Chat now with support
Chat with Support

Metalogix ControlPoint 8.2 - User Guide

Preface Getting Started with ControlPoint Using Discovery to Collect Information for the ControlPoint Database Cache Searching for SharePoint Sites Managing SharePoint Objects
Accessing SharePoint Pages Viewing Properties of an Object within the SharePoint Hierarchy Creating Dashboards for Monitoring Statistics within Your SharePoint Farm Setting Object Properties Managing Site Collection and Site Features Managing Audit Settings Creating and Managing SharePoint Alerts Setting ControlPoint Alerts Managing Metadata Copying and Moving SharePoint Objects (Version 8.0 and Earlier) Moving a Site Collection to Another Content Database Deleting Sites Deleting Lists Archiving Audit Log Data Before Moving or Deleting a Site Collection Duplicating a Workflow Definition from one List or Site to Others Removing a Workflow from One or More Lists (or Sites)
Using ControlPoint Policies to Control Your SharePoint Environment Managing SharePoint User Permissions Data Analysis and Reporting
Specifying Parameters for Your Analysis Analysis Results Display Generating a SharePoint Summary Report Analyzing Activity Analyzing Object Properties Analyzing Storage Analyzing Content Generating a SharePoint Hierarchy Report Analyzing Trends Auditing Activities and Changes in Your SharePoint Environment Analyzing SharePoint Alerts Analyzing ControlPoint Policies Analyzing Users and Permissions The ControlPoint Task Audit Viewing Logged Errors
Scheduling a ControlPoint Operation Saving, Modifying and Executing Instructions for a ControlPoint Operation Using the ControlPoint Governance Policy Manager (SharePoint 2010 and Later) Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity Default Menu Options for ControlPoint Users About Us

Selecting Users on Which to Perform a ControlPoint Action or Analysis

When you initiate a ControlPoint action or analysis that involves SharePoint users, the Parameters section of the workspace includes the standard SharePoint "People Picker" for selecting the user(s) you want to include.

People Picker

If you initiate an operation by selecting one or more users from the SharePoint Hierarchy, the People Picker will be pre-populated with the selected user(s).

Select Users from Farm Hierarchy

You can:

·perform the operation on all SharePoint users (by leaving the People Picker blank)

OR

·select one or more individual users.

 

Many ControlPoint operations also give you the option of selecting multiple users based on:

·a wildcard (*)

AND/OR

·a SharePoint user profile.

NOTE:  There is a maximum number of users that can be included in a ControlPoint action. This limit is a "safety net" to prevent the operation from being carried out on more users than intended, which is especially useful when a wildcard is used.  The ControlPoint Application Administrator can adjust this limit by changing the Value for the ControlPoint Configuration Setting Maximum Number of Users to Act on (MAXUSERSFORACTION), as described in the ControlPoint Administration Guide.

Selecting Individual Users

Enter the name of one or more users on which you want to perform the action or analysis.  Separate each user name with a semicolon (;). You can either:

§enter a full user account name (for example, domain\username or service provider:username), then click the Check Names icon () or press [Ctrl] k to validate the user name.

OR

§click the Browse icon () and search for the user.

If your environment includes alternate authentication providers (that is, in addition to Active Directory), when you initiate an action or analysis for a single Web application you can validate or browse for individual users managed by any authentication provider supported by that Web application.  Similarly, if you use claims-based authentication and want to perform an operation on a claim, you can validate the claim if it is being performed on or within a single Web application.  Because of limitations inherent in SharePoint, however, if you have selected the entire farm or multiple Web applications, you can type in alternate authentication-user account names or claims, but you can neither validate nor browse for them.

Depending on the action or analysis you are performing, ControlPoint may or may not allow invalidated users to be included in the operation.  For example, you cannot add a user to a site unless the user's existence in the provider database can be validated. However, you can delete or report on an unvalidated user's permissions from a site, because it is reasonable to assume that a user who has been granted permissions to a SharePoint site may no longer exist in the provider database(s), as in the case of a terminated employee or a former customer.  

 

Selecting Users Based on a Wildcard

You can use a wildcard (*) to select users that you want to include in a ControlPoint operation. Only one wildcard can be used per entry and generally can be placed anywhere within the account name.  ControlPoint will return all users (including Active Directory groups) whose account name matches the specified pattern.  Built-in Active Directory Groups are always excluded.

For most actions and all analyses, users that match the pattern—along with their permissions—are collected from the ControlPoint data cache, which is current as of the date and time of the last Discovery run.  For actions that add users (such as Set User Direct Permissions and Add User to SharePoint Group) ControlPoint queries Active Directory for users that match the specified pattern.  Therefore, non-Active Directory users cannot be added using a wildcard.

EXAMPLES:

If you want to select ...

Enter ...

all users and groups within thebellum domain

bellum\*.

all instances with the user name jamesjoyce, across all Active Directory domains

*\jamesjoyce.

NOTE:  This option cannot be used for actions that add users and require a query against Active Directory rather than the ControlPoint data cache.  For these actions, the full domain name must be used.

If you want to use a wildcard to select users in different Active Directory domains, a two-way trust relationship must exist.

all users with the last name Smith within the bellum domain

bellum\*smith.

NOTE:  Currently, wildcards cannot be used within the name of a claim.

 

Selecting Users Based on a SharePoint User Profile

If you are running MOSS or SharePoint Server, you can select users for most ControlPoint operations based on a common property defined in the SharePoint User Profile service(s) associated with the Web application.  

NOTES:  To use this feature, the User Profile Service Application must be enabled and associated with each of the Web applications within the scope of the action or analysis.  If more than one instance of this service application is associated with a Web application, the default instance will be used.

Requirements

In order to act on or analyze users based on a SharePoint User Profile property:

·the ControlPoint Service account must have permissions to access the User Profile Service application, and

·the User Profile Service application must be associated with the Web application(s) within the scope of the operation.

If the above requirements are not met for a particular Web application:

·In the case of an action:

§profile-based users with permissions for sites within that Web application will not be acted upon, and

§the name of each Web application that was not included in the action will be recorded in the ControlPoint Task Audit.

·in the case of an analysis:

§the analysis will not continue processing, and

§the following message will display in the analysis header:  "No User Profile Application available to service the request.  Contact your farm administrator."

To select users based on a SharePoint User Profile property:

1Click the profile icon () to display the Profile Property Selection dialog.

2Select a Property Name from the drop-down.

Profile Property dialog 1

NOTE:  The Property Name drop-down includes properties whose Data Type is string, person, or boolean.  If your selection has more than one associated User Profile service, the dialog will include properties from all associated profiles on the home farm.  

3Select or enter a Property Value.

NOTE:  Depending on the nature of the property, the Property Value drop-down may or may not be populated.  For properties of the Data Type person, enter a full account name (for example, domain\user_name).  For properties of the Data Type boolean (identified in the SharePoint user profile by a check box), enter true (for checked) or false (for unchecked).

4Click [Upload]

 

Related Documents