Chat now with support
Chat with Support

ControlPoint 8.6.1 - Administration Guide

Preface Configuring the Environment in Which ControlPoint Will Run The ControlPoint Configuration Site Managing Your Farm List Managing Your ControlPoint License Granting ControlPoint Access to Web Applications and Content Databases Configuring ControlPoint Services Using Discovery to Collect Information for the ControlPoint Database Cache Using Sensitive Content Manager Services Setting Sensitive Content Manager EndPoints and Managing Scanning Preferences Managing ControlPoint Configuration and Permissions Modifying ControlPoint Configuration Settings
Changing Default Settings for Actions and Analyses
Supress "Item is inherited - no processing done" Message(SkipNotDoneMsg) Maximum Line Items in Real-time (REPCAP) "Use Cached Data" Default Value (CACHEDREP) Abort Report Processing on Error (ABORTREPORTONERROR) Display "Include users with AD group membership" Parameter (SHOWADGROUPS) Copy/Move Default Temporary Location (TEMPLOCATION) Time to Retain Page Data in Cache (CACHEREPORT4) Time to Retain Temporary UI Objects in Cache (UICACHEDURATION) Number of Reports to Keep in Memory After Drill-Down (RVSESSIONSKEPT) Exclude Web Application(s) from Statistics List (DASHBOARDWAPEXCLUDE) Number of List Items to Display in Selection Grid (DISPLAYSINGLELISTITEMS) Use Activity Min. Date as Start Date (UseActivityDbDate) "Show unique permissions only" Default Value (SHOWUNIQUEPERMONLY) Duplicate Files Report Limit (DuplicateFilesReportLimit) Users to Exclude from Reports (EXCLUDEDUSERS) Eliminate Claims Prefix from Username in Reports (UseCleanedLoginNameInReports) Maximum Number of Orphaned Users to Delete Per Scheduled Batch (OrphanDeleteBatchSize) CSV Delimiter Character (CSVDELIMETER) Largest Active Directory Group to Expand in Reports (MAXMEMBERS) Maximum Number of Users to Act On (MAXUSERSFORACTION) Hide the "Set User Direct Permissions" Action in Permissions Management (PREVENTUSERPERMS) Prevent Set Site Collection Quotas (PreventSetSCQuota) Show Nested Active Directory Groups (PROCESSADHIERARCHY) Hide Interactive Analysis Link (RESTRICTSL) Use Minimum Activity Date as Start Date (USEACTIVITYDBDATES)
Changing Default Settings to Improve Application Performance Audit Log Configuration Settings Changing Settings for Anomalous Activity Detection Restricting Functionality for Members of the Business Administrators Group Changing Default Settings for ControlPoint User Groups Changing Settings to Improve Discovery Performance Changing Settings to Accommodate Special Environmental Factors Changing Default Settings for Navigation Managing Site Provisioning Settings Specifying Global Settings for ControlPoint Policies Setting Preferences for the ControlPoint Scheduler Miscellaneous and Custom Configuration Settings Special-Purpose Configuration Settings
Changing Trace Switch Logging Levels Archiving SharePoint Audit Log Data Troubleshooting
ControlPoint Log Files Troubleshooting Configuration Errors Troubleshooting the ControlPoint Application Interface Troubleshooting Discovery Troubleshooting SharePoint Users and Permissions Troubleshooting Site Provisioning Troubleshooting ControlPoint Operations

Hide the "Set User Direct Permissions" Action in Permissions Management (PREVENTUSERPERMS)

By default, the Permissions Management for Site Admins option includes the option to Grant user(s) permissions directly.

Permissions Management DIRECT

However,ControlPoint Application Administrators can hide this option (if, for example, your organization adheres to the SharePoint best practice of allowing permissions to be granted only via SharePoint groups) by changing the Value of the ControlPoint Configuration Setting Hide the "Set User Direct Permissions" Action in Permissions Management (PREVENTDIRECTPERMS) from false to true.

NOTE:  This is an Advanced Setting.

Permissions Management NO DIRECT

Permissions Management DIRECT

 

Prevent Set Site Collection Quotas (PreventSetSCQuota)

By default, a ControlPoint user can set a site collection quota via the Set Site Collection Properties action only if the user is  a Farm Administrator or has been given elevated privileges via the security override ACTSECOVRW.

Set Site Collection Properties QUOTA

ControlPoint Application Administrators can, however, allow all ControlPoint users to set quotas for site collections that they manage by changing the Value of the ControlPoint Configuration Setting Prevent Set Site Collection Quotas from True to False.

NOTE:  This is an Advanced Setting.

Config Setting PreventSCQuota

When Prevent Site Collection Quotas is set to Truee (the default value), the Site Collection Quota will not be visible to unauthorized ControlPoint users.

Set Site Collection Properties NO QUOTA

 

Show Nested Active Directory Groups (PROCESSADHIERARCHY)

By default, when you generate a Permissions analysis and choose to Include users with AD group membership, only the top-most group that a user is a member of displays in analysis results (that is, if the user is a member of a subgroup within that group, the path to that subgroup is not shown).  

PROCESSAD_false

ControlPoint Application Administrators can, however, choose to have the entire group hierarchy (that is, the path to any subgroup of which the user is a member) display in analysis results by changing the Show Nested Active Directory Groups Value from False to True.

NOTE:  This is an Advanced Setting.

Config Setting SHOWADGROUPS

PROCESSAD_true

NOTE:  When the entire AD hierarchy must be processed, performance may be impacted. Remember that you can also view the full Active Directory hierarchy by opening the AD Group Membership dialog.

AD Group Members dialog

 

Hide Interactive Analysis Link (RESTRICTSL)

By default, when ControlPoint is used to manage a SharePoint 2010 farm, all ControlPoint users can initiate an interactive analyses via a link that displays in the analysis results header.

Interactive Analysis LINK

NOTE:  The Interactive Analysis feature is not available for SharePoint 2013 or later.

ControlPoint users can run Interactive analyses only if Microsoft Silverlight is installed on the local machine.  (If it is not already installed, when the Interactive Analysis link is clicked they will be prompted to download it from the Microsoft Silverlight website.) If you want to restrict this functionality—for example, if your company policy prohibits local installation of Silverlight—you can hide the Interactive Analysis link by changing the Value of the ControlPoint Configuration Setting Hide Interactive Analysis from false to true.

NOTE:  This is an Advanced Setting.

Config Setting RESTRICTSL

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating