then removed 120 S F D e Compliance Guardian Installation and Administration User Guide After a solution is installed to view information about it select the solution by checking the corresponding checkbox and then select Solution Properties on the ribbon You will be brought to the Solution Properties page By default the Summary tab is open which shows an overall view of the specified solution Select the Details tab to view the solution s deployment status on each of the Web applications and other detailed information In the Details tab yo
535. to store the report data Accessing the Compliance Guardian GUI The following table displays the supported browsers and their requirements on the Silverlight version if you want to access the Compliance Guardian GUI in a Windows Server 2008 R2 Enterprise SP1 environment Rules Requirement Silverlight Version 5 0 or above Internet Explorer IE 7 or above Google Chrome 19 0 1084 52 Mozilla Firefox 14 0 1 Internet Explorer Setup When first accessing Compliance Guardian using Microsoft Internet Explorer IE some initial security settings must be configured Run Compliance Guardian s server application found in the Start menu on the machine where the Compliance Guardian Control Service is installed and complete the following steps 1 When you access Compliance Guardian by IE the browser will display a security certificate prompt Select the Continue to this website option listed next to the shield vd There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Gi Click here to close this webpage x Continue to this website not recommended Gei More information Figure 2 Security certificate prompt 36 S
536. to the machines with Compliance Guardian Manager installed Open the Compliance Guardian Manager Control Config CastleConfigs directory to find the ControlActionReportsCastle config file Open the ControlActionReportsCastle config file with Notepad Locate the Interval node The value of Interval is 3600 seconds You can modify to meet your requirement The unit is seconds Save the file Compliance Guardian Installation and Administration User Guide 397 Appendix L Using the Discovery Function Compliance Guardian supports a discovery function to achieve the following requirements e Discover the number of files and items in the SharePoint scopes site collection site or list e Calculate the number of file types and the number of files in each file type e Discover the number of files scanned by the Compliance Guardian engine and the number of files scanned by iFilter e Calculate the total size of files and items in each SharePoint scope site collection site or list e Calculate the size of files in each file type There are two methods e Using the EXE File e Using the BAT File Using the EXE File 1 Go to the machines with Compliance Guardian Agent installed and open the Compliance Guardian Agent Bin directory to find the CCS Toolkit v2 exe or CCS Toolkit v4 exe file In the SharePoint 2007 or SharePoint 2010 environment select CCS Toolkit v2 exe in the SharePoint 2013 environment se
537. ton after a condition group to delete the condition group You can change the order of the condition group configuration by selecting the textbox on the top of each condition group to determine the priority of the condition group Select the right arrow E or down arrow HM to expand or retract the settings of a condition group Classification Actions Refer to the following sections for details about each action Encrypt The scanned files that are not compliant will be encrypted After you select Configure after the Encrypt action in the Create Action Policy or Edit Action Policy interface configure the following settings in the appeared Configure interface e Manage Encrypted Files Select one or more groups from the Select the groups that have the permission to manage the encrypted data in Compliance Guardian drop down list The users in the selected groups can view and manage the scanned files that are not compliant in Compliance Guardian gt Classification Report gt Incident Manager gt Encryption Select New Group to create a new group in Control Panel For more information refer to Account Manager e Security Profile Select a security profile for encrypting the non compliant files Select New Security Profile to create a new security profile For more information refer to Security Profile Encrypt and Quarantine The scanned files that are not compliant will be encrypted and then quarantined After you select Configur
538. tput the report data and who do you want to share the reports with field Select a Predefined Database Policy Select a database policy to store the scan job data Database policy also includes the retention settings for the scan data Report Group Select a Compliance Guardian report group from the drop down list Once a group is specified as the Report Group all of the users in the specified group will be able to view and download the reports in the Compliance Report module Multiple groups can be specified here choose Select All to select all of the listed groups In the How do you want to execute the scan field 164 Set a start time and or intervals to return the scan automatically Optionally select this checkbox and then choose a scheduling option o No schedule Select this option to configure the job to not run on a schedule the job must be manually initiated o Configure the schedule myself Configure a customized schedule and run the plan by schedule Select Add Schedule and the Add Schedule window pops up Configure the following settings for the schedule Options Select the type of the scan for this plan Full Scan or Incremental Scan Full Scan scans all of the content in the scope defined in the plan while Incremental Scan only scans the content that has been modified since the last incremental or full scan job If selecting Incremental Scan the Reference Time option is enabled Refe
539. tration User Guide 287 Functionality Name and Hot Key Social Edit E Network Delete D Enable B Disable Configure N Create C Connection View Details V Edit E Delete D Close X Scan Policy S Create C View Details V Edit E Delete D Export W Close X Action Policy A Create C View Details V Edit E Delete D Close X Apply P Create Rule R Job Monitor J Close X Real Time Edit Classification Delete Scanner 288 Compliance Guardian Installation and Administration User Guide Job Monitor Page The following table provides a list of hot keys for the functionalities on the ribbon of the Job Monitor page For example continue pressing Mon your keyboard to enter the Module interface Functionality Name and Hot Key List View LV Calendar View CV Time Zone TZ View Details Download D OK O VD Job Details Page V Cancel C Close X OK O Download DL Cancel C Pause P Resume RE Stop SP Start ST Delete DE Delete without Notification D Date Range DR Module M Report Location ni ob a Back B nae 289 Compliance Guardian Installation and Administration User Guide Scheduled Job Monitor Page To access the Scheduled Job Monitor page by using hot keys from within the Job Monitor interface press Ctrl Alt Z on your key
