Having visibility over files containing sensitive data is essential to ensure that security and compliance regulations are maintained.
Files that might contain sensitive data often need to be searched for and moved to a secure location. This can be done manually using Windows Explorer, but it is time consuming so is used primarily when you need to secure a single file.
To check multiple files in a more efficient manner, you can use PowerShell. However, a PowerShell script for moving files will terminate with an error if the path is invalid, so before you run it, you need to thoroughly check whether the files and folders exist.
Instead of spending time writing and running scripts, a more straightforward solution is to use the Lepide Data Security Platform where you can open prebuilt reports that show where your sensitive data is stored.
In this article we will explore both the native method for locating files with sensitive data, and a more straightforward method using the Lepide Data Security Platform.
How to Use PowerShell
Please follow below steps:
-
- Open the PowerShell ISE
- Run a script similar to the following, which will return all files in the Accounting folder whose filename includes the string ‘payroll’:
$filename = '*payroll*.*'#you can use wildcards here for name and extension
$searchinfolder = '\\pdc\Shared\Accounting*'
Get-ChildItem -Path $searchinfolder -Filter $filename -Recurse | %{$_.FullName}
The results will show all matching files.
Once you have a list of files that might contain sensitive data, you might want to move them to a secure location. However, your processing script will terminate with an error if the file path is invalid, so before running it, you should first check for the existence of the file or folder. The following PowerShell commands will help:
Using ‘Get-Item’ to check if a file exists — You can use the Get-Item cmdlet in PowerShell to find a file by name. If the specified item path does not exist, the script will throw an error. Below is a PowerShell script that checks whether the file “Payroll 2022 – 2023.xlsx” exists using the Get-Item cmdlet. If the file exists, the script provides the file details; if not, it will display a message saying the file does not exist.
$file="C:\Shared\Accounting\Payroll 2022 - 2023.xlsx"
if (Test-Path$file) {
$item=Get-Item$file
Write-Host"The file exists. Details:"
$item
} else {
Write-Host"The file does not exist."
}
Using ‘Get-ChildItem’ to check if a file exists — The Get-ChildItem cmdlet is typically used to retrieve a list of items in a specified location, but it can also be used to check for the existence of a specific file. The script below attempts to retrieve the file “Payment_2021.rtf”. If the file exists, the script will return the file details and a success message; otherwise, no output will be returned by Get-ChildItem and the write host cmdlet will display the message “The file does not exist.”
$file="C:\Shared\Accounting\payment_2021.rtf"
$items=Get-ChildItem$file
if ($items) {
Write-Host"The file exists."
} else {
Write-Host"The file does not exist."
}
Using ‘Test-Path’ to check if a file exists — You can use the Test-Path cmdlet to check whether a specific file or folder exists. It returns True if the file or folder exists and False if it does not. For example, to check whether the “Payroll 2022 – 2023” file exists, run the following script:
Test-Path-Path'C:\Shared\Accounting\Payroll 2022 - 2023.xlsx'
To determine whether there are any files in C:\Shared\Accounting\ that have the .xlsx extension, run following Test-Path cmdlet:
Test-Path-Path"C:\Shared\Accounting\*"-Include*.xlsx
You can also use Test-Path to check whether a path is a file or a directory. Add the ‑PathType with “leaf” as its value, and the cmdlet will return “true” if the path is a file.
Test-path -Path "C:\Temp\Temp*" -pathtype leaf
To validate the network path of a shared folder on a remote computer, use this cmdlet:
Test-Path -Path \\FileServer\Backup
How Lepide Helps
As you can see, this native way to find files with sensitive data is both time consuming and complex. A more straightforward solution to this is to use the Lepide Data Security Platform.
The Lepide’s data classification software overcomes the complexity of the native method by providing a straightforward way to identify all sensitive data by setting up Data Classification and using the Classified Files Report which is shown below:
To run this report:
- Select Lepide Identify, Reports and from this screen, expand File Server Reports
- Select Classified Files
- Select Generate Report
- The report is generated and can be filtered, sorted and exported to CSV and PDF format