Configuring the HaloSHARE

Using the configuration tool, you can quickly set up the HaloSHARE.

License Activation

A license for a product is necessary for access to features and support, legal compliance, security, and reliability. The primary Secude licensing method uses a Key-based license that regulates and allows access to the application's features. Therefore, to enable features, we suggest obtaining the license key from Secude support before installing the HaloSHARE.

Key-based License
Upon purchase or registration with Secude, a special "license key" is provided to the user to control the use of the application. After installing the service, the administrator must enter the license key, which is an alphanumeric code, in the configuration tool to activate the license. By entering this key, the entire functionality of HaloSHARE is unlocked, and the user's authorization to use it is validated.

This document does not cover all the specifics of purchasing a license. Please get in touch with Secude’s representative for additional details.

To complete the license activation, carry out the following steps:

Navigate to the destination folder you specified during installation. The default folder is C:\Program Files\Secude\HaloSHARE.
Run the program HaloSHAREConfiguration.exe with Run as Administrator permission.
The HaloSHARE Configuration screen will appear, and on the configuration screen, click License Information.
The License Details screen will appear as shown below:
HaloSHARE Configuration screen
Enter the license key and click Activate License.
Please be patient while the license key activation is completed. Depending on your needs, you may have received a license that includes MPIP labeling, PDF watermarking, CAD watermarking, and Office file watermarking. The screen below illustrates having all features enabled.
Results:
1. Once the license has been successfully activated, you will receive a confirmation message that includes comprehensive license details. Additionally, you can obtain the information at any time by clicking Get License Information.
2. You will see the enabled feature listed under the FeatureName in the activated license.
3. If the License Status is Active, it means you entered a valid license key, whereas a license error means you entered an incorrect license key.
Related tasks:
1. License Deactivation: Administrators may deactivate a HaloSHARE license for a variety of reasons, based on your organization's standards and specific scenarios. To do so, click on Deactivate License.
2. Please note that a license is deactivated automatically if HaloSHARE is uninstalled.
3. If your license expires, enter a new license and click Update License, or activate it using the tool hsadm.exe. For more details, refer to the section “Service Configuration using Admin Tool”.

Supplier Configuration

HaloSHARE can encrypt files with either a Static Permission label or a Custom Permission.

Difference between Sensitivity Labels and Custom Permissions

Sensitivity Labels - These labels are maintained by each organization's administrator who defines the permission set in the Microsoft Purview portal. These are also known as administrator-defined permissions.

Custom Permissions - This is a list of permissions available for user selection in the HaloSHARE application UI. They are also known as user-defined permissions.

Quick Start on Configured Suppliers

The Configured Suppliers pane on the right side of the screen on the configuration tool displays a supplier and the folder path with whom you have shared sensitive business data. For example, if “Prestin Engineering” is a supplier and C:\Prestin Engineering is the source path where you store Prestin-related business data internally. Additionally, to share it with Prestin representatives in a shared folder, you would have a destination folder where files are copied from the source folder. You can configure similarly with different source and destination folders for other suppliers, such as "Manifold Dynamics" and "Oriental Construction".

File overwriting occurs when the same file is moved repeatedly to the same source folder.
1. Case 1: Without the Move to Destination Path option.
  File Protection: Suppose the source folder is configured with the text file extension and Move to Destination Path is not selected. Copy a text file (sample.txt) into the source folder; the file is encrypted and named sample.ptxt. If you place the same (sample.txt) file back into the source folder, the existing sample.ptxt is overwritten.
  Watermarking: Suppose the source folder is configured with the PDF file extension and Move to Destination Path is not selected. Copy a PDF file into the source folder; the file is watermarked. If you place the same PDF file back into the source folder, the existing file is overwritten.
2. Case 2: With the Move to Destination Path option.
  File Protection: When a file is moved to the source folder, it is encrypted and sent to the destination folder. When you place the same file in the source folder, it is treated as a new file, encrypted, and moved to the destination folder. The existing file in the destination folder will be overwritten.
  Watermarking: When a file is moved to the source folder, it is watermarked and sent to the destination. When the same file is placed in the source folder, it is treated as a new file, watermarked, and moved to the destination folder. The existing file in the destination folder will be overwritten.
It is not allowed to set the same folder or subfolder path for more than one supplier.
OneDrive service and our HaloSHARE service cannot access the same file simultaneously. Also, HaloSHARE and SharePoint services cannot access each other simultaneously. An access violation or access denied error will occur in such a scenario.

How to Configure HaloSHARE

To configure the HaloSHARE service, navigate to the destination folder you specified during installation. The default folder is C:\Program Files\Secude\HaloSHARE. Double-click on the HaloSHAREConfiguration.exe file, and the HaloSHARE Configuration screen will appear as shown below.

Configuring Suppliers

Enter the following details in the HaloSHARE Configuration screen.
Supplier Configuration fields
Enter the supplier's name in the Supplier Name box, whose files must be protected. For example, Prestin Engineering
Click the Browse button next to the Folder Path to select the source folder that HaloSHARE should monitor. For example, C:\Supplier 1\Prestin Engineering
Enter the file extension in the File Extension box. Based on the file extension you configure, HaloSHARE applies either watermarking, protection, or both, with no impact on the other (unconfigured) files in the source folder. However, if Move to Destination Path is selected, both processed and unconfigured files will be moved to the destination folder. For example, .dwg, .prt.
1. Note: You can add the asterisk symbol (*) or Creo file formats along with iteration. For example, .prt.1.
2. Please refer to the supported file types under the section 'System Requirements' for details on the files that will be included with the asterisk symbol (*).
Select Recursive Scan to scan all subfolders within the source folder and apply watermarking, protection, or both to the files. If this option is not selected, only files in the source folder are processed.
Select the Move to Destination Path option to transfer the files (which are either protected, watermarked, or both) from the source folder to the destination folder. The destination folder can be another shared folder where you store files for external access, such as those associated with a supplier, vendor, or external consultant. For example, the destination folder could be a SharePoint or OneDrive folder.
Click the Browse button next to the Destination Path to select the destination folder. HaloSHARE will copy the processed files (protected, watermarked, or both) to this destination folder, which is accessible to the specified supplier. For example, C:\SharePoint\Prestin. As a result, the files from Folder Path (C:\Supplier 1\Prestin Engineering) will be moved to Destination Path (C:\SharePoint\Prestin).

Configuring File Protection Attributes

Note: If you have only selected the Watermarking feature during installation, the label selection option will be disabled in the configuration screen.

MPIP configuration

Select a label from the MPIP Label list based on the level of authorization you want to provide the supplier. For example, HCAD Confidential. Alternatively, you can select a label with no encryption settings. In this case, you will receive a message "The selected MPIP label has no encryption settings and can only be applied to MIP SDK-supported file types.". If you want to apply such a label, enter the file types that are supported, such as .txt, .docx, and .pdf.
Alternatively, you can use a custom permission label. Please skip to point 3.
If you want to give a user full access to the file, i.e., make a user the owner of the file, enter a user email ID in the Owner Email ID. For example, Designer@halosecude.onmicrosoft.com
Select Custom Permissions if you want to set the permission now or if the MPIP label has not yet been defined. The author can assign permission to users, groups, or organizations based on the permission level.
1. From the Select Permissions list, select the level of access you want the users to have when you protect the file (Viewer - View Only / Reviewer - View, Edit / Co-Author - View, Edit, Copy, Print / Co-Owner - All Permissions / Only for me). To know the usage rights of the permissions, please refer to the section "Permissions Level and Usage Rights".
2. Specify the users who should have permission to access your file in Enter Users, Groups or Organizations. Type their full email address, a group email address, or a domain name from the organization for all users in that organization separated by comma or space, or semicolon. For example partner@halosecude.com;prestin-support@prestin.com;prestin-techcad@prestin.com
3. You can specify how long the labeled file can be accessed in the Expire access field. Use the Never option if you want the label to never expire and to have unlimited access to the file. It can be used for less sensitive content. Alternatively, for highly sensitive content, select a date on the calendar so that recipients other than the owner cannot access the file after the expiry date.
4. Click Add Supplier and then click Restart Service. Repeat the previous steps to add more suppliers.

Configuring Watermarking Attributes

Note: If you have only selected the MPIP feature during installation, the Watermark Configuration option will be disabled in the configuration screen.