540. ts Control Panel is also integrated into other Compliance Guardian products enabling you to configure relevant settings without having to leave the interface of the module you are using Getting Started Refer to the following sections for important information on getting started with Control Panel Launching Control Panel To launch Control Panel and access its functionality complete the following steps 1 Login to Compliance Guardian If you are already in the software select the home page button ah on the top left corner to go back to the home page 2 From the Compliance Guardian home page select Control Panel to launch the Control Panel 3 Alternatively you can select Administration on the top left corner and select the Control Panel tab on the appeared navigation bar to launch Control Panel ft Report Y Administration v Welcome admin Ba Fa EA S Compliance Scanner Classification Scanner Job Monitor Control Panel What do you want to do next N E Compliance Manager X Compliance Scanner Compliance Report Classification Manager ZC SH Classification Scanner Classification Report a kb Aal System Manager DE Control Panel Job Monitor Figure 12 Control Panel tab on the navigation bar hast 65 Compliance Guardian Installation and Administration User Guide Er ft Report Y Administration v Welcome admin A Bd SS Compliance Scanner Classificat
541. tton f Af d F 37 Compliance Guardian Installation and Administration User Guide Ers 5 Select Next to continue installing the certificate 6 Select the Place all certificates in the following store option and select Browse to browse to the Trusted Root Certification Authorities folder Select OK to confirm the selection and select Next Certificate Import Wizard X Certificate Store Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for the certificate Automatically select the certificate store based on the type of certificate Ze Place all certificates in the following store Certificate store Browse Select Certificate Store xi Select the certificate store you want to use _ Active Directory User Object A Trusted Publishers ack Next gt Cancel I Show physical stores cme Figure 6 Certificate Import Wizard 7 Select Finish to complete the certificate import 8 Select OK in the prompt window to acknowledge the successful import 9 Choose to temporarily allow the Compliance Guardian GUI pop up window or to always allow the Compliance Guardian GUI in the prompt window A A e Compliance Starting SW Pop up blocked To see this pop up or additional options click here Temporarily Allow Pop ups Always Allow Pop ups from This Site Settings
542. ttribute e Enter http sharepoint avepoint net file findthis txt for the Path attribute 3 Save the check 4 Run a Compliance Scanner job The test suite used in this job contains the check configured above Review the FindFile check test logic e H the file findthis txt exists the result will be Found Note that if you enter a relative URL file findthis txt for the Path attribute by default the full path of this file that Compliance Guardian will scan is http host name IP address relative URL For example if the URL of the selected site that will be performed a Compliance Guardian job is http avepoint2010a 10086 sites 1229url 0112site and the relative URL specified for the Path attribute in this check is file findthis txt then CCE will scan the URL http avepoint2010a file findthis txt to check if the file exists e According to the logic set in the Truelf attribute the result of this check will be True e According to the setting in True Result and Message in the Report Text step the returning status is Passed which will be displayed in the Compliance Guardian report LinkValidation Type Check The LinkValidation check is a check type that tests for the validity of links or bookmarks within any content that can contain links or bookmark references The following section provides a general introduction about configuring attributes for this type of check as well as a test example for you to understand the test logic
543. ttribute Class needs to be configured for the check Specify the Namespace Class and AssemblyName in the Class attribute field Use the comma to separate them For more information refer to Using CustomScan in Compliance Guardian Fingerprinting The Fingerprinting type check allows you to use the content stored in documents or files as the search condition to find another document or file that has the exact or similar information Select the forms of matching e Exact matching Based on file size and the binary signature of the file This form is targeted to find duplicated documents that have the exact same content e Raw matching Based on compare result from RDC Algorithm RDC divides a file s data into chunks by computing the local maxima of a fingerprinting function that is computed at every byte position in the file A fingerprinting function is a checksum function that can be computed incrementally Compliance Guardian does not consider the file format or file size using this form so this form can not only find different versions of a file but can also identify if different kinds of Microsoft Office files have the same or similar content e Text matching Match of discrete passages of extracted and normalized file contents Compliance Guardian extracts 100 of the file contents normalizes it by removing whitespaces punctuation and formatting and then creates a checksum e 345 Compliance Guardian Inst
