Preface
Configuring the Environment in Which ControlPoint Will Run
The ControlPoint Configuration Site
Managing Your Farm List
Managing Your ControlPoint License
Granting ControlPoint Access to Web Applications and Content Databases
Using Discovery to Collect Information for the ControlPoint Database Cache
Using the Discovery Service
Using Sensitive Content Manager Services
Launching the Discovery Setup Application
Changing Discovery Service Configuration and Settings
Starting or Stopping the ControlPoint Discovery Service and Changing Discovery Service Properties
Monitoring the Discovery Service Queue
Running Discovery Interactively from the ControlPoint Application
Launching the SCM Services Setup Application
Changing SCM Services Configuration and Settings
Monitoring the Status of ControlPoint Interactions with SCM
Setting Sensitive Content Manager EndPoints and Managing Scanning Preferences
Managing ControlPoint Configuration and Permissions
Managing ControlPoint Users and Permissions
Preparing Your Environment for Using ControlPoint Sentinel
Modifying ControlPoint Configuration Settings
Setting Up ControlPoint Users and Groups
Auto-Adding Users to ControlPoint Groups
Making ControlPoint Accessible from within SharePoint
Configuring ControlPoint Menus
Customizing ControlPoint Menus
Defining Custom Properties to Apply to SharePoint Sites
Purging Historical Activity and Storage Data from the ControlPoint Services (xcAdmin) Database
Enabling Server Details to Display in the SharePoint Summary Report
Guidelines for Creating Customized Menus for Different Groups of Users
Accessing the ControlPoint Menu Maintenance Page
Creating a Custom Menu
Adding and Editing Custom Items in a Menu
Managing Access to ControlPoint Menus
Editing and Deleting Custom Menus
Customizing Your Favorites
Changing Default Settings for Actions and Analyses
Changing Trace Switch Logging Levels
Archiving SharePoint Audit Log Data
Supress "Item is inherited - no processing done" Message(SkipNotDoneMsg)
Maximum Line Items in Real-time (REPCAP)
"Use Cached Data" Default Value (CACHEDREP)
Abort Report Processing on Error (ABORTREPORTONERROR)
Display "Include users with AD group membership" Parameter (SHOWADGROUPS)
Time to Retain Page Data in Cache (CACHEREPORT4)
Time to Retain Temporary UI Objects in Cache (UICACHEDURATION)
Number of Reports to Keep in Memory After Drill-Down (RVSESSIONSKEPT)
Exclude Web Application(s) from Statistics List (DASHBOARDWAPEXCLUDE)
Number of List Items to Display in Selection Grid (DISPLAYSINGLELISTITEMS)
Use Activity Min. Date as Start Date (UseActivityDbDate)
"Show unique permissions only" Default Value (SHOWUNIQUEPERMONLY)
Duplicate Files Report Limit (DuplicateFilesReportLimit)
Users to Exclude from Reports (EXCLUDEDUSERS)
Eliminate Claims Prefix from Username in Reports (UseCleanedLoginNameInReports)
Maximum Number of Orphaned Users to Delete Per Scheduled Batch (OrphanDeleteBatchSize)
CSV Delimiter Character (CSVDELIMETER)
Largest Active Directory Group to Expand in Reports (MAXMEMBERS)
Maximum Number of Users to Act On (MAXUSERSFORACTION)
Hide the "Set User Direct Permissions" Action in Permissions Management (PREVENTUSERPERMS)
Prevent Set Site Collection Quotas (PreventSetSCQuota)
Show Nested Active Directory Groups (PROCESSADHIERARCHY)
Use Minimum Activity Date as Start Date (USEACTIVITYDBDATES)
Changing Default Settings to Improve Application Performance
Time to Run an Operation Before Timing Out (OPERATIONTIMEOUT)
Maximum Number of Objects to Processed in Parallel (MaxParallelProcs)
Operations Using Parallel Processing (ParallelProcs)
Objects Subject to Parallel Processing (ParallelProcSites)
SQL Command Timeout Value (COMMANDTIMEOUT)
Maximum Number of Objects to Pass to the Selection Builder (MaxObjectsForSelection)
Maximum Alert Processing Interval (MaxAlertProcessingPeriod)
Number of Seconds After Which Browser Reports Server Timeout (SERVERTIMEOUT)
Idle Time Before Session is Ended (STIMEOUT)
Maximum Size of Library in Which to Search for Web Part Pages (WEBPAGESLIMIT)
Audit Log Configuration Settings
ArchiveAuditLog Configuration Settings
Number of Days to Keep Audit Records (AUDITMAXDAYS)
Excluding Users from Audit Log Analyses (ExcludeUsersAudit)
Specifying Whether to Display Site Names in Audit Log Analyses (PROCESSAUDITNAMES)
Changing Settings for Anomalous Activity Detection
Enabling Anomalous Activity Detection via the ControlPoint Scheduled Job Review
Changing the Subject and/or Body of Anomalous Activity Detection Emails
Restricting Functionality for Members of the Business Administrators Group
Prevent Business Admins from Deleting Orphaned users (BAPreventDelete)
