We are tasked to routinely scan local drives for PII.  Scanning the entire drive was putting a long load on the system just running that task. We decided to search the most common area where a user would download or place files containing PII in.  If they are positive in those areas we do a deeper scan.  We use a kscipt that runs as logged in user to gather the info and a CIR to capture it to the SMA.  Then have reports on the data gathered by the SMA.

Scan and gather the info with a script

9k=



this code looks for either "ssn" or "DOB" at beginning of words in the files.  You can use other or additional words by changing the search pattern (between the " ") https://ss64.com/nt/findstr.html

findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\desktop\*.txt > c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\desktop\*.doc* >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\desktop\*.xls* >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\desktop\*.csv >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\desktop\*.accdb >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\downloads\*.txt >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\downloads\*.doc* >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\downloads\*.xls* >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\downloads\*.csv >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\downloads\*.accdb >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\documents\*.txt >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\documents\*.doc* >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\documents\*.xls* >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\documents\*.csv >> c:\programdata\quest\kace\user\pii.txt
findstr /s /i /m "\<SSN\> \<DOB\>" %userprofile%\documents\*.accdb >> c:\programdata\quest\kace\user\pii.txt


you then create a cir

ShellCommandTextReturn(cmd /c if exist C:\ProgramData\quest\KACE\user\pii.txt type C:\ProgramData\quest\KACE\user\pii.txt)

9k=


You can use the wizard or sql to create reports.  for wizard just check system info you want displayed and also include checking the CIR for that under the custom fields section.  my 2 basic filters are

9k=