544. ttributes appear O Truelf Specify the condition when the check result is True If Found is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be True If NotFound is selected in the drop down list under the Truelf attribute when finding an instance the check result of this check will be False SearchAll Specify whether or not to check the comments and scripts ListLocation Specify whether or not to record the instance s location in the Compliance Guardian database If Yes is selected in the drop down list under the ListLocation attribute then every location of the instance found will be recorded in the Compliance Guardian database If No is selected in the drop down list under the ListLocation attribute the check continues but the locations of the instances found will not be recorded in the database ListLocStatus Specify the status for the instance that is found The status will be recorded in the Compliance Guardian database Note that if the status set for True Result or False Result is Failed in the Report Text step the value for the ListLocStatus attribute will be Fail and the value cannot be changed CaseSensitive Specify if the text being tested for must match the case exactly CustomCheck Enter a CustomCheck name for this attribute The CustomCheck is used to calculate the check digit on the result of the regular expressions in
545. turning status and message for this check when the checking result is False The checking logic determines whether a check result is false or true 2 Select Next on the ribbon or on the lower right corner of the screen The check attributes configuration screen appears 3 Configure the attributes for the check The attributes that are required to be configured for each type of check are different For more information about configuring attributes for each type of check refer to Configuring Check Type Attributes in Appendix B 4 Select Save on the ribbon or on the lower right corner of the screen to save the check Alternatively select Save As and enter a check name to save it as another check If you want to preview the check before saving it select Preview on the ribbon or on the lower right corner of the screen A pop up window appears Enter the file name in the pop up window and select Save The check will be saved You can view the configuration information on the check and then save the check in Compliance Guardian after you have previewed the check and confirmed the check information hast 129 Compliance Guardian Installation and Administration User Guide Editing Test Suite If selecting Test Suite from the Edit drop down menu you will be brought to the Test Suite Manager Edit interface where you can edit the following settings 1 Edit the Name and Description in the Test Suite for Compliance Reporting Test S
546. u can also select Web applications by checking the corresponding checkboxes and then select to Deploy or Retract the solution from the selected Web applications When you are finished select Cancel on the ribbon to return to the Solution Manager interface Managing Solutions To keep your Compliance Guardian solutions up to date Solution Manager provides you tools to check for solution version upgrade existing solutions and repair deployed solutions To perform any of these actions select the solution by checking the corresponding checkbox then select e Retrieve Version on the ribbon to retrieve version information about the selected solutions The information displayed in the Version Status and Message columns will be refreshed e Upgrade on the ribbon to upgrade the selected solution to the latest version A solution can be upgraded if the solution version is lower than the current agent version e Repair on the ribbon to repair the selected solution You can repair a solution if it does not have the same version as the current agent version Solution Description Refer to the following descriptions to get an overall view of all of the Compliance Guardian solutions SP2007 QuarantineManager wsp SP2010QuarantineManager wsp SP2013QuarantineManager wsp This solution is used for the Real Time Classification Scanner and Scheduled Classification Scanner If you deploy this solution you are able to use the Compliance Guardian Quarant
547. u enter you can change the order of the rules by selecting the down arrow before the Rule value and then select the order of the rule from the drop down list to determine the priority of the rule You can also change the logical relationships between the rules There are currently two logical relationships And and Or The logic is set to And To change the logical relationship selecting the down arrow after the And Or value The And logical relationship means that the content which meets all of the rules will be filtered and included in the result The Or logic means that the content which meets any one of the rules will be filtered and included in the result Select Search in the Configure Advanced Search Settings window to search the desired Lync content The results of the search will be displayed in the right pane of the Search interface Select Current Page will display all the available conversations Select All will display all the searched conversations and Clear All will clear the results Select a conversation to view more details on the conversation The View Details window appears You can export the conversation to an EDRM file a Concordance file or an HTML file Exporting Lync Data The Lync content that has been searched can be exported to an EDRM file a Concordance file or an HTML file into another location For more information on configuring the export location refer to Configuring Export Settings Refer
548. uardian Installation and Administration User Guide ODP NET_Managed121012 odp net managed x64 A 8 Hame Date moc TALNA 3 configure bat Oo f Oracle Managed og f a OraProvCfg exe S unconfigure bat Print Pei Bun as administrator Figure 93 Finding configure bat Limitation of Scanning Oracle Database There are some limitations for scanning Oracle database e The table must include primary key or index to be scanned in Compliance Guardian A table that does include a primary key or index will not be scanned o Function based Indexes are not supported o The field in the object type cannot be defined as index e If you want to perform the incremental scan job Change Data Capture must be enabled For details about how to enable Change Data Capture and the related performance details refer to http docs oracle com cd B28359 01 server 111 b28313 cdc htm i1025455 Note that Oracle 9i only supports Synchronous Change Data Capture o The captured columns must include a complete unique index list or include the primary key columns o Before enabling Change Data Capture make sure the time zone of the database is same as the host where the database service resides o When enabling Change Data Capture pass the parameter timestamp gt Y to DBMS_CDC_PUBLISH CREATE_CHANGE_TABLE to generate the timestamp column o After enabling Change Data Capture if you use a user for example user1 to
