Posts

What Are My Users Searching on Gmail, Google, Youtube and Other Search Engines

In GAT Shield a word cloud is displayed to show queries being searched by your users, this helps to highlight what students and staff are searching for across different search engines.

Like GAT+, GAT Shield allows you to refine your search by selecting a User, Group, OU or domain and then selecting which search engine you are interested in. To do this click on the ‘Apply custom filter’ button on the top right corner of the page.

Apply custom filter

Select the search parameters that you are interested in viewing, for this example I’ve selected an OU structure, the Google search engine and searches after July 1st 2018.

Select the search parameters you are interested in viewing

Now, I will see all of the queries being entered into Google for the Marketing user OU.

export this information to a CSV file

I can then export this information to a CSV file.

export this information to a CSV file.

See Where Certain Files Are On The Domain ‘Drive’

Keeping an organised Team Drive or myDrive folders structure is important so important that GAT+ has a specific tab called Folder Tree. The Folder Tree audit area lays out all of the folder structures for all your users myDrives and Team Drives.

 

You can now search for a specific Team Drive or users myDrive. Once you’ve located the folder you can descend through the folder tree.

You can now search for a specific Team Drive or users myDrive

Click on the folder name to display the ‘Detailed view’ and the ‘Files list’.

Click on the folder name to display the ‘Detailed view’ and the ‘Files list’.

See the detailed view

In the ‘Files list’ you can apply a custom to filter to find files based on a multitude of different search criteria.  You can click on the drop-down menu for any file and remove a particular editor or reader.

apply a custom to filter to find files based on a multitude of different search criteria

 

Powerful Things You Can Do from the Drive Audit List in GAT

This article shows you a few powerful things you can do in Google Drive Audit with GAT+.

1) Find the folder you want
find the folder you are looking for
and using the drop-down, find the contents.
click on "show contents of this folder"
2) Remove an editor or viewer from one or more files.
Once you select the files in the folder, you can remove an editor from one or many …
remove an editor from one or many
3) To see the full viewer or editor history of a file. Just select the file name and click the drop-down beside it.
Click on show events

View File Contents: How to silently copy or view files

To silently download or view files in your G Suite, do the following:

 

  1. In Drive Audit, search for the files you wish to view or download the contents of. You can use the ‘Apply custom filter’ button to search and find the specific files across your domain’s Drive.

use the ‘Apply custom filter’ button to search and find the specific files

 

  1. Here, I have carried out an arbitrary search for files owned by Marketing OU members. To do this I changed the type of search to a User/Group/OU search type. I used the ‘Add Rule’ button to combine multiple search operators. I only want to return file type which are Docs and which have been updated after June 1st, 2018.

use the ‘Add rule’ button to combine multiple search operators

Once you’re happy with your search criteria click on ‘Apply’ or if you wish to use this filter later on, save it by clicking on ‘Apply & Save’.

 

  1. Now click on the tick icon called ‘Toggle selectable’, this will allow you to select any file/folder. To select a file click on the checkbox on the left-hand side of the file name. You can select all files or individually select multiple files.

click on the tick icon called ‘Toggle selectable’

  1. Once the files you want to view or download are selected, click on the ‘Files operation’ button next to the ‘Toggle selectable’ icon. In the drop down menu you will see the option ‘Access permissions granted’ (for viewing/downloading file contents). Click on this option.

click on the ‘Files operation’ button next to the ‘Toggle selectable’ icon

  1. Now we have to send a fresh request to our security officer, Click on the tab called ‘New request’. Select an a sufficient amount of time to have access to the files you selected. You also have an optional area to type a short message to your security officer. Once you are satisfied click on ‘Send request’.

Click on the tab called ‘New request’. Select an a sufficient amount of time to have access to the files you selected.

  1. The following email will be sent to your security officer.

This email will be sent to your security officer

The security officer can click on the link in the email and they’ll be taken to the approval area in GAT+. In the Grants section, the security officer can see exactly which files he is giving access to before approving.

the security officer can see exactly which files he is giving access to before approving.

The Access Log keeps track of all the actions the super admins and security officers are taking.

the Access Log

  1. The requestor/Super admin can now return to Drive audit, click on ‘File Operation’ and select ‘Access permissions granted’ and under the ‘Current requests’ tab select the approved request.

access permissions granted tab on GAT+

  1. In the Actions column, click on the drop-down menu to see the options to download or Show file. When Show file is pressed you will gain silent access into that file.

In the Actions column, click on the drop-down menu to see the options to download or Show file.

 

Calendar Audit

Calendar Discovery

GAT+ supports full domain wide automatic calendar discovery and exposure classification.

GAT discovers all calendars, even those imported automatically. It also classifies them by exposure type.

Here’s a short video tutorial about the Google Calendar Audit

 

GAT can reveal all google calendars in your domain

You can click on the Apply Custom filter button to search for a particular calendar.

Apply Custom filter button to search for a google calendar

There are a multitude of different search operators you can use and also combine together to find the right calendar.

 

User Audit, Calendar Tab

In addition GAT has extended the User audit to show the numbers of calendars per user and the number of events per user, both past and scheduled.

see google calendar's past and future events with GAT+

The values under Calendars, Past events, Future events and Total columns are all clickable. Clicking on any value will take you to the Calendar audit section so you can view those events in detail.

