Chat now with support
Chat with Support

Metalogix ControlPoint 8.2 - User Guide

Preface Getting Started with ControlPoint Using Discovery to Collect Information for the ControlPoint Database Cache Searching for SharePoint Sites Managing SharePoint Objects
Accessing SharePoint Pages Viewing Properties of an Object within the SharePoint Hierarchy Creating Dashboards for Monitoring Statistics within Your SharePoint Farm Setting Object Properties Managing Site Collection and Site Features Managing Audit Settings Creating and Managing SharePoint Alerts Setting ControlPoint Alerts Managing Metadata Copying and Moving SharePoint Objects (Version 8.0 and Earlier) Moving a Site Collection to Another Content Database Deleting Sites Deleting Lists Archiving Audit Log Data Before Moving or Deleting a Site Collection Duplicating a Workflow Definition from one List or Site to Others Removing a Workflow from One or More Lists (or Sites)
Using ControlPoint Policies to Control Your SharePoint Environment Managing SharePoint User Permissions Data Analysis and Reporting
Specifying Parameters for Your Analysis Analysis Results Display Generating a SharePoint Summary Report Analyzing Activity Analyzing Object Properties Analyzing Storage Analyzing Content Generating a SharePoint Hierarchy Report Analyzing Trends Auditing Activities and Changes in Your SharePoint Environment Analyzing SharePoint Alerts Analyzing ControlPoint Policies Analyzing Users and Permissions The ControlPoint Task Audit Viewing Logged Errors
Scheduling a ControlPoint Operation Saving, Modifying and Executing Instructions for a ControlPoint Operation Using the ControlPoint Governance Policy Manager (SharePoint 2010 and Later) Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity Default Menu Options for ControlPoint Users About Us

Analyzing Permissions Changes

If you use ControlPoint to back up site permissions, you can compare permission changes within a single site, either between current permissions and a backup created at a specific date and time or from two backups created at different dates and times.

The analysis shows changes to:

·individual user permissions that have been granted directly

·permissions granted to SharePoint and Active Directory groups.

NOTE:  Currently, this analysis does not identify changes to “effective permissions” (which, in SharePoint, refers to permissions granted as a side-effect of a granted permission).   That is, changes to an individual’s permissions based solely on addition to or deletion from a SharePoint or Active Directory group will not be reflected in analysis results.

To analyze permissions changes:

1Select the site whose permissions changes you want to analyze.

2Choose one of the following options (depending on how you want results to be grouped):

§Users and Security > Permissions Changes by Site.

OR

§Users and Security > Permissions Changes by User.

3Specify the parameters for your analysis.

In addition to "standard" parameters:

§You must select a Compare permissions from and Compare permissions to date and time.

NOTE:  You can only select backups that were created in ControlPoint version 4.6 or later.

Comprehensive Permissions Changes

§If you want to view only users whose permissions have changed, check the Show only users with permissions changes box.

NOTE:  If you leave this box unchecked, all users will be included in the analysis, regardless of whether their permissions have changed.

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

Analysis results contain the same information as the User Rights section of the Comprehensive Permissions analysis, except that, for the time period covered by the analysis:

·permissions that have been deleted are identified by a red D, and

·permissions that have been added are identified by a green A.

Comprehensive Permissions Changes RESULTS

 

Generating a User To Group Analysis

The ControlPoint User to Group Analysis lets you compare user direct permissions within one or more site collections with comparable SharePoint and/or Active Directory groups.  You can use this analysis to identify users who should be moved into groups—as well as potential groups into which they can be moved (that is, groups that have the same permissions or fewer)—in accordance with SharePoint best practices via the Clean-up User Permissions action.

NOTE:  This analysis is only available at the site collection level of the hierarchy.  However, your selection may include more than one site collection.

To generate a User to Group Analysis:

1Select the site collection(s) you want to include in your analysis.

2Choose Automation > User to Group Analysis.

3Select the user(s) whose permissions you want to analyze.

4If different from the default (Include SharePoint Groups only), check/uncheck the appropriate option(s) to Include Active Directory Groups only or both Include SharePoint  and Include Active Directory Groups.

