Prior to creating the user policy, you must determine if the policy should pertain to the members of the domain, organizational unit, or a group.
Launch the Admin Client.
Click the Identity Driven tab.
Click Policies.
In the Manage menu, select New > User Home Folder.
The following dialog box appears:
Specify a descriptive name in the Name field and click OK.
The Policy Options page appears.
Continue with Section 6.5.1, Setting Policy Options.
Settings within Policy Options let you indicate how to apply the policy, set policy inheritance and policy weight, and write an expanded policy description.
In the Policy Options region, fill in the following fields:
Process Events for Associated Managed Storage: Select this check box to apply the settings in this policy to all users within the domain or organizational unit where this policy is assigned. Deselect this check box to create a Blocking policy that can be applied to a specific user, group, or container. For more information on blocking policies, see Section 5.4, Creating a Blocking Policy.
In the Policy Inheritance region, fill in the following fields:
Policy applies to subcontainers: Select this check box to have this policy inherited for all organizational units that reside within the domain or organizational unit where this policy is assigned.
Policy applies to nested group members: When the policy applies to or is effective for groups, this option determines if nested group members will also be affected.
Policy Weight: When a user is a member of multiple groups and each group has a separate effective policy, File Dynamics uses this setting to determine which policy to apply. File Dynamics applies the policy with the largest numerical weight.
In the case where multiple policies have the same weight, the event will go into a pending state indicating that multiple polices have the same weight and one must be changed in order for the event to process.
In the text field in the Description region, specify a description of the policy you are creating.
Click Apply to save your settings.
Proceed with Section 6.5.2, Setting Associations.
Associations is where you assign the policy you are creating to a domain, organizational unit, group, or user object.
In the left pane, click Associations.
Click Add to bring up the Directory Services Browser.
If you plan to assign the policy to a User object, select the Users check box as a Filter option in the Directory Services Browser.
Browse through the directory structure and select the domain, organizational unit, Group object, or User object you want to associate the policy to.
Drag the object to the Selected Object pane, then click OK.
The Directory Services Browser is closed and the object is displayed in fully qualified name format in the right pane of the window. For example, CN=Tellers,OU=HR Department,OU=Henderson,DC=chronicle,DC=local.
Click OK to close the Directory Services Browser.
Click Apply to save your settings.
Proceed with Section 6.5.3, Setting Provisioning Options.
The Provisioning Options page is where you indicate home folder permissions, the network drive letter for the home folder, the location of a template for provisioning folder structure and content in a home folder when it is created, and more.
In the left pane, click Provisioning Options.
The following page appears:
In the Folder Properties region, specify the following settings:
Default Permissions: By default, File Dynamics grants the user all file permissions to the home folder except for Full Control. Granting Full Control is not recommended because it provides administrator rights to the home folder and enables the user to rename and delete the folder.
Set Attributes on Target Folder: Select this check box to enable the Archive, System, and Hidden check boxes. If you wanted home folders to be hidden from view, you could enable the Hidden attribute by selecting the Hidden check box.
By default, File Dynamics assigns the user for whom a home folder is created as the home folder owner. Because this essentially provides the owner administrative rights to the home folder, you might want to provide ownership to a network administrator instead. To override the ownership and indicate a new owner, click the Override Path Owner check box, then browse to and select the User object you want to establish as the owner.
The home folder user still has all permissions—with the exception of administrative permissions—to the home folder.
(Optional) To have subfolders and documents provisioned in the home folder when it is created, use an existing file path as a template.
For example, if you wanted each home folder to have an HR subfolder with some HR documents inside, click Browse to locate and select the HR folder in the file system.
Everything beneath the selected folder is copied into the user’s home folder.
In the Home Folder Options region, indicate the network drive letter that users associated with this policy will use to access their home folders.
You can select an empty drive letter. In this scenario, the user's home drive property will not be set. This results in Windows clients not mounting the network home folder when a user logs in.
In the Path Owner region, select one of the following options:
Built-in Administrator: If you want the owner of the storage to be the Built-in Administrator, select this option.
