部署自動檔案分類(示範步驟)Deploy Automatic File Classification (Demonstration Steps)

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

本主題如何讓資源屬性 Active Directory 中的,分類規則的伺服器上建立的檔案,然後指定至該檔案伺服器上的檔案的資源屬性的值。This topic explains how to enable resource properties in Active Directory, create classification rules on the file server, and then assign values to the resource properties for files on the file server. 針對此範例中,會建立下列分類規則:For this example, the following classification rules are created:

  • 搜尋檔案 'Contoso 機密。' 字串一組內容分類規則A content classification rule that searches a set of files for the string 'Contoso Confidential.' 如果檔案中找到字串,影響資源屬性設定為 [高檔案。If the string is found in a file, the Impact resource property is set to High on the file.

  • 搜尋檔案運算式符合社會安全至少 10 倍一個檔案中的一組內容分類規則。A content classification rule that searches a set of files for a regular expression that matches a social security number at least 10 times in one file. 如果找到模式時,檔案被歸類為個人資訊,以及個人辨識資訊資源屬性設為 [高。If the pattern is found, the file is classified as having personally identifiable information and the Personally Identifiable Information resource property is set to High.

本文件In this document

注意

本主題包含範例 Windows PowerShell cmdlet 可供您將部分所述的程序。This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. 如需詳細資訊,請查看使用 CmdletFor more information, see Using Cmdlets.

步驟 1:建立的資源屬性定義Step 1: Create resource property definitions

影響和個人辨識資訊的資源屬性的功能,讓該檔案分類基礎結構可以使用這些的資源屬性標記網路共用資料夾中的掃描的檔案。The Impact and Personally Identifiable Information resource properties are enabled so that File Classification Infrastructure can use these resource properties to tag the files that are scanned on a network shared folder.

執行此步驟,使用 Windows PowerShellDo this step using Windows PowerShell

若要建立的資源屬性定義To create resource property definitions

  1. 網域控制站在登入伺服器網域管理安全性群組成員。On the domain controller, sign in to the server as a member of the Domain Admins security group.

  2. 打開 Active Directory 系統管理員中心。Open Active Directory Administrative Center. 在伺服器管理員中,按一下工具,然後按Active Directory 管理中心In Server Manager, click Tools, and then click Active Directory Administrative Center.

  3. 展開動態存取控制,然後按資源屬性Expand Dynamic Access Control, and then click Resource Properties.

  4. 以滑鼠右鍵按一下影響,然後按可讓Right-click Impact, and then click Enable.

  5. 以滑鼠右鍵按一下個人辨識資訊,然後按一下 [可讓Right-click Personally Identifiable Information, and then click Enable.

方案指南Windows PowerShell 相當於命令 * * Windows PowerShell equivalent commands*

下列 Windows PowerShell cmdlet 執行上述程序相同的功能。The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. 輸入每個 cmdlet 上一行,,即使它們可能會出現換透過以下幾個行因為格式設定的限制。Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

Set-ADResourceProperty '"Enabled:$true '"Identity:'CN=Impact_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,DC=contoso,DC=com'   
Set-ADResourceProperty '"Enabled:$true '"Identity:'CN=PII_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,DC=contoso,DC=com'  

步驟 2:建立字串內容分類規則Step 2: Create a string content classification rule

字串內容分類規則掃描字串特定的檔案。A string content classification rule scans a file for a specific string. 如果找到字串,您可以設定的資源屬性的值。If the string is found, the value of a resource property can be configured. 在此範例中,我們將會每個檔案,在網路共用資料夾,並尋找 'Contoso 機密。' 字串In this example, we will scan each file on a network shared folder and look for the string 'Contoso Confidential.' 如果找到字串,相關聯的檔案歸類為有高企業的影響。If the string is found, the associated file is classified as having high business impact.

執行此步驟,使用 Windows PowerShellDo this step using Windows PowerShell

若要建立字串內容分類規則To create a string content classification rule

  1. 以系統管理員安全性群組成員登入該檔案伺服器。Log on to the file server as a member of the Administrators security group.

  2. Windows PowerShell 命令提示字元中,輸入更新-FsrmClassificationPropertyDefinition,然後按 ENTER 鍵。From the Windows PowerShell command prompt, type Update-FsrmClassificationPropertyDefinition and then press ENTER. 這將會同步處理檔案伺服器的網域控制站上建立的屬性定義。This will synchronize the property definitions created on the domain controller to the file server.

  3. 打開檔案伺服器資源管理員。Open File Server Resource Manager. 在伺服器管理員中,按一下工具,然後按檔案伺服器資源管理員In Server Manager, click Tools, and then click File Server Resource Manager.