 

Event Discovery

In addition to the automatic calendar discovery, GAT can report on domain-wide automatic event discovery.

select 'calendar events'

With the addition of ‘events’ reporting, Admins can now examine the past and future appointment list of users on the domain. This can be particularly useful for departing employees who may have future appointments management need to be aware of.

select the dropdown arrow

Managing Past/Future events:

  • Ability to delete an instance of an event
  • Ability to delete all recurring events
  • Remove users from events and/or recurring events

 

Google Calendar Audit: Add additional Owners to Any Existing Calendar

Using Calendar Audit an admin can add additional owners to any existing calendar owned by a user on their domain. G Suite admins are able to add Writers/Readers and Free/Busy for any calendar.

 

Auditing different Google Calendar Resources

“Free/Busy Reader only” – Provides read access to free/busy information.

“Reader” – Provides read access to the calendar. Private events will appear to users with reader access, but event details will be hidden.

“Writer” – Provides read and write access to the calendar. Private events will appear to users with writer access, and event details will be visible.

“Owner” – Provides ownership of the calendar. This role has all of the permissions of the writer role with the additional ability to see and manipulate ACLs.

 

Adding Additional Owners to a default (primary) calendar

Admins can add additional users onto another user’s primary (default) calendar.

'owners' in the calendar permissions management tab

Users who have been added as additional owners of a calendar will receive an email with a description and a link to open their calendar to view the changes.

Users who have been added as additional owners of a calendar will receive an email with a description and a link to open their calendar to view the changes.

The calendar will show under the heading ‘My calendars’, the user will have permission to create, edit or delete events on that calendar. All additional owners will have full control over the original owner’s calendar.

a 'my calendar' in the Google Calendar

Deleting the original owner from a non-primary calendar

NOTE: If the Calendar is not a primary calendar meaning it’s not the default calendar of a user, admins are able to remove the previous owner after they have added an additional owner.

Adding Writers or Readers to existing calendars owned by users on your domain

When a user is placed on the Writer/Reader field of a calendar permission. They will have access to those calendar resources.

Select 'writers' in the calendar permissions management tab

Those users will receive an email with a description of what changes the admin has made.

Users who have been added as a Writer:

Those users will receive an email with a description of what changes the admin has made.

Users who have been added as a Reader:

the email a user will receive if he becomes a 'reader'

Writer and Reader calendars are displayed under the heading ‘Other calendars’

Writer and Reader calendars are displayed under the heading ‘Other calendars’

You might find this article useful.

Remove Access Rights to Documents and Folders with GAT+ & GAT Unlock

With just a few clicks G Suite super admins can remove access rights to any document or folder owned by their domain users at any time, even without Security Officer approval (GAT Unlock functionality). In the Drive result table just click on the drop-down menu option next to a user’s email address or the actual permission for example “everyone” or “everyone with link”. You will be prompted with several options.

When you click on the drop-down menu for “everyone” or “everyone with link” permission you will have 3 options, you can remove the permission just for the doc or folder you selected or you can remove that permission for all files within the applied filter search where ever that permission appears for editors or readers.

The same 3 options are available when the drop-down menu is pressed for external or internal email address. You will be prompted with options to remove the users access rights.

When you click on an local domain user’s email address drop-down menu. You will see additional options, for example you can quickly navigate to their owned docs, files they have access to (Files in user_x@mycorp.com) and actions they’ve taken on files (Events for user_x@mycorp.com)

Note: For internal public files shared to your entire domain you may see the following permission: “mycorp.com (with link)”. The same actions can be taken to remove this permission.

You may also find this post helpful:

How to Remove Public and Published Permissions

How to Restore Permissions Removed By a Policy

How to Update GAT Permissions

Identifying External Public Files Your Users Can Edit

Following our last post explaining how to deal with organization files that were shared to the public (Public Shared files – How to Address with GAT), this post will deal with a second potential source of accidental information leakage to the public. In this post, we will look at documents shared into the domain, that are open for your users to edit and which are also ‘Public’.

First, we will assess the current situation, which can be done in 4 simple clicks…

  1. Click on the Apply custom filters button within Drive Audit.

Click Apply custom filters button within Drive Audit

  1. In the filter menu select the following filter operators.
  • Editors matches mydomain.com.
  • Sharing Flags contains Public
  • Sharing Flags contains Shared in

Make sure that all of these search operators are properly combined by using AND.

Include further details in the Definition tab in the 'Drive Files filters'

From the resulting list, you can see what are the public files your staff can edit. They may believe this is a private collaboration with an external individual but in fact, the contents are public on the internet. Using the steps outlined in Public Shared files – How to Address with GAT, you can notify your users in the same way of the risk involved.

Who shares out the most documents?

Sometimes it is good to be able to quickly get a table of some key metrics. A common question is ‘Who shares out the most documents?’, often followed by ‘Who shares in the most?’.

 

Shares Out and Shares In

GAT+ makes answering these three questions very easy. In User Audit and select the ‘Drive’ tab.

In User Audit in GAT+ select the ‘Drive’ tab.

In Drive tab, you will see several columns which provide valuable file information for all of your domain users. The ones we are interested in are Shared out and Shared in columns. Click on the Shared out column heading, this will rank the table to show the least amount of files shared out by a user, clicking on the heading again will show the user who shared out the most amount of files.

click the 'shared out' tab

Both columns are sortable, so it is very easy to bring the top users in each category to the top.

Click on any number to see the details of the files behind the number, including who it is shared with, shared from, number of visits, rights, last accessed, etc.

 

Shares Internally

To find the top internal sharer of documents you can view the column “Internal”.

See internal shares

Sorting on this column shows who is doing the top internal sharing.

GAT not only allows you to see the big picture but to ‘zoom in’ very quickly.

Clicking on any one of the numbers shows you the files behind the number, allowing you to quickly identify who the shares are ‘to’ or ‘from’.