NOTE:  At least one of these options must be checked.

User to Group Analysis

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

The User to Group Analysis consists of the following sections:

·User Rights

·Group Permissions

User Rights Section

The User Rights section lists each Web application, site collection and user within the scope of your analysis, along with

·SharePoint groups that have permissions that correspond to the user's direct permissions, and

·the number of unique (non-inherited) direct permissions that the user has for objects within the site collection.

Group Analysis USER RIGHTS

When expanded, each of the individual objects for which the user has unique direct permissions display, along with the corresponding Permissions Level(s).  

Group Analysis USER RIGHTS EXPANDED

Group Permissions Section

The Group Permissions sections lists all of the SharePoint and/or Active Directory groups within each site collection.

Group Analysis GROUP PERMISSIONS

When expanded, each of the objects (sites, lists, folders, and items) for which the user has unique direct permissions, along with the corresponding permissions level(s).

Group Analysis GROUP PERMISSIONS EXPANDED

You can use the information in this analysis to help you with cleaning up user permissions.

 

The ControlPoint Task Audit

The ControlPoint Task Audit is an analysis tool that summarizes one or more of the ControlPoint actions that have been performed by administrators over a specified time period.

By default, the Task Audit report is accessible from the Manage ControlPoint panel.  An action-specific Task Audit Report is also displayed automatically after a ControlPoint action is carried out.

NOTE:  In a multi-farm installation, the Task Audit includes actions performed on both home and remote farms.

 

To generate a Task Audit:

1From the Manage ControlPoint panel, choose Schedule Management and Logging > ControlPoint Task Audit.

2Specify the following parameters for your analysis:

§Either

§Enter the StartDate and EndDate, or

§click the Calendar icon ()and select the date(s).

§(Optional)  If you want to search for a specific text string, complete the Search for field.  You can enter a full or partial:

§site name or url

§action name, or

§action description

For example, by entering the words "Site Theme" in the Search for field, your results will be limited to tasks that involved modifying a site theme.

Select an Administrator from the drop-down.  (If you want report results to include all administrators in the list, select <ALL>).

Note that the drop-down list includes only administrators who have performed a ControlPoint action within that farm.  

§Select a Task Type from the drop-down.

Task Type drop-down

NOTE:  The Task Type list is populated with the types of actions that have actually been performed by administrators.  For example, if a Delete User Permissions action has never been performed, it will not appear in the list.  If you want to include all available options in the report results, select <ALL>.

If you chose the Run Now, option, after the operation has been processed:

·a confirmation message displays at the top of the page, and

·a ControlPoint Task Audit is generated for the operation and displays in the Results section.

If you schedule the operation, a link to the Task Audit is included in the scheduled action notification email.

See also Auditing ControlPoint Administrator Tasks.

Information in the Task Audit Report

The Task Audit Report contains the following information for each task:

·the Task Type

·the username of the administrator that the task was Performed by

·the Date and time when the task was performed, and

·a summary of the parameters chosen for the action.

Task Audit Report RESULTS

When expanded, a more detailed description of a task displays, which lists:

·site collections or sites on which the action was carried out, and

·any special notes or errors (such as "Security is inherited - no processing is done").

Task Audit DETAIL

Note that:

·As with other ControlPoint analyses, only actions taken on sites you have permissions to manage within ControlPoint display in audit report results.

·Sites for which the administrator who performed the action does not have permissions to manage are not acted upon, and therefore are not captured in the audit report.

Viewing Logged Errors

The Logged Errors Report lets you view the contents of the ControlPoint Services (xcAdmin) database error log for a specified date range.  You can use this detail with guidance from Quest Support to diagnose potential issues in your environment.

To view logged errors:

1From the Manage ControlPoint panel, choose Schedule Management and Logging > Logged Errors Report.

2Select a Start date and End date representing the time period for which you want to view logged errors.

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

Logged Error Report results contain a time-stamped entry for each error logged within the specified date range, followed by detailed error text.

Logged Error Results

Related Documents