Versions Compared

Version Old Version 22 New Version Current
Changes made by

Utkucan Saraç (Unlicensed)

İrem Kara

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

GDE

...

is

...

an agent-based discovery solution that allows indexing data on endpoints and/or file servers without requiring share definitions. It operates on Windows, Linux, macOS, and Pardus environments

...

GDE is installed on each computer manually or automatically with Application distribution tools (SCCM, PDQ, ..). Which directories will be indexed can be specified with the settings.

...

GDE processes the new and changed files every 3 hours.

...

GDE may run as a Windows Service.

...

GDE does not copy the contents to the server. The contents found as a result of a search are found and opened from the respective computer. If the computer or GDE is not turned on, you can search but not access the document. If you want to make a backup of the documents, you should turn on the "Backup Contents" setting for the corresponding Resource in the GEODI project.

Table of Contents
Tip

Conditions for connection

  1. Token and URL

  2. Directory configuration file to scan in GEODI Server

  3. GDE Agents Installation Files

Installation Checklist

...

Subject

...

Description

...

GEODI resource name

...

GDE data can be located under a source you specify in GEODI.

You should use this information when purchasing tokens.

Incoming data will appear in the “Sources” and data discovery reports in the GEODI Search Interface.

A ready-made panel called “Discovery” will come with your project. In order for the data counts from clients in this panel to work correctly, you must also add the recognizer named GDE to your Project.

...

Settings

...

GDE runs on a large number of clients. The settings are determined centrally. This page explains how to make the settings.

A separate set of settings can be specified for FileServer installations or for each client if needed.

...

Client Installation

...

Installation steps for Windows, Linux and MacOS are indicated on the subpages.

...

Client Monitoring

...

With the method described GEODI Agent Management Panel on the page, information such as the health of the agents and the version can be monitored.

...

. The GDE agent indexes/discovers many PCs or File Servers without requiring share definitions. The GDE agent runs on Windows, Linux, or macOS. Additionally, GEODI can discover remote servers without an agent.

A connection is created by selecting Project Wizard/Feed Source/GDE. This page generates the necessary Batch file to install the GDE agent. You can copy and use it with tools like ManageEngine or SCCI. Manual installation is also possible if preferred.

GDE begins discovery with the default directories specified on this page. It repeats the process approximately every 3 hours on each machine. Content from different machines is queued and processed on the GEODI server.

Active agents can be monitored through the https://decesw.atlassian.net/wiki/spaces/geodien/pages/edit-v2/4184473601 Panel.

Table of Contents
stylenone
Tip

Requirements for Connection

  1. A user with sufficient privilege levels to install agents on client machines.

    1. Variations may exist for Linux and macOS clients.

  2. A tool like ManageEngine or SCCM for deploying to a large number of clients.

  3. Client machines must have access to the <geodi> server.

  4. <geodi> server must have access to the client machines, with port 1982 (configurable) open.

Gliffy
imageAttachmentIdatt4336386146
macroIdc02c52c0-32db-418a-8a1e-64c4cfe9a700
baseUrlhttps://decesw.atlassian.net/wiki
nameGDE-EN
diagramAttachmentIdatt4336648300
containerId3972202552
timestamp1702733720298
image-20241219-105355.pngImage Added

MSI Link and Update

GDE agents are automatically downloaded to the GEODI directory along with the GEODI Discovery module. The required MSI files can be found in the following directory.

Windows agents will automatically update themselves from this directory when a new version is released. If you are operating in an offline environment, it will be sufficient to manually update the modules on the GEODI server.

Info

The GDE Agent can be accessed at: <geodi_url>/GUI/Agents/GDE

Here, <geodi_url> refers to the GEODI Server address.

Troubleshooting

Expand
titleIndexing does not start

  1. Check if the client has access to the GEODI Server. GEODI should be accessible through a browser on the client. Enter the GEODI address in a browser on the client; there should be access.

  2. The GEODI server should be accessible from the client's GDE. Using a browser on the client, enter <ClientIP>:<1982>/DEW?op=GetLastError. If everything is fine, it should return null. The ExplorerPort specified in GDE rules, e.g., ExplorerPort=1982 (or the chosen port), should be open.

  3. Inspect the Firewall, Antivirus, or any similar tool to ensure there is no blocking mechanism preventing communication.

