Identity Finder - Individual Installation

Below are some tips and and suggestions for running Identity Finder individually on Windows-based computers.

Identity Finder Tips

These tips apply to when running a windows operating systems

• Scheduled scans
• Handling configuration
• Interpreting results
• Quirks and bugs

Scheduled scans

I.F.  allows the desktop user to create a scheduled scan.
Disadvantages:

• The user’s current login credentials are stored along with the task that runs the scan. If the user changes their password, the scan will no longer run (since it’s running with the old password). The scheduled scan stops running and the user never notices.
• I.F. can only scan files the user has access to. If multiple users have logged on to this pc, then the scan may miss sensitive data in protected directories
• By default, scheduled scans run with whatever configuration the user made. The configurations are generally manually set (although you can create a config file for the user to import). Per user settings means results vary from user to user.
• By default, the user receives no feedback after the scan runs; they must remember to check the
• By default, the scan results are written to the user’s own “documents and settings”directories

Alternative suggestion:

1. Create a configuration file by setting up a scheduled scan in Identity Finder and exporting the settings to an ini file
2. Create a scheduled task that runs with admin credentials. The command line will look like this:

"C:\Program Files\Identity Finder\IdentityFinder.exe" /jobmode /inifile=<filename>

3. Create a directory outside of documents and settings. Store configuration and write log and scan results there
4. Send a regular email to users, reminding them to check results

Advantages:

• The task always runs, even after user changes their password
• All necessary files and folders are readable
• Predictable results for everyone.
• Easily push out updated configuration to everyone
• Predicable location for files
• Users remember to check results

Handling configuration

Identity Finder has a host of complicated settings. Expecting users to manually configure everything is unreasonable and unwise. Most settings are stored in the windows registry. By creating a text file with the necessary registry entries and using the regedit command line utility, you can standardize a host of settings for all your desktops.
Settings for an individual user:
  HKCU\Software\Identity Finder\Identity Finder Enterprise Edition
Initial defaults, changeable by users:  
  HKLM\ Software\Identity Finder\Identity Finder Enterprise Edition\FirstRun
Mandatory settings not changeable by user:
  HKLM\ Software\Identity Finder\Identity Finder Enterprise Edition
There is an annoying but useful manual that documents each of the registry settings (provide a link to download). To generate the initial registry text file, configure I.F. on an individual desktop, then open regedit and export the settings under HKCU. Then open in a text editor and change the key strings from

• Decide what settings should be mandatoryConfigure Identity Finder on a desktop with all the defaults
• export the set of registry keys for HKCU\Software\Identity Finder
• Create a text file with a subset of the desired keys
• For mandatory settings, change “HKEY_CURRENT_USER\\SOFTWARE\Identity Finder\Identity Finder Enterprise Edition” to “HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder\Identity Finder Enterprise Edition”
• For initial default  settings, change “HKEY_CURRENT_USER\\SOFTWARE\Identity Finder\Identity Finder Enterprise Edition” to “HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder\Identity Finder Enterprise Edition\FirstRun”

Interpreting results

Identity Finder generates two kinds of files with every scan:

• A scan log, with error messages and scan totals (*.log)
• A  detailed listing of individual files (*.idf). By default, this is encrypted (and should be)
• If you do an incremental scan (only changed files or files changed since a particular date), Identity Finder will APPEND the results to the existing *.idf file. If the user has dealt with past problems, they will see those files listed in the scan results.

Quirks and bugs

We’ve seen a number of bugs and confusing quirks:

• A detailed results (*.idf) file is only generated if Identity Finder finds problems. If no sensitive data is found the *idf will be from the LAST SCAN, listing problems that no longer exist.
• If you quarantine sensitive data, Identity Finder does not retain the full path, only the filename. If you try to quarantine a second file with the same name you will get an error message.
• For some users, the scheduled scan starts and fails, or a real time scan starts and fails. Uninstall and reinstall Identity Finder
• If you are scanning for unformatted ssn’s (no dashes), you will find them EVERYWHERE. There is a setting (“ssn2threshold”)  that tells Identity Finder to ignore files unless it finds a minimum number of matches. Tweak this until it works in your environment.

Support documents and additional information

• Identity Finder product information
• Purchase Identity Finder licenses from OSL
• Top 10 ways a person's identity can be stolen