Chat now with support
Chat with Support

Metalogix ControlPoint 8.2 - Administration Guide

Preface Configuring the Environment in Which ControlPoint Will Run The ControlPoint Configuration Site Managing Your Farm List Managing Your ControlPoint License Configuring Web Applications and Content Databases for ControlPoint Configuring ControlPoint Services Using Discovery to Collect Information for the ControlPoint Database Cache Using Sensitive Content Manager Services Managing ControlPoint Configuration and Permissions Modifying ControlPoint Configuration Settings
Changing Default Settings for Actions and Analyses
Supress "Item is inherited - no processing done" Message(SkipNotDoneMsg) Maximum Line Items in Real-time (REPCAP) "Use Cached Data" Default Value (CACHEDREP) Abort Report Processing on Error (ABORTREPORTONERROR) Display "Include users with AD group membership" Parameter (SHOWADGROUPS) Copy/Move Default Temporary Location (TEMPLOCATION) Time to Retain Page Data in Cache (CACHEREPORT4) Time to Retain Temporary UI Objects in Cache (UICACHEDURATION) Number of Reports to Keep in Memory After Drill-Down (RVSESSIONSKEPT) Exclude Web Application(s) from Statistics List (DASHBOARDWAPEXCLUDE) Number of List Items to Display in Selection Grid (DISPLAYSINGLELISTITEMS) Use Activity Min. Date as Start Date (UseActivityDbDate) Show unique permissions only" Default Value (SHOWUNIQUEPERMONLY) Duplicate Files Report Limit (DuplicateFilesReportLimit) Users to Exclude from Reports (EXCLUDEDUSERS) Eliminate Claims Prefix from Username in Reports (UseCleanedLoginNameInReports) Maximum Number of Orphaned Users to Delete Per Scheduled Batch (OrphanDeleteBatchSize) CSV Delimiter Character (CSVDELIMETER) Largest Active Directory Group to Expand in Reports (MAXMEMBERS) Maximum Number of Users to Act On (MAXUSERSFORACTION) Hide the "Set User Direct Permissions" Action in Permissions Management (PREVENTUSERPERMS) Prevent Set Site Collection Quotas (PreventSetSCQuota) Show Nested Active Directory Groups (PROCESSADHIERARCHY) Hide Interactive Analysis Link (RESTRICTSL) Use Minimum Activity Date as Start Date (USEACTIVITYDBDATES)
Changing Default Settings to Improve Application Performance Audit Log Configuration Settings Changing Settings for Anomalous Activity Detection Restricting Functionality for Members of the Business Administrators Group Changing Default Settings for ControlPoint User Groups Changing Settings to Improve Discovery Performance Changing Settings to Accommodate Special Environmental Factors Changing Default Settings for Navigation Changing Trace Switch Logging Levels Changing Default Settings for Compliance Managing Site Provisioning Settings Specifying Global Settings for ControlPoint Policies Setting Preferences for the ControlPoint Scheduler Miscellaneous and Custom Configuration Settings Special-Purpose Configuration Settings
Archiving SharePoint Audit Log Data Troubleshooting
ControlPoint Log Files Troubleshooting Configuration Errors Troubleshooting the ControlPoint Application Interface Troubleshooting Discovery Troubleshooting SharePoint Users and Permissions Troubleshooting Site Provisioning Troubleshooting ControlPoint Operations

Accessing Members of Active Directory Groups in Different Domains or Forests

If you want to be able to view members of Active Directory groups in another domain or forest when analyzing users and permissions, one of the following trust relationships must exist:

·a two-way trust (that is, users from both domains or forests can access each other's resources without additional authentication)

OR

·a one-way outgoing trust relationship (that is, resources in the domain in which ControlPoint is installed are accessible to users in the user domain or forest.  In this case, ControlPoint needs to be configured to access certain resources—such as Active Directory group members— in the other forest).