  4. 展開分類管理,以滑鼠右鍵按一下分類規則,然後按一下 [設定分類排程Expand Classification Management, right-click Classification Rules, and then click Configure Classification Schedule.

  5. 選取 [讓修正的排程核取方塊中,選取允許連續分類的新檔案核取方塊中,選擇星期幾以執行分類,然後按[確定]Select the Enable fixed schedule check box, select the Allow continuous classification for new files check box, choose a day of the week to run the classification, and then click OK.

  6. 以滑鼠右鍵按一下分類規則,然後按建立分類規則Right-click Classification Rules, and then click Create Classification Rule.

  7. 一般索引標籤的規則名稱方塊中,輸入規則的名稱,例如以 Contoso 機密On the General tab, in the Rule name box, type a rule name such as Contoso Confidential.

  8. 範圍索引標籤上,按一下 [新增,並選擇應包含在此規則,例如 D:\Finance 文件中的資料夾。On the Scope tab, click Add, and choose the folders that should be included in this rule, such as D:\Finance Documents.

    注意

    您也可以選擇領域動態命名空間。You can also choose a dynamic name space for the scope. 如需有關分類規則的動態命名空間,請查看新檔案伺服器資源管理員」中是在 Windows Server 2012 [redirected]For more information about dynamic name spaces for classification rules, see What's New in File Server Resource Manager in Windows Server 2012 [redirected].

  9. 分類索引標籤上,進行下列設定:On the Classification tab, configure the following:

    • 選擇指派屬性檔案的方法方塊中,請確定內容器選取。In the Choose a method to assign a property to files box, ensure that Content Classifier is selected.

    • 選擇屬性指定的檔案以方塊中,按一下 [影響In the Choose a property to assign to files box, click Impact.

    • 指定值方塊中,按In the Specify a value box, click High.

  10. 參數標頭下,按一下 [設定Under the Parameters heading, click Configure.

  11. 輸入運算式欄中,選取字串In the Expression Type column, select String.

  12. 運算式欄中,輸入Contoso 機密,然後按一下 [ [確定]In the Expression column, type Contoso Confidential, and then click OK.

  13. 評估類型索引標籤,選取重新評估現有屬性的值核取方塊、按一下 [覆寫現有的值,然後按一下 [ [確定]On the Evaluation Type tab, select the Re-evaluate existing property values check box, click Overwrite the existing value, and then click OK.

方案指南Windows PowerShell 相當於命令 * * Windows PowerShell equivalent commands*

下列 Windows PowerShell cmdlet 執行上述程序相同的功能。The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. 輸入每個 cmdlet 上一行,,即使它們可能會出現換透過以下幾個行因為格式設定的限制。Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

$date = Get-Date  
$AutomaticClassificationScheduledTask = New-FsrmScheduledTask -Time $date -Weekly @(3, 2, 4, 5,1,6,0) -RunDuration 0;$AutomaticClassificationScheduledTask  
Set-FsrmClassification -Continuous -schedule $AutomaticClassificationScheduledTask  
New-FSRMClassificationRule -Name 'Contoso Confidential' -Property "Impact_MS" -PropertyValue "3000" -Namespace @('D:\Finance Documents') -ClassificationMechanism "Content Classifier" -Parameters @("StringEx=Min=1;Expr=Contoso Confidential") -ReevaluateProperty Overwrite  

步驟 3:建立運算式內容分類規則Step 3: Create a regular expression content classification rule

運算式分類規則掃描模式符合運算式檔案。A regular expression classification rule scans a file for a pattern that matches the regular expression. 如果找到符合運算式字串,您可以設定的資源屬性的值。If a string that matches the regular expression is found, the value of a resource property can be configured. 在此範例中,我們將會每個檔案,在網路共用資料夾,並尋找字串符合社交安全性數字 (XXX-XX-XXXX) 的模式。In this example, we will scan each file on a network shared folder and look for a string that matches the pattern of a social security number (XXX-XX-XXXX). 如果找不到此模式,相關聯的檔案會被歸類為個人資訊。If the pattern is found, the associated file is classified as having personally identifiable information.

執行此步驟,使用 Windows PowerShellDo this step using Windows PowerShell

若要建立運算式內容分類規則To create a regular expression content classification rule

  1. 以系統管理員安全性群組成員登入該檔案伺服器。Sign in to the file server as a member of the Administrators security group.

  2. Windows PowerShell 命令提示字元中,輸入更新-FsrmClassificationPropertyDefinition,然後按 ENTER 鍵。From the Windows PowerShell command prompt, type Update-FsrmClassificationPropertyDefinition, and then press ENTER. 這將會同步處理檔案伺服器的網域控制站的屬性定義。This will synchronize the property definitions that are created on the domain controller to the file server.

  3. 打開檔案伺服器資源管理員。Open File Server Resource Manager. 在伺服器管理員中,按一下工具,然後按檔案伺服器資源管理員In Server Manager, click Tools, and then click File Server Resource Manager.

  4. 以滑鼠右鍵按一下分類規則,然後按建立分類規則Right-click Classification Rules, and then click Create Classification Rule.

  5. 一般索引標籤的規則名稱方塊中,輸入名稱分類規則,例如 PII 規則。On the General tab, in the Rule name box, type a name for the classification rule, such as PII Rule.

  6. 範圍索引標籤上,按一下 [新增,然後選擇 [的資料夾,應該會包含在此規則,例如 D:\Finance 文件。On the Scope tab, click Add, and then choose the folders that should be included in this rule, such as D:\Finance Documents.

  7. 分類索引標籤上,進行下列設定:On the Classification tab, configure the following:

    • 選擇指派屬性檔案的方法方塊中,請確定內容器選取。In the Choose a method to assign a property to files box, ensure that Content Classifier is selected.

    • 選擇屬性指定的檔案以方塊中,按一下 [個人辨識資訊In the Choose a property to assign to files box, click Personally Identifiable Information.

    • 指定值方塊中,按In the Specify a value box, click High.

  8. 參數標頭下,按一下 [設定Under the Parameters heading, click Configure.

  9. 輸入運算式欄中,選取運算式In the Expression Type column, select Regular expression.

  10. 運算式欄中,輸入^(!000)([0-7]\d{2}|7([0-7]\d|7[012])) ([-] 嗎?)(?!00) \d\d\3(?!\d {4} $ 0000)In the Expression column, type ^(?!000)([0-7]\d{2}|7([0-7]\d|7[012]))([ -]?)(?!00)\d\d\3(?!0000)\d{4}$

  11. 最小的項目欄中,輸入10,然後按一下 [ [確定]In the Minimum Occurrences column, type 10, and then click OK.

  12. 評估類型索引標籤,選取重新評估現有屬性的值核取方塊、按一下 [覆寫現有的值,然後按一下 [ [確定]On the Evaluation Type tab, select the Re-evaluate existing property values check box, click Overwrite the existing value, and then click OK.

方案指南Windows PowerShell 相當於命令 * * Windows PowerShell equivalent commands*

下列 Windows PowerShell cmdlet 執行上述程序相同的功能。The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. 輸入每個 cmdlet 上一行,,即使它們可能會出現換透過以下幾個行因為格式設定的限制。Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

New-FSRMClassificationRule -Name "PII Rule" -Property "PII_MS" -PropertyValue "5000" -Namespace @('D:\Finance Documents') -ClassificationMechanism "Content Classifier" -Parameters @("RegularExpressionEx=Min=10;Expr=^(?!000)([0-7]\d{2}|7([0-7]\d|7[012]))([ -]?)(?!00)\d\d\3(?!0000)\d{4}$") -ReevaluateProperty Overwrite  

步驟 4:驗證,正確地歸類檔案Step 4: Verify that the files are classified correctly

您可以檢查檔案,正確歸類檢視檔案建立資料夾分類規則中所指定的屬性。You can verify that the files are properly classified by viewing the properties of a file that was created in the folder specified in the classification rules.

若要確認檔案都正確分類To verify that the files are classified correctly

  1. 使用檔案伺服器資源管理員執行分類規則的檔案伺服器。On the file server, run the classification rules by using File Server Resource Manager.

    1. 按一下分類管理,以滑鼠右鍵按一下分類規則,然後按一下 [分類的所有規則立即執行Click Classification Management, right-click Classification Rules, and then click Run Classification With All Rules Now.

    2. 按一下等待完成分類選項,然後按一下 [ [確定]Click the Wait for classification to complete option, and then click OK.

    3. 關閉自動分類報告。Close the Automatic Classification Report.

    4. 您可以使用 Windows PowerShell 使用下列命令:開始-FSRMClassification '」RunDuration 0-確認:$falseYou can do this by using Windows PowerShell with the following command: Start-FSRMClassification '"RunDuration 0 -Confirm:$false

  2. 瀏覽至分類規則,例如 D:\Finance 文件中所指定的資料夾。Navigate to the folder that was specified in the classification rules, such as D:\Finance Documents.

  3. 以滑鼠右鍵按一下該資料夾的檔案,然後按一下屬性Right-click a file in that folder, and then click Properties.

  4. 按一下分類索引標籤,然後確認檔案已正確歸類。Click the Classification tab, and verify that the file is classified correctly.

也了See also