E-Discovery and Microsoft Technology : retention policy

Managing USB Thumb Drives - Is Vista Better Than Epoxy?

chris.chalmers — Tue, 09 Sep 2008 05:43:00 GMT

What's so bad about USB flash drives? Isn't it great that, for less than $50, I can buy device the size of my thumb that holds 16Gb of emails, product designs, and drafts of confidential memos? In a word, NO.

From an e-discovery perspective, tracking and managing all these potential sources of responsive information is a nightmare. Brad Carlson of Fios, Inc. outlines a helpful process in his article, "Collecting Personal Data for E-Discovery" in Computer Technology Review (you can read it here:

http://www.wwpi.com/fall-2007/2794-collecting-personal-data-for-e-discovery) .

But the sheer scope of the problem is overwhelming. Here at Microsoft, USB flash drives are a frequent promotional giveaway: I've seen flash drive key chains, flash drive Swiss army knives, flash drive flashlights, even a flash drive wristwatch. How can attorneys possibly have any confidence that they've identified all the sources of data they might use in their claim or defense?

I once knew a sys admin who was so concerned about the potential damage those tiny USB drives could cause his organization that he put epoxy into the USB ports of all new laptops that came into his organization!

Needless to say, there's a better way to manage USB devices in Windows Vista and Windows Server 2008.

There's a new set of Group Policy Objects (GPOs) specifically for managing USB devices. If you're not familiar with Group Policy, here's a one sentence description: it lets administrators turn off certain features of Windows in a way that users can't turn them back on. You can learn more at the Group Policy center here:

http://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx

TechNet Magazine has an article that explains how to use Group Policy to control which USB devices (if any) can connect to the USB ports of Vista machines. The article was written from a security perspective, but it's easy to see how it applies to e-discovery. " Security: Managing Hardware Restrictions via Group Policy"

http://technet.microsoft.com/en-us/magazine/cc138012.aspx

The controls are quite granular. In a more in-depth article on MSDN, you can learn how to "authorize" USB connections down to the individual device manufacturer's make and model. The article is "Step by Step Guide to Controlling Device Installation Using Group Policy:"

http://msdn.microsoft.com/en-us/library/bb530324.aspx

Here are some of the highlights:

Prevent users from installing any device.
Allow users to install only devices that are on an "approved" list. If a device is not on the list, then the user cannot install it.
Prevent users from installing devices that are on a "prohibited" list. If a device is not on the list, then the user can install it.
Deny read or write access to users for devices that are themselves removable, or that use removable media, such as CD and DVD burners, floppy disk drives, external hard drives, and portable devices such as media players, smart phones, or Pocket PC devices.

This gives administrators much more flexibility around using and deploying USB devices in a responsible manner. For instance, you could provide your users with a large "authorized" USB drive that they can use for their local backups. Meanwhile, all other USB drives won't be able to connect to the computer, because of your policy. It's the best of both worlds: you don't have to worry about all those USB thumb drives scattered about, and end users can still enjoy some of the benefits of USB.

No epoxy required!

Is it "Safe" to Store Voicemail in Exchange 2007 Unified Messaging?

chris.chalmers — Mon, 25 Aug 2008 13:46:00 GMT

I've co-authored a post on the MS Exchange Team's blog, "You Had Me At EHLO." It's entitled "Voice Mail and Discoverability with Exchange 2007 Unified Messaging," and explores the features and functions, as well as some of the legal wrangling around storing voicemail, email, and faxes in one system.

You can read it here: http://msexchangeteam.com/archive/2008/08/21/449657.aspx

In summary, Microsoft hired a law firm to write a white paper investigating the problem, and the white paper concludes ".that no aspect of Exchange alters, by increasing or decreasing, the record retention obligations of these organizations in the U.S. or E.U. ." That is, if a company is obligated to retain voice mail messages, it doesn't matter if they're stored in Exchange 2007 UM or somewhere else - they still need to be retained. Likewise, if voice mail messages have been deleted in the normal course of business prior to an obligation to retain them, the fact they were in Exchange 2007 UM doesn't create a new obligation to retain where no obligation existed before.

Anyway, it's a great post, I had a lot of help with it, and I highly recommend reading it. There's also a lively comments section down below.

First, Let's Kill All The .PSTs

chris.chalmers — Fri, 01 Aug 2008 04:49:00 GMT

Let's face it, from an e-discovery perspective, having email stored in local .PST files on individual users' hard drives is risky. You don't want them around, because:

The end user's hard drive might fail, resulting in the loss of potentially valuable email that often isn't backed up (or the backup is stale).
The process of capturing and discovering information that is stored in .pst files is labor-intensive and expensive because .pst files must first be located on user computers and then the contents must be processed by legal personnel.
Potentially significant messages might be missed during the initial e-discovery gathering process, only to turn up much later in the litigation, causing harm to your case.

Exchange 2007 SP1 can help. Generally, we suggest a two-step approach to managing stray .PST files on the network:

Start by making the .PST files read-only, so users can still access their data, but not make the problem any larger. There is a registry key called "PSTDisableGrow" that can accomplish this

Once users have reduced their dependence on PST files, you can disable local PST files, and load the existing PST files into Exchange Server 2007 SP1. The "DisablePST" registry key accomplishes this.

Of course, all this is happening within the larger context of using Managed Folders and Message Records Management (MRM) to gain control of your email and implement your retention policy.

Here's a great clip from our documentation that explains the whole process, from how to make .PSTs read-only, to providing a nice n overview of deploying MRM:

http://technet.microsoft.com/en-us/library/bb508901.aspx

And here's a great blog posting on how to load PST files into Exchange Server 2007 SP1 using the Import-Mailbox cmdlet

http://msexchangeteam.com/archive/2007/04/13/437745.aspx