The Manage Forest Access feature lets you specify the account credentials that ControlPoint will use for authentication whenever it needs to retrieve Active Directory group members in a forest with which it has a one-way outgoing trust relationship. The account ControlPoint uses for authentication must have a minimum of Read access to the other forest.  As an added security measure, ControlPoint encrypts these credentials using the Advanced Encryption Standard (AES) algorithm before they are stored.

Note that, if your environment uses a one-way trust relationship and you do not configure ControlPoint to manage forest access:

·ControlPoint will still be able to report on permissions granted to users and groups in other domains, but you will not be able to expand Active Directory groups and view membership in those domains.  

AND

·If an Active Directory group is placed into the Business Administrators group, members of that Active Directory group will not be recognized as Business Administrators.

To access the Manage Forest Access feature:

·If the menu item has been added to ControlPoint and you have permissions for it, from the Manage ControlPoint panel, choose Manage Forest Access

OR

·Replace the xcMain.aspx portion of the ControlPoint url with xcForestAccess.aspx.

Manage Forest Access NEW

To manage access to domains and forests with one-way outgoing trusts:

Use the information in the following table to determine the appropriate action to take.

If you want to ...

Then ...

add a forest to the list

§Click the Add new Record link.

§For Forest Root Domain, enter the fully qualified domain name.

§Enter the Domain\Account you want ControlPoint to use for authentication, and the account Password.

Manage Forest Access ADD MENU ITEM

§Click the Update link.

update account credentials for a forest in the list

·Click the Edit link for the applicable record.

·Update the appropriate field(s).

CAUTION:  The Password field will always be cleared when you open a record for editing and must be re-entered before a record can be updated, regardless of whether it has changed.

·Click the Update link.

delete a forest from the list

Click the Delete link for the applicable record.

(A confirmation dialog will display asking you if you want continue with the delete action.)

 

Purging Historical Activity and Storage Data from the ControlPoint Services (xcAdmin) Database

The Purge Historical Data action lets you purge SharePoint activity and storage data—which is captured by the ControlPoint Discovery process and is used in analyzing historical data—from the ControlPoint Services (xcAdmin) database.

Data is purged from one farm per operation, and you can specify how many months' worth of data you want to retain.

Once data is deleted from the xcAdmin database it cannot be recovered and will no longer be available for inclusion in future ControlPoint activity and storage analyses.  Therefore, it is recommended that you back up the database before performing this operation.

To purge activity and storage data:

1From the Manage ControlPoint panel, choose ControlPoint Management > Purge Historical Data.

2Select the Farm from which you want to purge  historical data.

Purge Historical Data FARM DROPDOWN

3Enter the Number of Number of months to keep historical activity and storage data for.

CAUTION:  If you enter 0, all historical activity and storage data will be deleted from the database.

Now you can either:

·run the action immediately (by clicking [Run Now]),

OR

·schedule the action to run at a later time

OR

create an xml file with instructions for the action that can be executed at a later time (by clicking [Save Instructions]).  See Saving, Modifying and Executing XML Instructions for a ControlPoint Operation. in the ControlPoint User's Guide.

If you chose the Run Now, option, after the action has been processed:

·a confirmation message displays at the top of the page, and

·a ControlPoint Task Audit is generated for the action and displays in the Results section.

If you schedule the action, a link to the Task Audit is included in the scheduled action notification email.

See also Auditing ControlPoint Administrator Tasks in the ControlPoint User Guide.

 

Enabling Server Details to Display in the SharePoint Summary Report

If you want to be able to include details about servers in your SharePoint farm in the SharePoint Summary report, the ControlPoint Service account must have permissions to request status information from each server that you want to include.

NOTE:  Because the reporting of server details is a time-consuming process, it is an optional parameter in the SharePoint Summary Report user interface.  

To ensure that the ControlPoint Service account has permissions to request server information, verify that:

·the ControlPoint Service account is a member of the local Administrators group on the target server

·the local Administrators group has "Remote Enable" Permissions for WMI on the target server

·remote WMI requests can be made on the target server.

Ensuring the Local Administrators Group has Remote Enable Permissions for WMI

NOTE:  Remote Enable permissions is granted to the Local Administrators group by default.

