... geez, barely two days for anyone to answer, and already you're declaring 'best answers' and stuff.
Give us ancients a chance to get bored and respond!!
1) The same file ... maybe. I'm of two minds on this. Several things apply: how secure is the building? How old are the files? Technically, each one should probably go into a seperate file, but they might have a program concatenating all the feeds into one file instead, so that's a GM decision. If the building is secure, then accessing the file may require having to target a different host; if it's a
really secure building, you may have to target multiple hosts in order to get all copies of the file. If the building is ultra secure, well, you need to get into the security office and do it in person.
As well, if the files are more than a week / day / hour old (again depending on the security level), you're going to have to go hunting backups. But for my money, editing the file in order to scrub the presence of that-which-you-don't-want-to-be-there is wiser than just nuking the file. Up to your boys, though...
2) Old editions used to have a program that would riffle through the files on a host, looking for just this sort of thing. You can, if you
want, let the player purchase this sort of thing - but I would also require such a purchase
every time they go on a run, minimum every 2 weeks (if your run goes on that long) for updated information on 'what's hot right now', i.e. what is old news and what's actually valuable paydata.
Purvue's answer tells you how to get the file once you're aware of its existence - but to be honest, you need a way to locate 'Random File Worth Money', which is not gonna be the file's name, and which does not, so far as I am aware, exist in 5E. You need a program that does keyword searches on files ... hm. The old Evaluate program is the one you want; for SR5, I would probably charge your player's character 2000¥ for a Stage 1 Evaluate (max hits 8 ), and 5000¥ for a Stage 2 Evaluate (max hits 24). The program would
enable the character to probe a host - and
only a host - by performing a modified Matrix Search Extended action - Computer + Intuition [Data Processing] vs. Host Rating - with the incredibly-vague 'looking for something valuable' keywords. The Evaluate program itself of course possesses the actual keywords that its creators have assembled based on knowledge skills like Biotechnology, Cybertechnology, Weapon Design, High-Energy Physics, and other erudite skills; having that program loaded
allows you to wave your hand vaguely and say, "find me somethin' worth sellin'."
Good news is, since the decker can only probe a host, you'd be looking at a base time of 1 minute per test. Bad news is, since this is
automatically an illegal act - look, buddy, you're not trying to locate a file you know exists, you're going through
all their files - your Overwatch score is going to be going up by the Host's hits on the opposed test. For every 8 hits, however, you locate a file worth selling - 1 file using a Stage 1 program, or up to 3 (if you can stand the heat in the kitchen) using a Stage 2 program. (GM to GM, that's the highest I'd allow the program to go.)
"But Wyrm," you ask, "what's the file worth?" Well, that depends on the quality of the host you pulled it off. As a benchmark, though, I'd say each one would be able to be sold for between 250-400¥ per host level - the higher the host level, the more likely you're going to find something juicy, y'know? A small policlub isn't likely to have much worth selling; you
might break even. That regional corporate host on the other hand, will be worthwhile - if you can persuade it to give up its secrets in time.
Once the Analyze gives you the name of the file(s), you can extract it (or them) as purvue says.
3) Depends on the building's ownership. A megacorporation (AA or AAA) will give a basic setup to the county, but they might not even be told where the A/C unit is going, much less the entire system. If that's all you need, then you're in luck - but in some cases, not even that is going to be useful. What you would want is
most likely going to be found in the building's security host - because building security
always needs up-to-the-second maps.
A clever decker will 'borrow' said file several days before, copy the information, make a modified version while the rest of the group plans the infiltration, then slips into the security host just before the run. This allows him to a) compare the stolen plans to their most up-to-date ones and alert the team to any alterations, and b) substitute his fake ones for the real plans, in order to screw up security response.
4) Several places. Personnel host. Security host. What 'etc.' you need is going to determine, in a large part, where the information is to be found - because the security file may have name, job type, phone, address, biomonitor information (i.e. fingerprint, retinal print, voice print) and office location, while the personnel host is going to have the name, job type, job title, specialist knowledge/duties, phone number, and office location (and maybe pay rate!!). Different information in different places. And of course the research host is going to have what they're actually working on ....
5) Not as tough as it might seem. Identify if their security is in-house; most corporations from A-rated on up are going to have their own for the critical areas, contracting out only for low-level security zones, like warehouses full of Goopee Galoshees for next week. Presuming it's in-house security, finding out where they physically are, though, should be found in the security host - by which I mean my answer to #3
and #4. If he's on the job, he'll be in the security office - where-ever the security office for this building is. If he's not on duty, then his address information is going to be in his security file.
6) This is the sort of thing that you need a 'find me this file' hunt to get, honestly. The host needs to know this information; it isn't going to be hardwired, which means it's going to be in an executable file (or some damn thing)
somewhere on the host. What you
really need is to figure out the name of the file - which may require you to deduce their naming conventions, which can be a pain. However, at that point you're hunting for seriously private protocols, and I'd require you to perform a heavily-contested Matrix Search action (as I described for the Evaluate program above) and give you a minimum Threshhold on that hunt of [Host Rating x 2]. Maybe [Host Rating x 3]; Sux2BU. Rewriting/replacing that file should be even tougher ... but also theoretically possible.
Theoretically.
7) Prior editions (3rd) did bring forth the idea of creating a valid user ID for yourself on a host; depending on the access given to the user ID, it became harder, and lasted for a shorter period of time. The best thing to do, however, was to slice into a host, hack yourself superuser / sysadmin / security idents, and then pull back for a day or so to let the system reset. Then you logged in with your fake ID, scrubbed all OTHER superuser / sysadmin / security idents, and basically owned the system while the security deckers found their own IC pounding the shit out of them.
How would I do it, until Happy Trails comes out? Probably the above Matrix Search to find the file, then give the Host its Rating x 2 (baseline security), x 3 (superuser), or x 5 (sysadmin) when it comes to its turn to oppose you trying to tamper with it.
Yes, this shit
should be hard. Deal.
