Tchater maintenant avec le support
Tchattez avec un ingénieur du support

ControlPoint 8.6 - Administration Guide

Preface Configuring the Environment in Which ControlPoint Will Run The ControlPoint Configuration Site Managing Your Farm List Managing Your ControlPoint License Granting ControlPoint Access to Web Applications and Content Databases Configuring ControlPoint Services Using Discovery to Collect Information for the ControlPoint Database Cache Using Sensitive Content Manager Services Setting Sensitive Content Manager EndPoints and Managing Scanning Preferences Managing ControlPoint Configuration and Permissions Modifying ControlPoint Configuration Settings
Changing Default Settings for Actions and Analyses
Supress "Item is inherited - no processing done" Message(SkipNotDoneMsg) Maximum Line Items in Real-time (REPCAP) "Use Cached Data" Default Value (CACHEDREP) Abort Report Processing on Error (ABORTREPORTONERROR) Display "Include users with AD group membership" Parameter (SHOWADGROUPS) Copy/Move Default Temporary Location (TEMPLOCATION) Time to Retain Page Data in Cache (CACHEREPORT4) Time to Retain Temporary UI Objects in Cache (UICACHEDURATION) Number of Reports to Keep in Memory After Drill-Down (RVSESSIONSKEPT) Exclude Web Application(s) from Statistics List (DASHBOARDWAPEXCLUDE) Number of List Items to Display in Selection Grid (DISPLAYSINGLELISTITEMS) Use Activity Min. Date as Start Date (UseActivityDbDate) "Show unique permissions only" Default Value (SHOWUNIQUEPERMONLY) Duplicate Files Report Limit (DuplicateFilesReportLimit) Users to Exclude from Reports (EXCLUDEDUSERS) Eliminate Claims Prefix from Username in Reports (UseCleanedLoginNameInReports) Maximum Number of Orphaned Users to Delete Per Scheduled Batch (OrphanDeleteBatchSize) CSV Delimiter Character (CSVDELIMETER) Largest Active Directory Group to Expand in Reports (MAXMEMBERS) Maximum Number of Users to Act On (MAXUSERSFORACTION) Hide the "Set User Direct Permissions" Action in Permissions Management (PREVENTUSERPERMS) Prevent Set Site Collection Quotas (PreventSetSCQuota) Show Nested Active Directory Groups (PROCESSADHIERARCHY) Hide Interactive Analysis Link (RESTRICTSL) Use Minimum Activity Date as Start Date (USEACTIVITYDBDATES)
Changing Default Settings to Improve Application Performance Audit Log Configuration Settings Changing Settings for Anomalous Activity Detection Restricting Functionality for Members of the Business Administrators Group Changing Default Settings for ControlPoint User Groups Changing Settings to Improve Discovery Performance Changing Settings to Accommodate Special Environmental Factors Changing Default Settings for Navigation Managing Site Provisioning Settings Specifying Global Settings for ControlPoint Policies Setting Preferences for the ControlPoint Scheduler Miscellaneous and Custom Configuration Settings Special-Purpose Configuration Settings
Changing Trace Switch Logging Levels Archiving SharePoint Audit Log Data Troubleshooting
ControlPoint Log Files Troubleshooting Configuration Errors Troubleshooting the ControlPoint Application Interface Troubleshooting Discovery Troubleshooting SharePoint Users and Permissions Troubleshooting Site Provisioning Troubleshooting ControlPoint Operations

How ControlPoint Counts Users

ControlPoint counts all individual users who currently have permissions in SharePoint, either directly, through an Active Directory group, and/or through a SharePoint group.  

Excluded from this user count are:

·external or anonymous users

·sharepoint\system

·most built-in Active Directory accounts

NOTE:   ControlPoint will consider the account NT Authority\authenticated users and the Active Directory group Everyone to encompass all active Active Directory users (that is, for these groups, users hose accounts have been disabled in Active Directory will not be counted). If either of these accounts has permissions within SharePoint, it will be reflected in the user count.

 

TIP:  If you suspect that there are disabled or deleted Active Directory user accounts that still have permissions in SharePoint, either explicitly or through a group other than NT Authority/authenticated users or Everyone, generate an Orphaned Domain Users report and delete them from SharePoint so they will not be included in the user count.

Renewing or Changing the Terms of Your ControlPoint License

Use the following procedure if you need to:

·extend the period of an evaluation license

·update your ControlPoint license to include additional SharePoint users

·upgrade from an evaluation version to a full version of ControlPoint, or

·reactivate a license that has expired or is about to expire.

To change the terms of a ControlPoint license:

1Contact Quest and request a license update.

2From the left navigation pane, choose LICENSE.

License Info

The License Status may be one of the following:

Valid

Expired

Disabled

Note that, if the logged in user is not a ControlPoint Application Administrator, the license key will not display and the [Reactivate License] button is not available.

