1 ACCEPTED SOLUTION
For those of us in higher ed, we're struggling with similar things, as we work to delete old accounts in order to get under Google's new storage limits. Echoing a number of the comments here, we're also trying to push the "if it needs to stick around after you leave, it needs to be in a Shared Drive" culture change.
Additionally, some of the techniques that various universities are using to let still-current folks know that they might be using a file that's owned by an expired user include:
- Renaming the account (human readable name and/or login) to include "EXPIRED" (like "EXPIRED Ian Crew" or "expired__iancrew@example.edu")
- Changing the profile picture to something like this:
- Using DLP rules to apply a badged label to all of the files owned by a people in a particular group or OU (e.g., the "expired" OU or something) as follows (credit Tron Compton-Engle at CWRU and Chuck Boeheim at Cornell for these steps):
- Turn on labels and create a label. I used badged labels because of the great additional features (bright red, description field and even the ability to specify a URL for additional information).
- Leave the detector section blank
- Create a rule (Security, Access and data control, Data protection). The rule applies the badged label in step 1, and since the detector section is blank it will happen for any file. I applied it to an OU.
The DLP labeling is particularly useful, because badged labels appear as the document is being used/edited, so they're pretty obvious. They also can be searched for in Drive, making it easy for any particular person to see the files that they have access to that are owned by expired folks. See https://it.cornell.edu/file-storage/google-drive-orphaned-content for more details about what the end-user sees.
Hope that helps,
Ian
For those of us in higher ed, we're struggling with similar things, as we work to delete old accounts in order to get under Google's new storage limits. Echoing a number of the comments here, we're also trying to push the "if it needs to stick around after you leave, it needs to be in a Shared Drive" culture change.
Additionally, some of the techniques that various universities are using to let still-current folks know that they might be using a file that's owned by an expired user include:
- Renaming the account (human readable name and/or login) to include "EXPIRED" (like "EXPIRED Ian Crew" or "expired__iancrew@example.edu")
- Changing the profile picture to something like this:
- Using DLP rules to apply a badged label to all of the files owned by a people in a particular group or OU (e.g., the "expired" OU or something) as follows (credit Tron Compton-Engle at CWRU and Chuck Boeheim at Cornell for these steps):
- Turn on labels and create a label. I used badged labels because of the great additional features (bright red, description field and even the ability to specify a URL for additional information).
- Leave the detector section blank
- Create a rule (Security, Access and data control, Data protection). The rule applies the badged label in step 1, and since the detector section is blank it will happen for any file. I applied it to an OU.
The DLP labeling is particularly useful, because badged labels appear as the document is being used/edited, so they're pretty obvious. They also can be searched for in Drive, making it easy for any particular person to see the files that they have access to that are owned by expired folks. See https://it.cornell.edu/file-storage/google-drive-orphaned-content for more details about what the end-user sees.
Hope that helps,
Ian
