Notes on securing data with Sharepoint 2013 Search
A few days ago a question came up regarding looking at Sharepoint 2013 Search from a security perspective, specifically looking at any file-storage paths where ingested content may be stored, temporarily or permanently. An example is a document that contains Personal Information (PII info) and it’s important to know where this document may be stored on disk for auditing purposes. We are leaving Sharepoint databases out of this example.
Before talking about specific file paths, here are some general tidbits on this topic I’ve been able to gather.
- The SharePoint 2013 Search Service does not encrypt any data.
- All temporary files are secured by ACLs so that sensitive information on disk is only accessible to the relevant users and Windows services.
- If the disk is encrypted at OS-level, this is transparent to SharePoint search. It’s important to carefully benchmark indexing and search performance when using OS-level encryption due to performance impact.
- If you do need to use OS-level disk encryption, please first contact Microsoft support to get the official guidance from the Product Group (if official documentation is not yet available on TechNet). My understanding is that currently only Bitlocker drive encryption will work with Sharepoint 2013 Search.
- Although both the Journal and index files are compressed, they should be considered readable.
Specific paths to where data is stored on disk at some point in time:
Index and Journal files:
C:\Program Files\Microsoft Office Servers\15.0\Data\Office Server\Applications\Search\Nodes\SomeNumber\IndexComponent_SomeNumber\storage\data
1. The temp path, which is where the mssdmn.exe process initially writes the files it has gathered:
?[RegKey on the particular Crawl Component] HKLM\SOFTWARE\Microsoft\Office Server\15.0
2. The Gatherer Data Path (shared with Content Processing Component), which is where the MSSearch.exe writes the files that were gathered by the MSSdmn.exe process:
?[RegKey on the particular Crawl Component] HKLM\SOFTWARE\Microsoft\Office Server\15.0\Search\Components\CrawlComponent_Number>\GathererDataPath
Content Processing Component:
This needs to be tested a bit further and the actual path may need to be updated
(will update later). Temporary storage for input/output data during parsing and
document conversion in Content Processing Component under
C:\Program Files\Microsoft Office Servers\15.0\Data\Office