1From the server whose statistics you want to display, choose All Program > Administrative Tools > Computer Management.

2Expand the Services and Applications node.

3Select WMI Control, right-click, and choose Properties.

4Click the Security tab.

5Click [Security].

6Make sure Remote Enable is allowed for the local Administrators group.

Farm Summary ENABLE DETAILS

7If the target server is running Windows Firewall (a.k.a Internet Connection Firewall), run the following from the command prompt to allow remote WMI requests:

netsh firewall set service RemoteAdmin enable

 

Modifying ControlPoint Configuration Settings

ControlPoint Application Administrators can modify a number of ControlPoint configuration settings, including

·elements of the user interface

·environmental settings that can be "fine-tuned" to improve performance, and

·default security settings.

ControlPoint Application settings are modified via the ControlPoint Configuration Settings Manager page.

NOTE:  If you first installed ControlPoint prior to version 6.0 and prefer to modify settings using the ControlPoint Configuration Site's ControlPoint Settings list, you may continue to do so.  

ControlPoint Configuration Settings are farm-specific.  If you are using ControlPoint in a multi-farm installation, these settings are managed separately for each farm.

To access the ControlPoint Settings list:

From the Manage ControlPoint panel, chose ControlPoint Configuration > ControlPoint Configuration Settings.

Edit ControlPoint Setting LEFT NAV

Permissions for this list are inherited from the ControlPoint Configuration site.  Therefore, members of ControlPoint Application Administrators group have full control access and can modify settings.  

Members of the Administrators group have read-access to the list, and therefore can view, but not modify, settings.

NOTE: ControlPoint Settings can also be edited via the ControlPoint Configuration Site - ControlPoint Settings list.  ControlPoint Application Administrators may prefer this option if they have been using ControlPoint prior to version 6.0 and are accustomed to editing settings this way.

Setting Classifications:

ControlPoint Settings fall into the following classifications:

Basic - Generally the most commonly-configured settings,.  Only Basic settings display in the ControlPoint Configuration Settings Manager page by default.

Advanced - Less commonly-used settings that you may want to modify to further customize ControlPoint to meet particular needs of your SharePoint environment or users. [

Created - Special-purpose settings that you can add to the ControlPoint Settings list if needed.  Generally, these settings should only be configured under special circumstances and with guidance from Quest Support.  

Filtering the ControlPoint Configuration Settings List

You can filter the ControlPoint Settings list using one or more of the following options:

·By choosing a Category

ControlPoint Settings CATEGORY

·By choosing to Include Advanced Settings

ControlPoint Settings INCLUDE ADVANCED

·If special-purpose settings have been created:

§Include Created Settings, or

§Show Only Created Settings

TIP:  You can view created settings Include Created Settings and selecting the Special Purpose category.

Showing Additional  Columns and Sorting by Column

By default, the ControlPoint Configuration Settings list displays the Setting Name and current Value, but you can also choose to Show Internal setting name and/or Show default values.  You can sort on any column.

For example, if you are a long-time ControlPoint user and are already familiar with internal setting names, you can sort by this column.

Config Setting SORT COLUMN

To search for a ControlPoint Setting by Setting Name:

Enter a full or partial text string in the search box, then click the magnifying glass icon Magnifying Glass icon.

ControlPoint Settings SEARCH

To edit a ControlPoint Setting:

1Check the box to the left of the setting that you want to edit.  

NOTE: You can edit only one setting at a time.  If you select more than one, the [Edit] button becomes disabled.

2Click [Edit].

3Update the Value field as appropriate.  (Descriptions of configurable settings, along with guidelines for changing parameter values, follow.)

ControlPoint Setting EDIT

4Click [Update].

Changes to ControlPoint Settings take effect immediately.

Deleting ControlPoint Settings

Only Created settings can be deleted.  

To restore ControlPoint Setting default values:

1Check the box to the left of each setting for which you want to restore the default value.  

NOTE:  For this operation, you may select multiple settings.

2Click [Reset].

Config Setting RESTORE DEFAULT

 

Related Documents