To configure watermarking visuals, click Watermark Configuration.
The WaterMarkConfiguration screen will appear as shown below:
Watermark configuration screen
Enter the text to be embedded in the files. By default, the watermark will be applied diagonally. You can type any text suited for the sensitivity level of the document on watermark lines 1, 2, and 3. For example:
1. Watermark Line 1: Confidential
2. Watermark Line 2: Prestin Engineering
3. Watermark Line 3: All rights reserved. Refer to the disclaimer.
4. Font Size: Enter the font size. For example, 20. By default, the font used is Times New Roman.
In the Custom Properties section, add the elements (metadata) to the table, which will be included in the document's custom properties. You can customize the keys and values based on your business needs.
1. In the Key column, provide key names and specific details about each key in the Value column.
2. For example, in the figure above, key names such as Project Name and Issued Company are added, along with their corresponding values Project_Building_Structure and Secude.
3. To remove the added custom properties, select the row, right-click, and choose Delete.
Click OK.
Click Add Supplier and then click Restart Service. Repeat the previous steps to add more suppliers.

A quick way to create a new supplier

To effortlessly duplicate and create a new supplier from an existing supplier, simply select an existing supplier from the node, edit the Supplier Name, Folder Path, Destination Path, and any other variables as needed, and then click Add Supplier. The modifications you made and the current supplier configurations will be added to the new supplier.
Clicking the root node, Suppliers in the left pane, resets the configuration screen, allowing you to add new details and create new suppliers.

Results:

You will see a confirmation message after the supplier has been successfully added.
The name of the supplier will be added to the list on the left pane.
The supplier detail can be viewed on the right pane by clicking the supplier name node.
You will see a confirmation message after successfully restarting the service.

Related tasks:

To remove a supplier from the list, click Remove Supplier.
If you change the configuration, click Update Supplier to make the changes take effect.
After making changes, restart the HaloSHARE Service.
You can find license and service information in the log C:\Users\UserName\AppData\Local\Secude\HaloSHARE\log.

Adjusting the watermark display to the background and retaining the existing header

To display the watermark in the background instead of the foreground in Excel and PowerPoint, manually add the following registry key, enable_legacy with the value true. This makes it possible to add or edit content, just like in Microsoft Word, by enabling the watermark to appear in the background.
In a Word document that already has a header, HaloSHARE removes it and adds its header to each part independently. To retain the original header of a file while applying a watermark, manually add the registry key below and set it to true in the path Registry Root Directory = HKEY_LOCAL_MACHINE\SOFTWARE\Secude\HaloSHARE.

Name	Type	Data
enable_legacy	REG_SZ	true

Manual addition of key

What happens to unconfigured file types?
Any files that are not specified in the HaloSHARE settings should be shared with caution. If you have configured Move to Destination Path, these files will be moved to the destination folder unprotected or without a watermark or digital signature. Users must therefore be aware of this type of file sharing.

How to Relabel a File or Modify the Applied Label

A designer may need to relabel files in the supplier folder for various reasons, and in some cases, they may decide to remove protection. To accomplish this, HaloSHARE provides the option to remove protection and relabel features by setting the registry key enable_relabeling=on.

Files encrypted with MPIP label can be relabeled with Custom Permissions, and vice versa for files encrypted with Custom Permissions.
Files encrypted with Custom Permissions can be decrypted using the Remove Protection label.

Prerequisites:

Make sure you are the owner of the document, a user with superuser privileges, or a user with export permissions assigned to an already applied label.
Make sure that the API permission for relabeling has been configured in the application. For more information, refer to the section “Additional Permission (Only for Relabeling)”.
Enable the relabel feature by changing the registry key enable_relabeling from off to on. For more information, please refer to the section "Registry Settings".

Follow the procedure to relabel.

Double-click on the HaloSHAREConfiguration.exe file.
On the HaloSHARE Configuration screen, change the label as needed. Please note that applying the Remove Protection label will remove protection.
Click Update Supplier and then click Restart Service.
Results:
1. Relabeling: The files in the supplier folder will be updated with the new label.
2. Removing protection: The files in the supplier folder will be successfully decrypted.

Service Configuration using Admin Tool

After installing HaloSHARE, you may want to change the configuration. To do so, run the tool ...\Secude\HaloSHARE\hsadm.exe to view the commands. Please note that the admin tool does not support uppercase.

How to update MPIP labels in HaloSHARE?

If an MPIP label is added, removed, or updated in the Microsoft Purview portal, the administrator should restart the HaloSHARE Service so that the changes will take effect.

