Secure Departmental File Share (sec.sfsu.edu) Guide

The encrypted, secure departmental file share, sec.sfsu.edu, is primarily used for the sharing and storage of level 1 data. Individual campus units can request a share on sec.sfsu.edu by contacting their local IT support. Access to the shares and folders is controlled by Active Directory security groups in combination with Duo two factor authentication. Security groups are managed by ITS Systems. For information on other storage options, please see the File Storage Guide.


How Do I:

Complete VPN Authentication with Duo

Note: You will need to have the Cisco Anyconnect Secure Mobility Client (VPN client) installed.

  1. Launch Cisco Anyconnect Secure Mobility Client
  2. Enter vpn.sfsu.edu in the Connect box and click Connect
  3. Select  GROUP-L1 from the Group pulldown
  4. Enter your SF State ID
  5. Enter your SF State Password
  6. Complete your Duo Authentication/Second Password (See the Duo Authentication Guide for assistance)
  7. Click OK.

Note: To connect to the secure share, you must be authenticated using two factor authentication. If you are unable to complete the steps above, contact your local IT support who can assist with account provisioning.

Connect to a Share

Windows

Note: Only Windows 8 or higher can connect to the secure share.

  1. After completing VPN authentication with Duo, open Windows File Explorer
  2. In the list of locations, right click Computer/My Computer/My PC
  3. Select Map Network Drive
  4. In the Folder field enter: \\sec.sfsu.edu\[your share]
  5. If your computer is NOT joined to AD, select Connect using different credentials
  6. Select Finish. If your computer is joined to AD, it will automatically pass your credentials and log you in. If you are not joined to AD, you will need to provide your credentials, in the form of:
    Login: [SF State ID]@sfsu (e.g., 900000000@sfsu)
    Password: SF State password

Map Network Share

 

Macintosh

Note: Only OS 10.11 or higher can connect to the secure share.

  1. After completing VPN authentication with Duo, in Finder, select the Go menu, and choose Connect to Server
  2. Enter the server address: smb://sec.sfsu.edu
  3. Click Connect
  4. When prompted, select Registered User and enter your SF State ID and Password in the Name and Password fieldsName and Password Fields
  5. Select the share (volume) you wish to connect to and click OK. The folder will now appear in the finder
  6. Optional: View the share folder on the desktop:
    • With the Finder still active select Finder > Preferences
    • On the General tab check Connected Servers
    • Close Finder Preferences

 

Check Share Quota

Departmental Storage

In Windows, connect to your share. Right click on the drive and select Properties. Under the General tab, it will show you the used and free space available.

The initial quota for each department share is set to 500 GB. To request an increase, the Department Head (MPP level or above) should email service@sfsu.edu with a Cc. to the Associate Vice President & Chief Technology Officer, Information Technology Services (ITS). The request should include business justification for the increase.

 

Advanced Users

Request Access or Changes

All changes to a secure file share must be approved by a department head (MPP level or above) or his/her designee. Department heads can request the addition/removal of a designee by submitting a service request.

The department head may designate approvers for specific sub-folders under the departmental account. New folders requiring different access permissions can be requested by the department head or a folder approver.

To add or remove user access to a folder, the approver should submit a service request that includes the department, the folder name, and the SF State ID of the user to be added/removed.

Recover Data

Daily snapshots of files are created between midnight and 1:00 a.m. The snapshots are retained for 60 days. To recover a lost or corrupted file or folder:

  1. Using Windows File Explorer, locate the parent folder containing the missing/damaged items
  2. Right click the folder and select Properties
  3. Select the Previous Versions tab
  4. Highlight the folder/date to which you want to restore
  5. To overwrite the existing folder with the previous version, click Restore and approve the destruction of the current folder
  6. To restore just a file or to create a backup of the previous folder contents, click Open and copy the temporary folder contents to a new location

 

Business Continuity and Disaster Recovery

For Departmental Shares:

  • Daily snapshots of files are created between midnight and 1:00 a.m.
  • 60 daily snapshots are available
  • Snapshots are copied off-site for disaster recovery

 

Review Group Membership

Departments are responsible for periodic review of thier share permissions and timely revocation requests when a user no longer needs access to a share. Designated approvers can submit a Service Request requesting the current list of users for their folders.

Advanced users can use Active Directory Users and Computers (ADUC) to review group members. ADUC is part of the Windows Remote Systems Administrator tools. Download links and instructions are available from the Microsoft TechNet RSAT Wiki.

After launching ADUC, navigate to ad.sfsu.edu\Groups\Resources\Shares\ to see the file share groups. Double click on the group you want to review and click the “Members” tab to see the list of all members.

 

SFS Properties

 

Litigation Holds

SF State reserves the right to remove, inspect and audit uploaded files without notice as part of its routine maintenance and for matters that affect the security of SF State data. Accounts may be suspended in the event of litigation or subpoena. Typically any data subject to a litigation hold or subpoena is copied, so that shared use of the data in question can continue without interruption to work processes.