Associated User: The associated user is the user whose home folder you are creating. If you want the associated user to own their own home folder, select this option.
Selected Identity: If you want another owner to be the owner of the home folder, browse and select the user or group object.
Click Apply to save your settings.
Proceed with Section 6.5.4, Setting Target Paths.
The Target Path Options page is where you select the naming attribute for the managed path, as well as set the paths to the shares where user home folders will be hosted.
In the left pane, click Target Path Options.
In the Managed Path Naming Attribute region, do one of the following:
From the drop-down menu, select the single-value Active Directory attribute you want as the means of naming your home folders.
Click Link Action Block and select a previously saved Action Block for the naming attribute.
For some organizations, having the default sAMAccountName attribute as the means of naming home folders is not desirable. A school that generates student accounts using an account provisioning system for example, might generate a student account and sAMAccountName such as SA74556, rather than a more descriptive name such as William Sanders. To allow File Dynamics to create a home folder with a name like WSanders, rather than SA74556, you can select a different attribute from the drop-down list.
Once you have saved the policy, you can use an account provisioning system such as NetIQ Identity Manager to automatically populate the selected attribute with the desired folder name and then File Dynamics will automatically provision the home folder based on this attribute setting. Using the example above, the home folder name would be WSanders rather than SA74556.
For existing users whose home folders you would like to change to a new attribute value, you would follow the same procedures, followed by performing an Enforce Policy Path Management Action.
For specifications pertaining to Managed Path Naming Attribute, see Section F.0, Managed Path Naming Attribute Specifications.
In the Target Placement region, fill in the following fields:
Distribution: If you create more than one target path for a policy, you can indicate any of the following options:
Random: Distributes storage randomly among the number of target paths.
Actual Free Space: Distributes the creation of user home folders according to shares with the largest amount of absolute free space. For example, if you have two target paths listed, target path 1 has 15 GB of free space, and target path 2 has 10 GB, the home folders are created using target path 1.
Percentage Free Space: Distributes the creation of user home folders to shares with the largest percentage of free space. For example, if you have two target paths listed, target path 1 is to a 10 TB share that has 30 percent free space and target path 2 is to a 500 GB share with 40 percent free space, the home folders are created using target path 2, even though target path 1 has more absolute available disk space. You should be cautious when using this option with target paths to shares of different sizes.
Leveling Algorithm: Use this option to structure the home folders so that they are categorized by the first or last letter of a username through a subordinate folder. For example, if you choose First Letter, and the Leveling Length field is set to 1, a user named BSMITH has a home folder located in a path such as \\SERVER1\HOME\B\BSMITH.
If you choose Last Letter, and the Leveling Length field is set to 1, the same user has a home folder located in a path such as \\SERVER1\HOME\H\BSMITH.
The Last Letter means the last character of the attribute File Dynamics uses to create storage. Once again, File Dynamics uses the SAM, not the character of the last name.
The Leveling Length field allows you to enter up to 4 characters. This makes it so that you can organize home folders by year. For example, if your Leveling Algorithm setting is Last Letter, and the Leveling Length setting is 4, a user named BMITH2014 has a home folder located in a path such as \\SERVER\HOME\2014\BSMITH2014.
Maximum Unreachable Paths: If you have a substantial number of target paths listed on this page, this field lets you indicate the number of target paths File Dynamics accesses to attempt to create a home folder before it suspends the attempt.
For example, suppose you have 100 target paths and you're using Random Distribution and the Maximum Unreachable Paths setting is 20. File Dynamics will try 20 of those 100 paths before the event will become a pending event. A path can be unreachable for any error condition. For example, the server is down or the share is not available.
For each target path that you want to establish, click Add to access the Path Browser.
Browse to the location of the target path you want and click Add to add the target path to the Selected Paths pane.
Click Apply to save your settings.
Proceed to Section 6.5.5, Setting Quota Options.
This page lets you establish user storage quotas. Until quota management is established, users have unlimited storage disk space for their home folders.
NOTE:Quota management on NAS devices needs to be managed by the NAS vendor software.
This page is also where you establish quota management settings for quota managers. A quota manager is a specified user or group—for example, a help desk administrator or technical support representative—who is granted the ability to increase a user’s quota, without having rights to the file system. Quota management actions are performed through Quota Manager, which is a separate Web browser-based management interface. For more information on Quota Manager, see Section 9.0, Using Quota Manager.
In the left pane, click Quota Options.
The following page appears:
Select the Enabled check box to enable an initial storage quota for users to whom this policy will apply.
Leaving this check box deselected gives users unlimited user home folder storage.
In the MB field, specify the initial storage quota for the user home folders.
Set up quota managers and enable the Quota Manager Web interface for this policy by filling in the following fields:
Enable Quota Manager / Quota Preservation for this policy: Select this check box to enable the Quota Management region of the page and to allow the Quota Manager Web interface to apply to this policy.
Quota preservation preserves the home folder quota settings for users that are moved. For example, if a user is moved from the Sales organizational unit to the Marketing organizational unit, if the user’s quota allocation for the policy that applies to Sales were higher than the quota allocation for the policy that applies to Marketing, the quota allocations from the policy associated with the Sales policy are preserved for the user.
Quota Maximum: Indicate whether the user home folders associated with this policy will have a maximum quota setting. If so, indicate the maximum quota.
Quota Increment: Indicate whether quota managers will set the quota manually or in set increments. If you use manual increments, the quota manager can increase the quota in any increment until it meets the maximum quota setting. If you establish set increments, the quota manager can only increase the quota by the increment setting.
Quota Managers: Click Add and use the Directory Services Browser to browse to and select a user or group you want to serve as a quota manager by dragging the User or Group object over to the right pane. Repeat this for each user or group you want to establish as a quota manager.
If you do not specify a user or group as a quota manager, only members of the fdadmins group will be able to use the Quota Manager Web interface.
Click Apply to save your settings.
Proceed with Section 6.5.6, Setting the Move Schedule.
This page lets you use a grid to specify when data can be moved during data movement operations.
By default, all days and times are available for data movement. If data movement during regular business hours creates unacceptable network performance, you can choose to move data after regular business hours.
In the left pane, click Move Schedule.
In the Data Move Schedule grid, click the squares for the day and hour you want to disable for data movement.
Click Apply to save your settings.
Proceed with Section 6.5.7, Setting Cleanup Options.
This page lets you enable and specify cleanup rules for the user home folder policy. Options for cleanup include deleting a home folder after a set number of days following the removal of a User object from Active Directory, or vaulting (rather than deleting) the home folder.
In the left pane, click Cleanup Options.
Enable storage cleanup by filling in the following fields:
Enable: Select this check box to enable storage cleanup rules.
Cleanup storage: Specify the number of days a user home folder remains after the associated User object is removed from Active Directory.
Enable Vault on Delete by filling in the following fields:
Enable: Select this check box to enable Vault on Delete. If this is checked and storage cleanup is not enabled, the managed path will be immediately vaulted to the vault location based on the specified vault rules. If there are no vault rules, the managed path will be immediately vaulted to the vault location and removed from the source.
Vault Path: Click Browse to browse and select the path where you want the managed storage vaulted after cleanup.
When you indicate this path, it also appears in the Vault Path field of the Groom page because groom and vault rules share the same path.
Click Apply to save the settings.
Proceed with Section 6.5.8, Setting Vault Rules.
When a User object is removed from Active Directory, you can have File Dynamics vault the contents of the user’s home folder from primary storage to less expensive secondary storage. File Dynamics lets you specify what to vault or delete through vault rules. For example, before vaulting a user’s home folder, you might want to remove all .tmp files. Or, you might want to vault only the user’s My Documents folder and nothing else in the home folder. You accomplish all of this through settings in the Rule Editor.
In the left pane, click Vault.
The Vault Path field displays the vault path that you established when you set up cleanup rules.
Click Add to open the Rule Editor.
In the Description field, specify a description of the vault rule.
For example, “Files to delete before vaulting,” or “Files to vault.”
From the Action menu, select an action.
Select whether the rule will vault files or folders, delete files or folders, or ignore a vault rule.
NOTE:There is only one action for each vault rule. For example, if you wanted to delete some files and vault others, you would need to establish two different vault rules.
Vault: Moves all of the files or folders that meet the criteria specified in the vault rule to a location specified in the policy.
Delete: Deletes all of the files or folders that meet the criteria specified in the vault rule.
Ignore: Ignores the conditions that would normally vault or delete a file or folder, based on specifications you provide in the Mask field.
For example, if you wanted to vault all .MOV files, with the exception of approved training videos located in a folder named Training Videos, you could set an individual rule to vault .MOV files, and another rule to ignore vaulting the Training Videos folder.
Selecting Folders disables the filter settings in the lower portion of the Rule Editor.
File or folder names can contain an asterisk.
Specify whether the rule will apply to files or folders.
Files: If the vault rule you are creating will vault, delete, or ignore content at the file level, leave the File option selected.
Folders: If the vault rule you are creating will vault, delete, or ignore content at the folder level, select the Folders option.
Specify the masks for the rule.
Masks: List the files or folders you want to be vaulted or deleted, according to what is indicated in the Action drop-down menu. For example, if you wanted to delete all temporary files, you could list *.TMP in the Masks field.
Be aware that if you select Vault, only the files or folders that you list in the Masks text box are vaulted and the remainder of the managed path content is deleted. Conversely, if you select Delete, only the files or folders that you list in the Masks text box are deleted, and everything else is vaulted.
(Conditional) If the rule you are creating is specific to files, complete the applicable filter settings.
Leaving the setting as [Disabled]-Any Size, vaults or deletes all file types listed in the Masks text box according to what is indicated in the Action drop-down menu. Choosing any of the other options from the drop-down menu lets you indicate files to delete or vault according to size, when created, when last modified, and when last accessed.
Click OK to save the vault rule.
If necessary, create any needed additional vault rules by repeating the procedures above.
(Conditional) If you have set any rules designed to ignore a vault or delete action, in the Vault on Delete region of the Vault page, use the Promote arrow to move the rule to the top. This protects files or folders specified in the Masks field from being vaulted or deleted.
Proceed with Section 6.5.9, Setting Groom Rules.
Groom rules in File Dynamics specify the file types that you want to be removed from managed primary storage. Examples of these might be MP3 and MP4 files, MOV files, and many others. You specify in a groom rule whether to delete or vault a file based on the rule’s criteria.
Grooming takes place as a Management Action that is run by the administrator. A Management Action is a manual action that is enacted through the Admin Client. For more information, see Section 12.2.5, Management Actions.
In the left pane, click Groom.
The Vault Path field displays the vault path that you established when you set up cleanup rules.
Click Add to bring up the Rule Editor.
In the Description field, enter a description of the groom rule.
For example, “Files to groom in Henderson OU.”
Fill in the following fields:
Action: Select whether this groom rule will delete or vault groomed files.
Files: If the groom rule you are creating will vault or delete content at the file level, leave the File option selected.
Folders: If the groom rule you are creating will vault or delete content at the folder level, select the Folders option.
Selecting Folders disables the filter settings in the lower portion of the Rule Editor.
Masks: List the files or folders you want to be vaulted or deleted, according to what is indicated in the Action drop-down menu.
File or folder names can contain an asterisk.
(Conditional) If the groom rule you are creating is specific to files, complete the applicable filter settings.
Leaving the setting as [Disabled]-Any Size, vaults or deletes all file types listed in the Masks text box according to what is indicated in the Action drop-down menu. Choosing any of the other options from the drop-down menu lets you indicate files to delete or vault according to size, when created, when last modified, and when last accessed.
Click OK to save the groom rule.
Proceed with Section 6.5.10, Notes.
The Notes page lets you enter up to 64,000 characters of notes for the policy you are creating. A practical use of this page is to provide a better description of the policy.
The Summary page displays a summary of the policy settings in HTML format. The Summary page provides an easy way to view all of the policy settings in a single page.