When is it necessary to restart the HaloSHARE service?
Whenever you modify the HaloSHARE registry settings, you need to restart the HaloSHARE Service.

hsadm.exe commands

Service Control Commands

hsadm.exe -sc list

Use this command to view the service.

Output

For a Domain User

Display Name: Secude HaloSHARE
Service Name: HaloSHARE
Domain: HC.test
User Name: HC.test\administrator
Service Mode: MPIP

For a Non-Domain local user:

Display Name: Secude HaloSHARE
Service Name: HaloSHARE
Domain: .
User Name: .\superdocs
Service Mode: MPIP

hsadm.exe -sc start <service>

Use this command to start HaloSHARE. Note: This can be used only after setting user credentials to run HaloSHARE.

For example,

hsadm.exe -sc start HaloSHARE

Output

Service Started successfully.

hsadm.exe -sc stop <service>

Use this command to stop the HaloSHARE.

For example,

hsadm.exe -sc stop HaloSHARE

Output

Service Stopped successfully.

Log Command

hsadm.exe -log <clean|on|off>

clean: removes all files from the logging directory.
on: enables the service logging.
off: disables the service logging.

For example,

hsadm.exe -log on

Output

Current log enabled, level = 3.

INFO,Log already on.
C:\Users\Administrator\AppData\Local\Secude\HaloSHARE\log\

hsadm.exe -log level <1|2|3|4>

Log level: 1: Error and Info
Log level: 2: Error, Warning, and Info
Log level: 3: Error, Warning, and Info
Log level: 4: Error, Warning, Info, and Debug

For example,

hsadm.exe -log level 4

Output

Current log enabled, level = 3.

INFO,Logging enabled, level = 4.

hsadm.exe -log purge <days>

Use this command to set a time for log purging, i.e., the no. of day(s) by which the logs will be deleted.

For example,

hsadm.exe -log purge 2

Output

Current log enabled, level = 4.

INFO,Log files purge set to 2 day(s).

hsadm.exe -log rollover <minutes>

Use this command to set a log rollover time, i.e., the minute(s) by which a new log file will be generated.

For example,

hsadm.exe -log rollover 60

Output

Current log enabled, level = 4.

INFO,Log files rollover set to 60 minute(s).

MPIP Commands

Update MPIP Certificate

hsadm.exe -sc updatempipkeycba <service> <Certificate Store ("Current User"|"Local Computer")> <Certificate Thumbprint> <Tenant Name> <Application ID>

Use this command to update the new MPIP CBA (Certificate-Based Authentication) Keys.

For example,

hsadm.exe -sc updatempipkeycba HaloSHARE "Current User" 6e9685132e2e86d1b0af75a848fcc7c0ec29839b halosecude.onmicrosoft.com u8352197-65e0-4fd2-9efb-b90027b801fb

Output

Policy XML file fetched successfully.

MPIP key updated successfully.

Update MPIP License Key

hsadm.exe -sc updatelickey <service> <License Key>

Use this command to update the License Key

For example,

hsadm.exe -sc updatelickey HaloSHARE B27N-CMTO-LWGH-AKEQ

Output

Spring License Key updated successfully

Display MPIP key

hsadm.exe -sc getvault -user <domain\user> -pwd <password>

Use this command to know your MPIP key information.

For example,

hsadm.exe -sc getvault -user .\administrator -pwd #9y->\"raQ8<

Output
Application ID: u8352197-65e0-4fd2-9efb-b90027b801fb

Tenant ID/Name: halosecude.onmicrosoft.com

Certificate Store: LocalComputer

Certificate Thumbprint: 6e9685132e2e86d1b0af75a848fcc7c0ec29839b

License Spring Key: B27N-CMTO-LWGH-AKEQ

hsadm.exe -enablefips <true|false>

Use this command to enable/disable the FIPS mode.

For example,

hsadm.exe -enablefips true

Output

Enabling FIPS module started.

Service Stopped successfully.

Extracting fips module files done.

Trying to Install fips modules for this pc.

fips modules configuration generated for this pc successfully.

Service Started successfully.

Watermark details

Display Watermark key

hsadm.exe -sc getvaultWM -user <domain\user> -pwd <password>

Use this command to get your watermark licensing key information.