Prevent Business Admins from Running Cacheable Reports in Real Time (BAPreventRealTime)
Preventing Members of the Business Administrators Group from Emailing Scheduled Analyses (BAPreventScheduledEmail)
Show Full Hierarchy of Business Admin Sites
Changing Default Settings for ControlPoint User Groups
Show All Site Collections to Farm Admins (SUPERADMIN)
Remote Service Account Administrators for Cross-Farm Operations (RSAADMIN)
Auto Add Users To ControlPoint Group Maximum Group Size (CPGroupMemberLimit)
Permissions Needed to See List Items in Reports (ItemSecurityLevel)
Business Administrators Group Name (BADMIN)
Changing Settings to Improve Discovery Performance
Show Menu Items That Require Discovery (DiscoveryEnabled)
Exclude Web Parts from the Discovery (EXCLUDEWEBPARTS)
Site Collections to Exclude from Full Discovery (URLEXCLUDE)
Web Applications to Exclude from Full Discovery (WAPEXCLUDE)
Changing Settings to Accommodate Special Environmental Factors
Alternate Access Mapping Zone for Navigation and Report Links (URLZONE)
Enable SharePoint Server Functionality (MOSS)
Changing Default Settings for Navigation
Postpone Security Trimming of SharePoint Hierarchy Until Site Collection is Expanded (PostponeSecurityTrim)
Search Using Cached Data (CACHEDSEARCH)
How to Display Multiple Farms in SharePoint Hierarchy (FARMNAVIGATION)
Maximum Number of Objects to Display Before Foldering (NAVCAP)
Preload All Site Collections in Server-side Cache (PRELOADSITECACHE)
Show SharePoint Groups with No Permissions in Hierarchy (ShowNoPermSPGroup)
Display url or Site Name in SharePoint Hierarchy (SHOWURLASTITLE)
Maximum Number of Users to Display in SharePoint Hierarchy (SPUSERCAP)
Maximum Number of SharePoint Groups to Display in SharePoint Hierarchy (SPGROUPCAP)
Changing Default Settings for Compliance
Compliance Endpoints
Compliance Alert Email Text
Scan List Item Text in Addition to Attachments (IncludeTextWhenScanning)
Add Scan Results and Terms Detected Columns to SharePoint Lists
Scan List Items via ControlPoint Policy when Adding or Updated to SharePoint List
Managing Site Provisioning Settings
Maximum Number of Provisioning Requests in Completed an Rejected Folders
Changing the Subject and/or Body of Provisioning Request Emails
Configuring the Site Provisioning Workflow Settings (SharePoint Server)
Specifying Global Settings for ControlPoint Policies
Users to Exclude from All ControlPoint Policies (CPPOLICYSUPERUSERS)
Content Creation Policy url (POLICYSERVICEURL)
Setting Preferences for the ControlPoint Scheduler
Maximum Number of Scheduled Jobs to Submit at One Time (MAXSUBMIT)
Number of Minutes Scheduler Will Wait Before Next Group of Jobs (OVERIDESCHEDULETIMERMINUTES)
Maximum Line Items in Scheduled Report Results (SCHEDULEDREPCAP)
Defining "Admins" for Scheduled Analysis Results Distribution (SiteAdminCriteria)
Permissions Level for Site Admin Definition for Scheduled Report Distribution (SiteAdminPermissionLevel)
Miscellaneous and Custom Configuration Settings
SQL Server Connection String for xcAdmin Database (xcAdminConnectionString)
Initial Screen (INITSCREEN)
Adding a Custom Banner to the ControlPoint Application
No Dashboard (NODASHBOARD)
Special-Purpose Configuration Settings
How the Audit Log Archiving Process Works
Setting Up the Audit Log Data Archive
Troubleshooting
Creating the Audit_Log_Transfer Database Table
Archive Audit Log Table Connection String (ArchiveAuditLogConnectionString)
Running the Archive Audit Log Process
Running the Archive Process from the ControlPoint Application Interface
Running the Archive Process from a Command Line
Scheduling the Archive Process via Windows Task Scheduler
Managing Archive Audit Log Configuration Settings
ControlPoint Log Files
ControlPoint Web Config File (web.config)
ControlPoint Administration Log (xcAdmin.log)
Logged Errors Report
Troubleshooting Configuration Errors
Blank Page/Unexpected Error
Could Not Load File or Assembly
If You Cannot Resolve a Configuration Error
Troubleshooting the ControlPoint Application Interface
Recent Change Does Not Show Up in the SharePoint Hierarchy
Remote Farms Do Not Display in SharePoint Hierarchy
Site Collections Display as "Inaccessible"
Site Collections Grayed-Out and "Locked"
Number of Child Objects Specified for an Object in the SharePoint Hierarchy Doesn't Match Number Displayed
The Loading of Site Collections in the SharePoint Hierarchy is Extremely Slow
Error Occurs When Attempting to Launch ControlPoint from a SharePoint Site
A Business Administrator's SharePoint Sites Do Not Display in the SharePoint Hierarchy
"A Script on the Page is Causing Internet Explorer to Run Slowly..."
Troubleshooting Discovery
Troubleshooting SharePoint Users and Permissions
Cannot Locate SharePoint Users Authenticated by Alternate (non-Active Directory) Methods
System Exception: "Cannot get the members of the group..."
Properties Dialog: Total Users with Permissions Displays as "Incomplete"
Users with Permissions Granted Through a Claim are not Showing Up in Permissions Analysis Results
Troubleshooting Site Provisioning
Site Provision Request Workflow Failed on Start
Provisioning Requests Manager: Workflow Status Column is Blank
Troubleshooting ControlPoint Operations
Not All ControlPoint Actions and Analyses Are Available to Me
Your Page has Expired
Timeout Exception: The server has timed out.
Hyperlinks in Activity Analysis Results are broken
Number of Users Has Exceeded the Allowable Threshold
ASP.NET Session Has Expired
Too Many Rows to Display
Download as .csv: No Cached Data for Download
Export Results to Excel: "The file you are trying to open is in a different format..."
Action or Analysis Taking Longer Than Expected
Cannot Perform Operations on Central Administration
Copy/Move Insufficient Permissions Message
Newly-Created Site Does Not Show Up in Manage SharePoint Groups Picker/Cannot be Scheduled
Cannot Run Activity Analysis Using Real-time Data
Activity Data in Analysis Results is Out of Date
Cumulative Hits Only Available Option When Running Activity Analyses
Activity Analysis Requests Column Only Shows 0's for Users and Requests
Number of Lists in Storage Analysis Results Does not Match Number Displayed in SharePoint Hierarchy
Storage Information Reported by ControlPoint is Different than What's Reported by SharePoint
No User Profile Application available to service the request
Subsites and Lists Added to the Scope of a Governance Policy are not Included in Operations
If you Cannot Resolve an Issue with a ControlPoint Operation
Hide the "Set User Direct Permissions" Action in Permissions Management (PREVENTUSERPERMS)
By default, the Permissions Management for Site Admins option includes the option to Grant user(s) permissions directly.
However, ControlPoint Application Administrators can hide this option (if, for example, your organization adheres to the SharePoint best practice of allowing permissions to be granted only via SharePoint groups) by changing the Value of the ControlPoint Configuration Setting Hide the "Set User Direct Permissions" Action in Permissions Management (PREVENTDIRECTPERMS) from false to true.
NOTE: This is an Advanced Setting.
Prevent Set Site Collection Quotas (PreventSetSCQuota)
By default, a ControlPoint user can set a site collection quota via the Set Site Collection Properties action only if the user is a Farm Administrator or has been given elevated privileges via the security override ACTSECOVRW.
ControlPoint Application Administrators can, however, allow all ControlPoint users to set quotas for site collections that they manage by changing the Value of the ControlPoint Configuration Setting Prevent Set Site Collection Quotas from True to False.
NOTE: This is an Advanced Setting.
When Prevent Site Collection Quotas is set to Truee (the default value), the Site Collection Quota will not be visible to unauthorized ControlPoint users.
Show Nested Active Directory Groups (PROCESSADHIERARCHY)
By default, when you generate a Permissions analysis and choose to Include users with AD group membership, only the top-most group that a user is a member of displays in analysis results (that is, if the user is a member of a subgroup within that group, the path to that subgroup is not shown).
ControlPoint Application Administrators can, however, choose to have the entire group hierarchy (that is, the path to any subgroup of which the user is a member) display in analysis results by changing the Show Nested Active Directory Groups Value from False to True.
NOTE: This is an Advanced Setting.
NOTE: When the entire AD hierarchy must be processed, performance may be impacted. Remember that you can also view the full Active Directory hierarchy by opening the AD Group Membership dialog.
Use Minimum Activity Date as Start Date (USEACTIVITYDBDATES)
By default, when an Activity analysis is invoked, users are allowed to enter a Start Date that precedes the earliest record of activity retained in the database. ControlPoint Application Administrators can, however prevent an earlier Start Date from being entered by changing the Value of the ControlPoint Configuration Setting Use Minimum Activity Date as Start Date from False to True.
NOTE: This is an Advanced Setting.
WARNING: Depending on the size of your SharePoint environment, setting this value to True may result in significantly longer page load times, as ControlPoint must perform a query to determine the first valid Start Date that can be entered.
NOTE: If this value is set to False, ControlPoint can only retrieve data as far back as the oldest record of activity retained in the database, regardless of the Start Date entered.