Largest Active Directory Group to Expand in Reports (MAXMEMBERS)
By default, when a ControlPoint permissions analysis is generated with the Expand Active Directory Groups box checked, users in Active Directory groups display as separate line items in analysis results only if the group contains 500 or fewer members.
ControlPoint Application Administrators can, however, change this number by modifying the Value of the ControlPoint Setting Largest Active Directory Group to Expand in Reports.
NOTE: This is an Advanced Setting.
For example, you may not want to display members of very large groups, such as all employees or department members.
NOTE: Built-in groups, such as NT Authority\authenticated users, will not be expanded, regardless of the number of users:
Maximum Number of Users to Act On (MAXUSERSFORACTION)
By default, when you want to run a ControlPoint action that operates on SharePoint users, up to two thousand (2000) users may be included in the operation, as determined by the People Picker entry. Before running the action, ControlPoint evaluates the number of users included in the People Picker entry, and if it exceeds the maximum number allowed, the action is not carried out and the following message is recorded in the ControlPoint Task Audit:
The number of users ([numusers]) has exceeded the allowable threshold of [maxusers].
This setting is especially useful as a "safety net" when an operation allows wildcards to be used in the People Picker and could potentially act on more users than intended.
ControlPoint Application Administrators can, however, specify a different limit by changing the Value of the ControlPoint Configuration Setting Maximum Number of Users to Act on.
NOTE: This is an Advanced Setting.
NOTE: This setting does not apply to users within the scope of a SharePoint User Profile property selection, for which no maximum is enforced.
Hide the "Set User Direct Permissions" Action in Permissions Management (PREVENTUSERPERMS)
By default, the Permissions Management for Site Admins option includes the option to Grant user(s) permissions directly.
However,ControlPoint Application Administrators can hide this option (if, for example, your organization adheres to the SharePoint best practice of allowing permissions to be granted only via SharePoint groups) by changing the Value of the ControlPoint Configuration Setting Hide the "Set User Direct Permissions" Action in Permissions Management (PREVENTDIRECTPERMS) from false to true.
NOTE: This is an Advanced Setting.
Prevent Set Site Collection Quotas (PreventSetSCQuota)
By default, a ControlPoint user can set a site collection quota via the Set Site Collection Properties action only if the user is a Farm Administrator or has been given elevated privileges via the security override ACTSECOVRW.
ControlPoint Application Administrators can, however, allow all ControlPoint users to set quotas for site collections that they manage by changing the Value of the ControlPoint Configuration Setting Prevent Set Site Collection Quotas from True to False.
NOTE: This is an Advanced Setting.
When Prevent Site Collection Quotas is set to Truee (the default value), the Site Collection Quota will not be visible to unauthorized ControlPoint users.