549. uardian accesses the user profiles through the personal site Select the related personal site node in the farm tree to scan user properties in the corresponding user profile However if the personal site is not created you cannot scan the corresponding user profile since there is no personal site node in the tree Compliance Guardian Compliance Scanner provides a method to scan the user profile when the personal site is not created The User Profile Services node is loaded on the farm tree by changing the UserProfile Used false change the value false to true node in the ComplianceSetting config file Refer to Configuring to Scan User Profiles for details and then select the corresponding User Profile Service node and configure the related plan settings to scan the user properties and notes 152 F sn e e Compliance Guardian Installation and Administration User Guide tt Report v Administration v Compliance Manager gt Compliance Scanner Compliance Scanner SharePoint Y SS Li Te Scan Policy Filter Policy Database Manager Account Manager Job Monitor Close Ke a Gel S Plan Management Settings Statistics Commit Scope Q v What is the Compliance Scanner D Compliance Scanner D Farm 10 1 11 71 SHAREPOINT_CONFIG_S Scan content in the selected scope IS User Profile Sevice les Scan results will be generate Web Applications beier P Farm SEARCH SHAREPOINT_CONFIG XUYAO 4 C User Profile Servic
550. uite for Classification and Tagging or Test Suite for Redaction screen The description is optional If you re editing a test suite for Compliance Reporting you need to configure the Check Accessibility setting Select whether or not to check the file accessibility 2 Select Next on the ribbon or on the lower right corner of the screen The File Body Configuration screen appears 3 Configure the attributes for the test suite file For more information about configuring the file attributes refer to Configuring Test Suite File Attributes in Appendix B 4 Select Save on the ribbon or on the lower right corner of the screen to save the test suite Alternatively select Save As and enter a test suite name to save it as another test suite If you want to preview the Test Suite for Compliance Reporting Test Suite for Classification and Tagging or Test Suite for Redaction file before saving it select Preview on the ribbon or on the lower right corner of the screen A pop up window appears Enter the file name in the pop up window and select Save to save the file You can view configuration information on the file and then save the test suite in Compliance Guardian after you have previewed the file and confirmed the file information Deleting a Test Suite Select a test suite from the list of previously configured checks or test suites and then select Delete on the ribbon A confirmation window will pop up and ask if you are sure you want to procee
551. ule that is no longer needed The filter rule contains three category levels Document Based on the SharePoint Document property value you specified here to define the scope in which the files that are not compliant will be affected by the specified actions Note Under this category the filter rules Modified Time and Created Time will not be applied to define the scope for Real Time Classification Scanner Item Based on the SharePoint Item property value you specified here to define the scope in which the items that are not compliant will be affected by the specified actions Note Under the Document category and the Item category the filter rules Modified Time and Created Time will not be applied to define the scope for Real Time Classification Scanner Classification Result Based on the tag value you specified here to define the scope in which the files that are not compliant will be moved Redaction Result Based on the result of whether the files have been redacted to define the scope where non compliant files are affected by the specified actions 184 Compliance Guardian Installation and Administration User Guide To add more filters repeat the previous step Note Depending on the filters you enter you can change the order of the rules by selecting the down arrow before the Rule value and then select the order of the rule from the appeared drop down list to determine the priority of the rule You can also
552. umber if the specified one is being used If select this option Compliance Guardian will use a random port number if the port you specified has already been used This option is selected by default 9 Set up the Agent configuration e Manager Passphrase Enter the Manager Passphrase specified when configuring the Compliance Guardian Manager installation answer file e Compliance Guardian Agent Account Specify the username and password of the Agent account under which the Agent activities are performed 10 Once all the required information has been configured all of the information configured in the previous steps is listed in the Installation Summary page Select Save and specify the path you want to save the Answer file to You can also modify the Answer file s name in the pop up window Import the Unattendedinstallation dll File Before performing the Compliance Guardian Agent unattended installation the Unattendedinstallation dll file must be imported into Windows PowerShell using either of the two methods below Note If the Unattendedinstallation dill file is not imported successfully use the Set ExecutionPolicy command to set the execution policy to Unrestricted RemoteSigned or AllSigned in Windows PowerShell and perform the import again using either of the two methods below To manually import the UnattendedInstallation dll file complete the following steps 1 Select Start and find Windows PowerShell 2
553. un the job Performing a Scheduled Classification Scanner Plan in Form Mode Form Mode offers the ability to run a quick scan job by providing a truncated version of all of the Scheduled Classification Scan Plan Wizard screens on one page Select the scope of the content you want to scan select Plan Builder from the Plan Management group on the ribbon and then select Form Mode from the drop down menu or you can directly select Start with Form Mode on the landing page For detailed information about how to configure the Scheduled Classification Scan Plan settings refer to Performing a Scheduled Classification Scanner Plan in Wizard Mode Note If you are unfamiliar with this plan creation process it is not recommended that you use this mode to configure settings Scheduled Classification Scanner for File System The File System Mode allows you to configure connection with a location and then perform a scheduled or immediate job to scan out the related content according to the scan policy at last take the specified actions to the scanned content in the location 228 S F ae e Compliance Guardian Installation and Administration User Guide Launching Compliance Guardian Scanner File System Mode On the Scheduled Classification Scanner Home interface select Create on the ribbon a drop down list appears Select File System from the drop down list then you will be brought to the Scheduled Classification File System Mode Perfo
554. ure the certificates used in the ADFS integration e Token signing Choose Select A new Select Certificate pop up window will appear for you to specify a token signing certificate to communicate with ADFS This certificate must be the same as the one configured in ADFS Alternatively you may also select Find Certificate to search for the desired certificate Select a Find in parameter from the drop down menu enter the keywords in the Contains text box select a Look in field 76 ad e C Compliance Guardian Installation and Administration User Guide parameter from the drop down menu then select Find Now to start the search Select Stop to stop the search Once you have selected your desired certificate select OK to save and exit the Select Certificate interface or select Cancel to exit the Select Certificate interface without saving specifying a certificate Note The certificate specified here must be the same as the one configured in ADFS e Token decrypting optional Choose Select A new Select Certificate pop up window will appear for you to specify a token decrypting certificate to protect the communication between Compliance Guardian and ADFS This certificate must be the same as the one configured in ADFS Alternatively you may also select Find Certificate to search for the desired certificate Select a Find in parameter from the drop down menu enter the keywords in the Contains text box select a Look in field
555. urity profile you want to delete is already in use it is not allowed to be deleted Importing and Exporting Security Profiles You can create Security Profiles and export them to be used later To export the Security Profile select the profiles you want to export and select Export on the ribbon You will be asked to create a password for this security profile Select OK after entering the desired password in both the Password and the Confirm password text boxes Then select OK on the ribbon to save the password and export the profiles to the desired location To import the security profile select Import on the ribbon Enter the password that was created when the profile was exported then select OK on the ribbon The security profile will appear in the list of Security Profiles in the Security Profile interface once it has been imported To exit the Profile Manager interface select Close on the ribbon and return to Control Panel interface Auditor Compliance Guardian Auditor monitors the activities in Compliance Guardian such as creating modifying or deleting a plan exporting a report or making changes on test suite etc It also allows you to view and export the desired auditor data report by configuring the pruning settings To access Compliance Guardian Auditor for Compliance Guardian in the Control Panel interface select Compliance Guardian Auditor under the Auditor heading Select Close on the ribbon to close the Compliance Guardia
556. use the separator specified before to separate the values Select the delete button 4 to delete this check rule Select Add Another TextCompare to add another check rule Filter The content that meets the condition configured in this element field can be tested The following elements with specific attributes are available in the optional Filter section e Attributes For the details about the attributes refer to Attributes e ElementContent For the details about the attributes refer to ElementContent Element Check Test Logic Example Refer to the following example to better understand the test logic of the Element type check The selected file A will be tested It contains two nodes lt img src attribute png url another png gt lt img src msstonojsmsdn 112 207 net b ss msstonojsmsdn 1 H 20 2 NS O height 1 width 1 border 0 alt gt ME 297 Compliance Guardian Installation and Administration User Guide Create and configure the Element Type check test logic 1 Create an Element type check In the Report Text step in the False Result and Message field select User Review Required in the False Result drop down list 2 Configure the Element section e Specify the element name IMG for the Name attribute e Select No in the drop down list under the CaseSensitive attribute e Select ResultNA in the drop down list under the ResultNA attribute e Select One in the drop down list under the Tru
557. ust match the case exactly Separator Specify a separator if multiple values are specified Value Define a regular expression If the scanned result that matches the specified regular expression also matches the regular expression specified here this result will be filtered out Select Add Another Regex to add another Text check rule Select the delete button 4 to delete this Regex filter check rule Compliance Guardian Installation and Administration User Guide Dictionary Check Test Logic Example Refer to the following example for better understanding the test logic of the Dictionary type check The file A that will be tested contains a word Server and contains the Canadian Social Insurance Number 046 454 286 Create and configure the Dictionary check test logic 1 Create a Dictionary Type check In the Report Text step in the True Result and Message field select Passed in the True Result drop down list Configure the elements in the check e Select Yes in the drop down list under the BreaklfFound attribute e Inthe FindText section o Select Found in the drop down list under the Truelf attribute o Select Yes in the drop down list under the SearchAll attribute o Select No in the drop down list under the ListLocation attribute o Select MustContain in the drop down list under the CompareType attribute o Select No in the drop down list under the CaseSensitive attribute o Enter server in the Value field
558. ustom XML AIO zip Compliance Guardian s built in checks and the checks in this ZIP file will be loaded in Test Suite Manager of Compliance Guardian TargetName Required The name or IP address of the destination machine where you want to install the Compliance Guardian Manager Optional Note If the hostname is used ensure that the specified computer name can be resolved through the local Hosts file by using Domain Name System DNS queries or through NetBIOS name resolution techniques Username Required The username of the user used to access the destination machine where you want to install the Compliance Guardian Manager The format of the username is domain username The permissions of the user specified here are as follows e If the specified user is the local administrator of the destination machine it can be used directly Enter administrator for the Username parameter e Ifthe specified user is from the domain which the destination machine belongs to the domain user must be added to the Administrators group on the destination machine The user specified here must have the Full Control permission to the path specified in RemoteTempPath parameter Password Required The password of the user specified above Quote the password if it contains any special character or space PackageFilesFolder Required The local path on the machine where you run the command The specified path stores the unzipped
559. uture use To utilize this capability check the Use the Net Share path as the update storage location checkbox and then enter the UNC path Username and Password into the corresponding text boxes Note The UNC path should be entered in the following format admin PC c data or admin PC c shared folder Select Validation Test to verify the access to the specified path If you are changing the download location to a new one you can perform the following two actions on the previously downloaded updates in the old path o Move the uninstalled update s to the new location All of the uninstalled updates whose versions are higher than the current Compliance Guardian version will be moved to the new location The original update files in the old location will be deleted o Delete the installed update s All of the downloaded files of the installed updates will be deleted from the old path e Automatic Update Configuring Automatic Update can save time and effort for Compliance Guardian administrators Choose from the following options Note Automatic Update settings can only be configured if you have purchased maintenance for Compliance Guardian o Download the update for me but let me choose when to install it Compliance Guardian will download the available updates for you and save them to the default installation path or the customized net share path All of the updates will be ready for installation at your own di
560. values If the scanned result that matches the specified regular expression exactly matches the value specified here this result will be filtered out Select Add Another Text to add another Text filter check rule Select the delete button 4 to delete a Text filter check rule Select the checkbox before Regex if you want to configure the Regex section CaseSensitive Specify if the element being tested must match the case exactly 317 Compliance Guardian Installation and Administration User Guide e Value Define a regular expression If the scanned result that matches the specified regular expression also matches the regular expression specified here this result will be filtered out Select Add Another Regex to add another Regex filter check rule Select the delete button LZ to delete a Regex filter check rule Value Field Specify a regular expression The value that matches the regular expression will be scanned RegularExpression Check Test Logic Example Refer to the following example to better understand the test logic of the RegularExpression type check The file A that will be tested contains two words Server Side and front end Create and configure the RegularExpression type check 1 Create a RegularExpression Type check In the Report Text step in the True Result and Message field select Passed in the False Result drop down list 2 Configure the elements in the RegularExpression section e Select Yes
561. vides a general introduction about configuring attributes for this type of check as well as a test example for you to understand the test logic Configuring Attributes for SSL Type Check Configure the attributes for the SSL type check according to the instructions in the following sections SSL Configure the following attributes under this element e ElementName This is the element that will be tested e CaseSensitive Instruct the testing core if the element name being tested for must match the case exactly e ResultNA Specify a result when the specified element is not found If TrueResult is selected then if the specified element is not found the True result will be returned If FalseResult is selected then if the specified element is not found the False result will be returned if NAResult is selected then if the specified element is not found the status of the tested file will be Not Applicable which will be displayed in the Compliance Guardian report In other words you have the option to set the result to Not Applicable if none of the elements are found e AttrName This is the attribute that will be tested e AttrCaseSensitive Instruct the testing core if the attribute name being tested for must match the case exactly e MinLevel Represent the minimum HTTPS protocol encryption level required by the check TextCompare This section is optional Select the checkbox before this element and the follow
562. vious step Note Depending on the filters you enter you can change the order of the rules by selecting the down arrow before the Rule value and then select the order of the rule from the drop down list to determine the priority of the rule You can also change the logical relationships between the rules There are currently two logical relationships And and Or The logic is set to And To change the logical relationship select the logical relationship link The And logical relationship means that the content which meets all of the rules will be filtered and included in the result The Or logic means that the content which meets any one of the rules will be filtered and included in the result Select OK to save the changes or select Cancel to return to the Create Action Policy interface or Edit Action Policy interface without saving any changes After you have finished configuring the Conditions settings select the right arrow P after Conditions in the Create or Edit Action Policy interface to review the configured settings e Actions Select an action to take on the posts in the classification jobs Then select Add an Action Repeat the above step to add multiple actions In some cases the Configure button will appear after the added action you must select it and configure the settings for the action Click the delete 7 button after an action to deselect to add this action You can change the order of the action configurat
563. w the job in a calendar view 9 Select Next on the ribbon or on the lower right section of the screen The Advanced screen appears 230 S e ae e Compliance Guardian Installation and Administration User Guide 10 Configure the following advanced settings e Notification Allow you to choose the type of notification report and designate which user will receive an e mail notification report Select a Notification Profile you previously created from the drop down menu Select View beside the drop down menu to view details of the Notification Profile or select New Notification Profile from the drop down menu For information on creating a notification profile refer to User Notification Settings 11 Select Next on the ribbon or on the lower right section of the screen The Overview screen appears 12 Review and edit the plan selections on the Overview screen To make changes select Edit This link takes you to the corresponding setting page and allows you to edit the configuration 13 Select Finish or Finish and Run Now on ribbon or on the lower right section of the screen The plan is now listed in Plan Manager If you select Finish and Run Now the Run Now interface pops up to allow you to choose Options e Full Scan Scans all of the content in the scope defined in the plan e Incremental Scan Scans the content that has been modified Add Delete and Modify since the last incremental or full scan job If sele
564. will be tested e CaseSensitive Specify if the element name being tested for must match the case exactly e ResultNA Specify a result when the specified element is not found If TrueResult is selected then if the specified element is not found the True result will be returned if FalseResult is selected then if the specified element is not found the False result will be returned if NAResult is selected then if the specified element is not found the status of the tested file will be Not Applicable which will be displayed in the Compliance Guardian report This is basically stating that you have the option to set the result to Not Applicable if none of the elements are found e AttrName Specify the attribute name that will be tested e AttrCaseSensitive Specify if the attribute name being tested for must match the case exactly e ValidWhen This is used to indicate if the result is valid when the condition is one of two values True or False Elements Configure the following attribute under this element e Scope There are two values for this attribute All and One If One is selected the scan will stop when one instance is found to save scan time If All is selected the scan will only stop when all instances are found ListLoc Configure the following attributes under this element e Type There are two values for this attribute Valid and Invalid All elements that are considered valid or invalid ar
565. word to access the proxy server o SOCKSS Proxy Select this to use the SOCKS5 proxy then configure the following settings Proxy host Host name or IP address of the proxy server Proxy port Port used to access the proxy server Username Username to log on the proxy server Password Password to access the proxy server Checking for Updates To check for the latest updates select Check for Updates You can only check for updates after having purchased maintenance for Compliance Guardian If there are any new updates available the following information will be displayed in the area to the right e Update Name Name of the update e Product Name Compliance Guardian e Type Type of the update 94 d F e D e e KE Compliance Guardian Installation and Administration User Guide e Size Size of the update The unit of the size is megabyte e Status Installation status of the update e Version Version of the update Managing Updates To manage available updates select Manage Updates on the ribbon All available updates found by using the Check for Updates function will be listed in this page You can perform the following actions on these updates e View History Select View History on the ribbon to view a list of previously installed Compliance Guardian updates You can customize how the list is displayed in the following ways o Search Filter the updates displayed by the keywo
566. xe encrypt Microsoft Wi ws Version 6 1 76611 Copyright Ceci 208089 Microsoft Corporation All rights reserved C Users Administrator gt cd C Program Files AvePoint Compliance Guardian fAgent bi n C Progran Files AvePoint Compliance Guardian Agent bin gt CCE EngineVorker exe en crypt Please select the operation CA Add M Modify D Delete L List E Exit H Help gt Operation gt Figure 84 Using CCE EngineWorker exe and the command encrypt to encrypt the password Compliance Guardian Installation and Administration User Guide Note You must use CCE EngineWorker exe and the command encrypt to encrypt the password in all of the servers where Compliance Guardian Agents added in the agent group install Doing Operations on the lt FS gt Node You can use the CCE EngineWorker exe file to add edit and delete the lt FS gt node After you encrypt the password refer to Encrypting Passwords for Accessing File Share Locations the message Please select the operation lt A Add M Modified D Delete L List E Exit H Help gt appears in the command line e A Add Enter A to add another lt FS gt node M Modified Enter M to modify the lt FS gt node D Delete Enter D to delete a lt FS gt node L List Enter L to list all of the lt FS gt nodes E Exit Enter E to exit the command line interface e Help Enter H to get the help information Please select the operation CArfdd MeMod