License key hidden

To reactivate a license:

1Click the [Reactivate License] button to the right of the License Key field to display the Change License Key dialog.

2If you have received a new license key, overwrite the existing license in the License Key field.

3Use the information in the following table to determine the appropriate action to take.

If ....

Then ...

you have internet access and want to activate your license updates online.

make sure the Activate Online radio button is selected.

you do not have internet access and/or want to activate your license offline

select the Activate Offline radio button and follow the instructions that display in the dialog to complete the activation process.

Activate Offline dialog

NOTE:  Because the request for the Activation Data must be submitted via the Quest website, the request itself must be submitted from a machine that has internet access.  The Activation Data can then be copied to the server that hosts ControlPoint.

4Click [Activate].

Granting ControlPoint Access to Web Applications and Content Databases

ControlPoint Application Administrators must ensure that the ControlPoint Service Account has Full Control access rights to the Web application(s) if:

·a new Web application is added to a farm

·a new content database has been added to a Web application, or

·the permissions for the ControlPoint Service Account have been changed in or deleted from the Web application's policy.

If an account other than the ControlPoint Service Account is used as the Application Pool account, the following text will display beside the Web application icon in the left navigation pane:  "(ControlPoint does not have access to this Web app.  Access must be granted via the ControlPoint Configuration Wizard.)"  

WAP Grant Access UI

If a content database has been added and access rights have not been granted, site collections beneath the text "Inaccessible" will display.

You can grant access rights to Web applications and content databases from the server on which ControlPoint is installed.

To grant access to additional Web application(s) or Content Database(s):

1.Log into the server where ControlPoint is installed as the ControlPoint installation account.

NOTE:  As a sysadmin, the ControlPoint installation account has the permissions required to grant access rights.

2.Launch the ControlPoint Configuration Wizard.

After the ControlPoint Components check has completed, click [Continue].

The Configuration Wizard Welcome dialog displays.

3.Click Grant Access to New Web Apps and Content Databases.

Configuration Wizard GRANT ACCESS

 

Once access has been successfully granted, a confirmation pop-up displays.

Access Granted New

NOTE:  If no new Web applications or content databases have been added, the pop-up will display the message All Web apps and content databases are already configured for ControlPoint.

Configuring ControlPoint Services

Toward the end of ControlPoint configuration process you have the option to configure the following Windows service(s):

·The ControlPoint Discovery Service is an alternative to the (default) ControlPoint Full Discovery timer job, which runs from SharePoint Central Administration.  The ControlPoint Discovery Service runs as a Windows Service, and is especially suited to very large SharePoint environments as it can significantly reduce Discovery run time.

AND/OR

·If Sensitive Content Manager is installed in your environment, ControlPoint Sensitive Content Manager (SCM) Services will allow you to use it within ControlPoint:

§as a means of checking for:

oContent Analysis (CA) jobs ready to be uploaded from ControlPoint to Sensitive Content Manager for scanning.

AND

oScan results ready to be downloaded from Sensitive Content Manager to ControlPoint for further action.

AND

§Because they support multi-threading, SCM Services are especially suited to very large content analysis jobs.

NOTE:  If you want to configure services at a later time, you can do so by launching the Configuration Wizard from the server on which ControlPoint is installed (using the same  login account used to install the ControlPoint application).  After you have verified the Wizard has finished checking installed components, select Configure Services.

Configure Services from Wizard

If you do choose to perform this action at later time, you will be prompted to complete the SharePoint online account validation dialog and authenticate using the Office 365 account used at the time ControlPoint was installed (which must be a Global Administrator for the tenant).

CP Online Install VALIDATE ACCOUNT

To configure ControlPoint Services:

1On the Configure Services dialog, select the service(s) you want to configure.installer configure services ON PREM

IMPORTANT:  

§The Service Account must meet all of the requirements of the ControlPoint Service Account, as well as permission to Run as a Service.

§Keep in mind that the latest version of ControlPoint Sensitive Content Manager Service will only work with version 2.0 or later of Metalogix Sensitive Content Manager.

2Select the service(s) you want to configure.

3Click [Continue].

4Click [Start Deployment].

The installer deploys the selected Windows service(s).

Installer Services Deployed

5When the services have been successfully deployed, click [Finish].

Additional Setup Requirement for the ControlPoint Discovery Service

Before you can use the ControlPoint Discovery Service for the first time, you must also perform the following configuration tasks on the General tab of the Discovery Setup application (located, by default, in the folder C:\Program Files\Metalogix\ControlPoint\ControlPointFeatures\Services\Discovery):

·For Configure Discovery to run under, select SharePoint Local, and

·Add the SQL Server Connection String for xcAdmin Database.

NOTE:  You can copy the Connection String from the file CPConfiguration.exe.config, located, by default, in the folder C:\Program Files\Metalogix\ControlPoint\ControlPointFeatures. Use the portion of the string that starts with the words Data Source and ends with Integrated Security = <value>.

CP Discovery Connection String

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation