This lesson is part of the "TAMING GAM - A practical guide to GAM and GAMADV-XTD3" course.
What confidential information do your staff have? Do some of them have access to credit card numbers that they are not supposed to know about? Are they sending out CVs on company time? Do they have company secrets saved on their Google Drive?
If I have scared you, I meant to. It is a nice way to get you hooked into a blog article 🙂
But if your staff have access and have saved this information in their Google Drives and you are not aware of it, you have no idea what they might want to do with that information in the future or maybe what they have already done with it.
Let's look at a very simple and quick way of searching your companies drives for information that you want to check for.
We are going to be looking for keywords using GAMADV-XTD3. If you are not sure how to install and get started with GAM, please see these articles.
GAMADV-XTD3 on Windows 10
GAMADV-XTD3 on Google Cloud Shell
If you are looking to upgrade your GAM then go to upgrade your installation of GAM?
Let's get started.
Firstly open up your command line, whether on Windows, macOS or Linux and type this command. This is searching through a user called Jim for the word "confidential".
gam user jim print filelist query "fullText contains 'confidential'" todrive
If you want to see all the fields in a Google Sheet, then you would use this command.
gam user jim print filelist query "fullText contains 'confidential'" allfields todrive
But what if you want to search for a Credit Card number in Google Drive? Well then this is what your script would look like. We are searching through everyone's Google Drive for a specific Credit Card number.
gam all users print filelist query "fullText contains '4539931860264108'" allfields todrive
File Content with Exact Phrase "Credit Card". I am just searching in Jim's Google Drive.
gam user jim print filelist query "fullText contains '\"Credit Card\"'" todrive
File Content with words in same file. I am looking for a file that has the CEO's Credit card number "4539931860264108" and the word "ID". Here I am searching through all the users.
gam all users print filelist query "fullText contains '4539931860264108 ID'" todrive
Exact File name. We are searching through just Jim's Google Drive for the Exact file name of "Confidential Document"
gam user jim print filelist query "title = 'Confidential Document'" todrive
Part of a File name. Here we are searching through all the users in the Google Workspace domain and trying to find all files that have the word "Confidential" somewhere in the file name.
gam all users print filelist fields title filenamematchpattern ".*Confidential*.*" todrive
In this article we looked at external sharing, but here are a couple more examples. Here we are searching for owners of documents. You can specify an email address.
gam all users print filelist id name owners fullquery "'paul@osh.co.za' in owners" anyowner todrive
This query looks at anyone with a link who can edit your Google Drive Documents.
gam all users print filelist fields id,name,permissions,webViewLink pm type anyone withlink true role editor em todrive
Make sure that your staff are not sharing private or confidential information with others on the internet. If you would like more information about how to secure and report on your Google Workspace with automated and simple tools, check out the full "TAMING GAM - A practical guide to GAM and GAMADV-XTD3" course for your Google Workspace. It is over 9 hours and has 50 pages of free resources!
This lesson is part of the "TAMING GAM - A practical guide to GAM and GAMADV-XTD3" course.
You and your staff are sharing files with your Google Drive inside and outside your company. The simplest way to do it is by making a file that anyone with a link can see. This is the most dangerous way of sharing. You have no idea who is looking at your files. You have are not aware if the person you shared the file with, decided to s
You, and your staff, are sharing files within your Google Drive, inside and outside your company.
The simplest way to do this by making a file that anyone with a link can see. Unfortunately, this is the most dangerous way of sharing because you have no idea who is looking at your files or if their intentions are nefarious. You don't know if the person you shared the file with, decided to share the link with other people in their company. And, if they did so, what their intentions are.
Before we continue, we are going to be using GAMADV-XTD3 in this blog. If you are not sure how to install and get started with GAM, please see these articles.
GAMADV-XTD3 on Google Cloud Shell
If you are looking to upgrade your GAM then go to upgrade your installation of GAM?
Let's get started.
This lesson works with the python file created by Ross Scroggs here called GetSharedWithAnyoneDriveACLs.py
The first step is to get the ACLs for all the files. You can do it for either an individual user or for your entire domain. This first GAM script looks at a single user and exports all of their files to the Google Drive along with the ACLs with targeted headings.
gam user jim print filelist id title permissions todrive
This GAMADV-XTD3 script pushes all the users in your domain with a Google Drive to a Google Sheet with their drive permissions.
gam all users print filelist allfields permissions todrive
Using the scripts that are in the comments of the GetSharedWithAnyoneDriveACLs.py file.
gam config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess all users print filelist fields id,title,permissions,owners.emailaddress <PutQueryHere>
This script allows you to pick either "all users" or an individual user and then at the end of the script you have the option for a query. These are the 3 options:
DESIRED_ALLOWFILEDISCOVERY = 'Any' - query "visibility='anyoneCanFind' or visibility='anyoneWithLink'"
DESIRED_ALLOWFILEDISCOVERY = 'True' - query "visibility='anyoneCanFind'"
DESIRED_ALLOWFILEDISCOVERY = 'False' - query "visibility='anyoneWithLink'"
I would specifically like to look at all files that have been shared with anyone with a link, so my script looks like this.
gam config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess all users print filelist fields id,title,permissions,owners.emailaddress query "visibility='anyoneWithLink'"
The CSV that is generated is then exported to the GAM Work folder, if that is where you ran the script from. You will then be able to open the CSV in Google Sheets or Microsoft Excel. However, you do not have to open it.
Once you have created the filelistperms.csv file, with the first GAM command, you will then need to convert that file to a new file, called deleteperms.csv, using the GetSharedWithAnyoneDriveACLs.py. Run this script and this is what your output should look like in the command line.
python3 GetSharedWithAnyoneDriveACLs.py filelistperms.csv deleteperms.csv
Then inside your c:\GAMWork folder you will see the newly created file called deleteperms.csv. You can open it and look at it. You will see that the python script has cleaned up the script, changed the headers and simplified the permissions.
You need to carefully look through this file and see if you need to remove anything from here. You are looking to remove the external sharing from files. So if there is a file in this CSV, the permissions will be removed in the next step. If you do not want the permissions removed, then remove it from this CSV file.
If you are happy that all the files that need to have their permssions removed are in the CSV, then close it and you can then run this script.
gam csv ./deleteperms.csv gam user "~Owner" delete drivefileacl "~driveFileId" "~permissionId"
The below is what your command line will look like. It shows you what files or folders have had their ACLs removed.
Now to test a final time. Run this script and then open the filelistperms.csv and check that the sharing is what you want.
gam config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess all users print filelist fields id,title,permissions,owners.emailaddress query "visibility='anyoneWithLink'"
You can either be quite specific about removing permissions from your staff's files and folders or you can remove all external sharing in a couple of minutes, it is really up to you and what you want to do.
For a more complete understanding of how to use GAM and GAMADV-XTD3 for your Google Workspace, check out our full course of over 9 hours and 50 pages of free resources!
This lesson is part of the "TAMING GAM - A practical guide to GAM and GAMADV-XTD3" course.
In this video lesson, we will be walking through the process of upgrading GAMADV-XTD3 to the latest version. You can either watch the video below, or follow the images and steps detailed below.
If you are trying to install GAM rather than upgrading it, please refer to these other articles.
GAMADV-XTD3 on Google Cloud Shell
Let's get started.
This post was updated with new scripts on the 5th November 2021.
To see the article published by Ross Scroggs on GitHub, please see here.
I found this post on the GAM for Google Workspace Google Group where Chris River posted a PowerShell Script on how to update your installation of GAM from whatever version you are running to the latest version.
Create a PS1 file by opening notepad and pasting this script into it and save it as a PS1 file into your GAMADV-XTD3 directory. Mine is located here C:\GAMADV-XTD3
if (.\gam version checkrc) {
$releases = curl "https://api.github.com/repos/taers232c/GAMADV-XTD3/releases" | ConvertFrom-Json
$dlurl = ($releases[0].assets | where {$_.name -like "*windows*64.zip"}).browser_download_url
$dir = (Get-Location).Path
(new-object System.Net.WebClient).DownloadFile($dlurl, "$dir\gamadv-xtd3-latest-windows-x86_64.zip")
$oldchangeloglinescount=(Get-Content .\GamUpdate.txt | Select-String .*).count
Expand-Archive "$dir\gamadv-xtd3-latest-windows-x86_64.zip" "$dir\" -Force
mv "$dir\gamadv-xtd3\*" "$dir\" -Force
rm "$dir\gamadv-xtd3\"
$newchangeloglinescount=(Get-Content .\GamUpdate.txt | Select-String .*).count
Get-Content .\GamUpdate.txt -Head ($newchangeloglinescount-$oldchangeloglinescount-1)
} else {
# Nothing, GAM is already up-to-date
}
Then you just need to run the PowerShell script when you want to update the version of GAM. You can also setup the Windows Scheduler to run this PS1 file each month to keep you as up to date as possible.
Upgrading on these operating systems is much simpler than upgrading on Windows. All you have to do is run this script in the terminal.
Default path $HOME/bin
bash <(curl -s -S -L https://git.io/fhZWP) -l
If you need to specify a path.
bash <(curl -s -S -L https://git.io/fhZWP) -l -d <Path>
If you would like a bash script, a separate one was provided by Chris River.
oldchangeloglinescount=$(wc -l ~/bin/gamadv-xtd3/GamUpdate.txt | awk '{print $1;}')
bash <(curl -s -S -L "https://raw.githubusercontent.com/taers232c/GAMADV-XTD3/master/src/gam-install.sh") -l
newchangeloglinescount=$(wc -l ~/bin/gamadv-xtd3/GamUpdate.txt | awk '{print $1;}')
GREEN='\033[0;32m'
NC='\033[0m' # No Color
printf "${GREEN}This update includes the following changes:${NC}\n"
head -n $(($newchangeloglinescount - $oldchangeloglinescount)) ~/bin/gamadv-xtd3/GamUpdate.txt
That was nice and simple. You now have a bright and shiny updated installation.Â
Understanding the full capabilities of how to use GAM and GAMADV-XTD3 for your Google Workspace will increase your productivity and efficiency. Check out our full course of over 9 hours and 50 pages of free resources!