567. xit Figure 9 The CCS Toolkit v2 exe file interface Note You are only required to run CCS Toolkit v2 exe or CCS Toolkit v4 exe and perform the action in step 11 on one agent service per SharePoint farm oe 43 Compliance Guardian Installation and Administration User Guide SSS Uninstalling Compliance Guardian The Compliance Guardian Uninstallation Wizard is there to guide you through this uninstallation process By following the steps below you will have Compliance Guardian removed from your environment very quickly In order to complete the uninstallation successfully the Uninstallation Wizard must be run by a local administrator Uninstalling Compliance Guardian Manager In order to uninstall Compliance Guardian Manager please ensure the Manager Service being removed is not in use by another process To uninstall Compliance Guardian Manager complete the following steps Note Once the uninstallation is in progress it cannot be cancelled and the uninstallation interface cannot be closed 1 Open the Start Menu in Windows on the Compliance Guardian Manager Server and navigate to All Programs gt AvePoint Compliance Guardian 2 Open the Compliance Guardian Manager Tools folder and then select Manager Uninstall 3 Select the Remove option and then select Next 4 Inthe Ready to Remove Compliance Guardian Manager page configure the Remove configuration file option Select this option if you want to remove
568. xport Requests Select Export Requests on the ribbon All of the export requests are displayed in the Export Requests window The following information is displayed Request ID The ID of the request Request Name The name of your report downloading request Category The type of exported file Progress The progress of the exporting process Status The status of your export request Start Time The start time of the report exporting process Finish Time The finish time of the report exporting process The following actions can be performed in the Export Requests page Download Select one request and then select Download to download the file Delete Select one or several requests and then select Delete to delete the requests from the requests list Stop Select one request and then select Stop to stop the report generating process Restart Select one request and then select Restart to restart the report generating process Selecting the Scan Scope After launching the Compliance Scanner Lync mode the Scope panel on the left of the screen displays all of the archiving plans Select one or more plans The data archived in the archiving plan will be scanned 171 Compliance Guardian Installation and Administration User Guide Using Plan Builder to Perform a Compliance Guardian Scanner Plan for Lync Use the Plan Builder to set up a Compliance Scanner plan To use Plan Bu
569. yMatch e Configure the following attributes o Specify the element name Label for the Name attribute o Select No in the drop down list under the CaseSensitive attribute o Select ResultNA in the drop down list under the ResultNA attribute o Select One in the drop down list under the Truelf attribute o Select False in the drop down list under the ValidWhen attribute e Inthe Attributes section o Specify the attribute name FOR for the Name attribute o Select No in the drop down list under the CaseSensitive attribute o Select Yes in the drop down list under the AllowNull attribute o Select True in the drop down list under the MustExist attribute e Inthe TextCompare section select the MatchElementValue radio button o Select the attribute name ID for the Name attribute o Select No in the drop down list under the CaseSensitive attribute o Select MustContain in the drop down list under the CompareType attribute 6 Save the check 7 Run a Compliance Scanner job the test suite used in this job contains the check configured above Review the check test logic e See the Attributes section under MatchElement under the Length element we have set GreaterThan for the CompareType attribute and set 5 for the Characters attribute that means the check for the node lt Input id keyword gt in file A is True while the check for the node lt Input id docx gt is False and according to the value set for ValidWhen the node lt Input id keyw
570. yed by the keyword you designate the keyword must be contained in a column value At the top of the viewing pane enter the eeh 81 Compliance Guardian Installation and Administration User Guide e O keyword for the user you want to display You can select to Search all pages or Search current page o Manage columns Manage which columns are displayed in the list so that only the information you want to see is shown Select the manage columns button then check the checkbox next to the column name to have that column shown in the list o Hide the column Hover over a column name and then select the hide the column button in the column name to hide the column o Filter the column 1 Filter which item in the list is displayed Unlike Search you can filter whichever item you want rather than search based on a keyword Hover over a column name and then select the filter the column button V of the column you want to filter and then check the checkbox next to the item name to have that item shown in the list To remove all of the filters select Clear Filter You can perform the following actions on the users of this group o Add User to Group To add users to this group select Add User to Group on the ribbon You will be brought to the Add User to Group interface Enter the username of the user you want to add and then select the check names button to verify that the username you ente
571. you configure an allowed location in the lists that are under this site these lists are regarded as stopping inheriting from the site If files are moved after scanning according to the action policy the files in these lists will be moved to the list destination folders the files in this site except this list will be moved to the site destination folder If some lists have configured allowed locations and the site does not configure one The files in these lists that are moved according to the action policy will be moved to the list destination folders the files in the site but not in these lists will not be moved even if they should be The files in sites or lists that do not configure allowed locations will not be moved Helpful Notes Review the following helpful notes on configuring the Allowed location e By default the Allowed Location configured for the site level is inherited by the list levels e You can configure a new destination folder in list level to break the inheritance from the site level e Not Inherit logically separates the destination folder in list level from the site level e When configuring destination folders for the first time you can configure destination folders directly at either the site level or the list level After one destination folder has been configured for a list level you can still configure destination folders directly to the site levels e The inherited destination folder cannot be removed
Download Pdf Manuals
Related Search