For example,

hsadm.exe -sc getvaultWM -user .\administrator -pwd #9y->\"raQ8<

Output

Certificate Store: LocalComputer

Certificate Thumbprint: 6e9685132e2e86d1b0af75a848fcc7c0ec29839b

License Spring Key: B37N-CSUO-LWIJ-AKBS

Help Commands

Registry Settings

The following section explains how the registry is used to store service settings. To modify the registry value, open Registry Editor, navigate to this path Registry Root Directory = HKEY_LOCAL_MACHINE\SOFTWARE\Secude\HaloSHARE, and modify the Reg Key as you want. Any changes to the registry will require a restart of HaloSHARE to take effect.

Name	Default value	Type	Description
dir_common	`common`	REG_SZ	The path to the directory where all the dependent DLL files are stored for the execution of HaloSHARE.
dir_log	`log`	REG_SZ	Log files are generated in the service running user's local profile i.e., in the following location `%LOCALAPPDATA%\Secude\HaloSHARE\log`.
dir_tmp	`tmp`	REG_SZ	It stores the temporary files located at `%LOCALAPPDATA%\Secude\HaloSHARE\tmp`.
dir_vendor	`C:\Program Files\Secude\`	REG_SZ	This is the Secude’s vendor directory under which Secude’s components will get installed. For example, `HaloSHARE`.
enable_fips	`false`	REG_SZ	true: By selecting this option, MPIP only uses FIPS-compliant encryption algorithms. false: MPIP uses standard encryption algorithms.
enable_relabeling	`off`	REG_SZ	Defines the status of the relabeling. On = Relabel feature is enabled to change the applied label or remove the label to decrypt the file. Off = Relabel feature is disabled.
haloshare_config_file	`haloshare_config.enc`	REG_SZ	Name of the configuration file that includes information about the folders and other essential parameters.
log_enable	`on`	REG_SZ	Defines the status of the log. On = Log file will be generated in the default location Off = Log file will not be generated Clean = Log files will be deleted. This parameter deletes only the logs and does not modify the log_enable to "Clean" from "on/off”.
log_level	`3`	REG_SZ	Log level: 1: Error and Info Log level: 2: Error, Warning, and Info Log level: 3: Error, Warning, and Info Log level: 4: Error, Warning, Info, and Debug
log_purge	`7`	REG_SZ	It indicates removing files older than a defined time frame. By default, the log files older than 7 days will be deleted.
log_rollover	`100`	REG_SZ	Defines the log rollover time, i.e., a new log file will be generated based on the specified minute(s). By default, a new log file will be generated every 100 minutes.
ls_proxy		REG_SZ	Allows you to use a proxy server to access Secude’s License Manager. This is an optional feature that must be utilized only if your firewall is blocking License Manager. Enter proxy server settings in the format `<URL>:<PORT>`. For example, `http://10.41.0.130:808`. Please make sure to restart the service.
scan_wait_time	`5`	REG_SZ	It indicates the service's waiting time and begins scanning after 5 seconds if the folder has not been modified.
version		REG_SZ	The version number of the installed service.

Configuration in the Registry

Configuring Endpoint

Registry path of endpoint = HKEY_LOCAL_MACHINE\SOFTWARE\Secude\HaloSHARE\ep\HaloSHARE

Name	Default value	Type	Description
block_pii	`false`	REG_SZ	Enable or disable the visibility of Personally Identifiable Information (PII) in the MIP SDK logs. The MIP SDK logs are located at`%LOCALAPPDATA%\Secude\HaloSHARE Service\log\mip_cache_storage\mip\logs\mip_sdk.miplog.` false—PII will be visible in clear text in the MIP SDK logs. true—PII will be masked with asterisks in the MIP SDK logs. This helps to protect the PII's confidentiality.
cachetype	`1`	REG_SZ	MPIP cache storage type used by the service. In Memory—0, maintains the storage cache in memory in the application. On Disk—1 (default storage type), stores the database (SQLite3) on disk in the directory provided in the settings object. The database is stored in plaintext. On Disk Encrypted—2, stores the database (SQLite3) on disk in the directory provided in the settings object. The database is encrypted using OS-specific APIs.
cacheuserlicense	`1`	REG_SZ	0—false, End User License (EUL) will NOT be stored in the MPIP cache storage. 1—true (default value), End User License (EUL) will be stored in the MPIP cache storage.
cloudtype		REG_SZ	User's Azure Cloud Type. For example: Commercial.
credential		REG_SZ	Domain or computer name, name of the user under which the HaloSHARE service runs
databoundary	Default	REG_SZ	Audit and telemetry events are sent to the nearest collector, where these events are stored and processed. Other options: Asia Europe_MiddleEast_Africa European_Union North_America For example, if your AIP administrator sets North_America, the HaloSHARE service forces all telemetry and audit data to go directly to North America.
domain		REG_SZ	Name of the domain.
enabledke	0	REG_SZ	Double Key Encryption 0—(default value) - disables the DKE functionality in the HaloSHARE service. 1—(On) - Enables the DKE functionality in the HaloSHARE service. Please be aware that DKE labels are only visible when DKE functionality is enabled.
enablefiletracking	0	REG_SZ	Obtain the protected file's content ID to track the file. 0 (default value)—the content ID does not get extracted for the use of File Tracking. 1—the content ID will be extracted for the use of File Tracking.
IterationLimit	10	REG_SZ	Iteration limit for Creo file types. The default value is 10, however, you can modify and set your limit. Example: `test.prt.1`, `test.asm.2`
MIPAuthType		REG_SZ	Type of authentication method. MSALCBA for MPIP mode.
mode		REG_SZ	Type of HaloSHARE features. MPIP, Watermarking, or Combined.
policycloudurl		REG_SZ	Policy Cloud URL. For example: `https://dataservice.protection.outlook.com`
protectioncloudurl		REG_SZ	Protection Cloud URL. For example: `https://api.aadrm.com`
service	`HaloSHARE`	REG_SZ	Name of the service. By default, it is HaloSHARE.
streambuffersize	`10`	REG_SZ	It is a buffer size used for memory-based encryption with the MIP SDK. When the allotted buffer size is exceeded, an additional memory of stream buffer size is allocated, and this process is repeated until the encryption/decryption operation is completed. The default setting is 10 MB.

Configuring Endpoint

Proxy Configuration

Many enterprises enforce a Group Policy Objects (GPO) that requires all outbound internet traffic routed through a proxy server. These proxy settings need to be used by both the MIP SDK and the MSAL library for MPIP authentication and functionalities. To use proxy settings for the MSAL library, we need to set the msal_proxy_address in HKEY_LOCAL_MACHINE\SOFTWARE\Secude\HaloSHARE.

Name	Type	Data
msal_proxy_address	REG_SZ	`<http://IP Address>`

Configuring MSAL proxy

If the above does not work for service-running users, in such cases, set the registry keys ProxyServer and ProxyEnable in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings.

Name	Type	Data
ProxyServer	REG_SZ	`<http://IP Address>`
ProxyEnable	REG_SZ	1 to enable. 0 to disable.

Configuring proxy

To allow MIP SDK to use the proxy settings set up in your environment, follow the steps below:

Determine whether the proxy server has been properly set up by running the following command.

C:\Windows\system32>netsh winhttp show proxy

Current WinHTTP proxy settings:

Direct access (no proxy server).

If the response to the command is as shown above, it indicates that the proxy server has not been configured in the registry for winhttp.

To configure the proxy server for winhttp, use the following command:

Syntax: C:\Windows\system32>netsh winhttp set proxy <proxyservername>:<portnumber>

Example: C:\Windows\system32>netsh winhttp set proxy 190.160.166.191:168

In this case, the proxy server that has been set up with 190.160.166.191:168. Once this is executed successfully, the registry gets updated with the proxy server URL and HaloSHARE Service will make sure of the proxy settings.

How to Access Protected Files

After setting HaloSHARE in your environment, you may start sharing business files in folders. Once the files have been protected, you should know how to open MPIP-protected files with HaloCAD Add-ons. For information on how to open a protected file, refer to the corresponding HaloCAD Add-on documentation.

Opening a HaloSHARE-watermarked Files

To view the HaloSHARE watermarked CAD files, the HaloCAD Add-on for the CAD application is required. For information on how to view a HaloSHARE watermarked CAD file, refer to the HaloCAD Add-on documentation.

Viewing Watermark metadata in CAD files:

RVT: Install the RevitLookup tool to view the metadata. For more details, please refer to “Watermark in RevitLookup”.
DWG: Go to the file's Custom Properties to view the metadata.
IFC: Open the file in any text editor, and scroll to the end to view the metadata.

HaloSHARE-watermarked PDF file

HaloSHARE-watermarked Word file