Audit and Control Management Server 2013 - Handling a large number of static files

  • Article

Microsoft Audit and Control Management Server 2013 has a scanning feature that by default scans monitored folders once a day to pick up any changes to files that were not picked up from file change notification events when files were modified. The folder rescan also picks up any files that have not been picked up in the past to create an initial version 1. This happens for any existing files or new files added to the folder in the future.

Some organizations may not be interested in collecting initial versions because of the large number of static files that exist already in the folder which will not be modified again in the future. The rescan feature cannot be turned off to avoid collection of initial versions as it happens to ensure that the NTFS Processor does not miss any file updates.  It is necessary, since there are numerous issues that can prevent the NTFS Processor from receiving notification from file servers when a file gets modified.  For example, there can be a loss of network communication between the ACM Server and the file server.  If a user updates a file during this time, the NTFS Processor would miss it.

Even more common is when there are an excessive amount of notifications from the file server as a result of lots of files being saved.  In this case, the file servers report an overflow to the NTFS Processor, rather than sending all the individual notifications.  The rescan process ensures that the NTFS Processor checks all monitored folders to see if there are files to be tracked or files that have been updated.  There is no way to configure ACM Server to ignore files that are not being modified, because ACM Server needs to track version 1 (baseline) of all the files. Otherwise it would not report changes the first time a file was modified.

There are a few options that can be considered:

  1. Allow ACM Server to process version 1 of all these files.  After version 1 is processed for each file, it will only track the files that are modified subsequently.  This will cause the ACM Server to have many workbooks in the database if there are a large number of files in monitored folders, but the activity will go way down after the initial load.  The number of files in the processing folder should approach zero.
  2. Move the old static files to a folder that is not being monitored by ACM Server. This may not be a good option if other files are linking to these static files.
  3. Move the in-use files to new folders and set ACM Server to monitor only the new folders, therefore ignoring the files that are static.
  4. Update the “File types to monitor” field in the Monitored Folder configuration to be more specific about which files should be tracked.  For example, you could have a folder with thousands of files, and if your “File types to monitor” says “Statement*.xlsm”, it would only track files that meet that search criteria.