  4. Check if the client machine is operational. GDE should be installed and running (Geodi.Desktopexplorer.exe should be in the task list).

  5. Verify the status of the received TOKEN: <GEODI_URL>/API/token_parser.html.

  6. Examine the Agent Management Panel; if the endpoint's status looks good, waiting for a while may resolve the issue. The GEODI Server queues incoming data, so the files at the endpoint might not be due yet.

  7. If everything seems correct but data is still not coming through, check the FolderList and IgnoreFolders values in the GDE rules.

  8. If you are not receiving the expected file type, ensure that the extension is not listed in the IgnoreFiles value in the GDE rules.

Expand
titleSettings are not effective,

  1. The Setting file may not be a valid JSON. Validate it with an online tool.

  2. Settings will generally be adjusted in an hour. If the IP of the endpoint has changed, this may take up to 3 hours.

Expand
titleSome files are not indexed

The default settings block some large files, like videos. Files larger than 100 MB or compressed files larger than 500MB are blocked. You may change the settings. The settings will be effective in about an hour.

Expand
titleThe endPoint has been formatted

Install the GDE as usual. The endpoint will be treated as new. The old data is preserved.

Expand
title1982 port is not avaliable

  1. You can change 1982 to anything available. Please be careful about not assigning ports that have already been used.

  2. You may set the GDE port to 0, but GEODI can not open the remote files in this case. The search and discovery are unaffected.

FAQ

Expand
titleHow can query files from a specific endpont?

It is no different than the other. Add layer:GDE <machinename> into query.

  1. layer:GDE <machinename> will query the files.

  2. layer:GDE <machinename> doc:*.pdf will list the PDF files.

  3. layer:GDE <machinename> doc:*.pdf contract will list the PDF files with the word contract.

Expand
titleIs it possible to Classify remote files?

The GEODI legacy data classification tool classifies remote files if you have the classification agent installed on the same endpoint.

Expand
titleIs it possible to remediate remote files?

Yes, GEODI remediation tools cover remote files as well. The only requirement is that the user should have delete/update permission on the remote machines. This way, GEODI deletes, makes, or encrypts remote files like the local ones.

Expand
titleWhat happens if the endpoint machine is closed?

Search is unaffected, but you can not open/view or remediate the files.

Expand
titleDoes GDE copy local files?

No, GDE does not copy the local files. But if you need to backup local files, check the “backup content" in the GEODI source dialog. You may activate or deactivate this setting at any time.

Expand
titleWho is going to see the files from endpoints?

  1. Sistem Admins see all files.

  2. Other users' permissions depend on Enable LDAP settings. If LDAP is enabled, then local permissions are used.

  3. It is possible to set each user to see their PC files. Please ask the DECE team how to do that.

Expand
titleWhat happens if the endPoint is formatted?

  1. Install the GDE as usual. The endpoint will be treated as new. The old data is preserved.

...

GDE configuration settings

Settings should be GEODI server <GEODI_APP>/Settings/Geodi.DesktopExplorer folder named default.json. Installed GDEs will automatically retrieve this setting in about an hour.

  • Any changes will be effective in about an hour. You may change the settings while GEODI is running.

  • To define different rules for each machine, you may use different additional files named

    • <ClientIP>.json

    ,

    • <ClientUserName>.json

    , or

    • <ClientMachineName>.json.

Code Block
languagejson
{
  "FolderList": ["%UserProfile%"],// "*" scan all directory //
  "ExplorerPort": 1982,
  "IgnoreFiles":["*.MP4","*.MOV","*.MP3"],
  "MetaData": {
	"LDAPDN":"=d.CurrentUser!=null?d.CurrentUser.DistinguishedName:null",
	"IP":"=d.ClientIP",
	"ComputerName":"=d.ClientMachineName",
	"UserName":"=d.ClientUserName"
	}
}

Setting Name

Type

Description

FolderList

string[]*

Used to specify the folders to be scanned. Folders can be identified by separating them with ",".Windows, MacOS, and Linux client folders can be used interchangeably.

The default directory is %UserProfile% ,\\Users, \\Home(includes documents, downloads, desktops,

desktop..

etc.).

A complete list can be found at https://docs.microsoft.com/tr-tr/dotnet/api/system.environment.specialfolder?view=netframework-4.0.

Values are case-sensitive. Subdirectories can also be defined as %UserProfile%\\Desktop.

You can use ["*"]

if you want When a port to be used is defined, as long as the client is open, the content can be viewed on Geodi

to scan all disks.

ExplorerPort

int

If a value above 0 is entered, Explorer will run in APP→GEODI→APP mode. Firewall settings must be made in this mode.

The default is 1982.

Alternatively, you may set the port value to 0. Discovery and search will be fine, but GEODI can not open the local files in this case.

EnableLDAP

bool

If a true value is given, LDAP authorizations of the files are also indexed.

Default value: false

IgnoreFolders

string[]

List of folders to ignore. * is accepted. Used in combination with the settings under Geodi Settings/IgnoreFolders.

Example: ["*:\\data","C:\User*"]

Default value: null

(info) GEODI central file/folder ignore rules always take precedence. The restrictions specified within the settings are applied additionally.

(info) By default, to safeguard the network resource, only the name and date of files larger than 100MB are indexed. This limit is set to 500MB for compressed file contents. These values can be modified on the GEODI server.

IgnoreFiles

string[]

List of folders to ignore. * is accepted

. Used in combination

and used with the settings under Geodi Settings/IgnoreFileTypes.

Default value:["*.MP4","*.MOV","*.MP3"]

(info) GEODI central file/folder ignore rules always take precedence. The restrictions specified within the settings are applied additionally.

(info) By default, to safeguard the network resource, only the name and date of files larger than 100MB are indexed. This limit is set to 500MB for compressed file contents. These values can be modified on the GEODI server.

Metadata

You can define metadata for parsing files from clients. These metadata are specified in the settings file. The values used in the default settings can be seen in the example file.

Searching with metadata is done with <metaname>:<value> Example IP:192.168.1.1

The defined metadata and

their

values will be visible in the GEODI search interface.

...

  1. Log in with a user accessing the Source that GDEs will feed.

  2. Open the page: Generating a GEODI Token .

  3. Check Feed Checkbox and enter the name of the Source in the AllowList.

  4. Now you are ready to create the Token.

...

Troubleshooting

...

If no data is received after setup,

  • please check your Firewall/Antivirus settings and contact your IT consultant.

  • The client may be Closed

  • Check if GDE is installed

  • Check if GDE is running (Geod.Desktopexplorer.exe should be running)

  • Check if the port (default 1982) is available or not blocked.

  • Check if the GEODI server is accessible from the client(use ping or a browser).

  • GDE continuously feeds the GEODI server. A Firewall/Virus scanner may be blocking the communication.

  • Be patient; The GEODI Server queues and processes data from many clients simultaneously. So the client data eventually be indexed if no other problem exists.

  • If the IP or Name of the client changes, previous files will be visible again in about 3 hours.

  • If the client is formatted, it is assumed a new client. The Old index is preserved.

...

Central setting changes take effect within 1 hour.

...

Only the name and date are indexed for files larger than 100 MB to preserve network resources by default. This limit is 500MB for compressed file contents. The values may be changed.

...

GDE API

You may use a browser to make these calls.

<ClientIP>:<1982>/DEW?op=GetStatus

Gets the status of GDE Agent

{"StatusText":"","RequestCount":0,"FileCount":0,"SendCount":0,"IgnoreCount":0,"Server":"<GEODI_URL>"}

(info) Default port = 1982, may be different

<ClientIP>:<1982>/DEW?op=GetLastError

Gets the GDE agent errors.

If no error, retuns null. Else

{"Server":"<GEODI_URL>", "LastErrorTime": {}, "LastError" : "", "TotalErrorCount": n}

Updating the GDE Agent

The agents check for updates every two days and, if available, automatically update themselves via the GEODI server. No manual intervention is required.

Installing GDE as a Windows Service

This option is used to index/discover FileServers with GDE.

Info

Requirements for Installation

In addition to the Windows MSI requirements:

  1. The Windows Service user must have read-only access to the FileServer directories.

  2. A separate configuration file must be created under the GEODI Server for each File Server to define the directories to be indexed and other rules. Details are provided on the main page..

After installing GDE on Windows, it can be turned into a service using the WindowsServiceInstall.bat file located in the same directory.

  1. The service mode can be removed using the WindowsServiceUninstall.bat file.

  2. When running in service mode, no logged-in user is required for the service to function.