Preface
Configuring the Environment in Which ControlPoint Will Run
The ControlPoint Configuration Site
Managing Your Farm List
Managing Your ControlPoint License
Granting ControlPoint Access to Web Applications and Content Databases
Configuring ControlPoint Services
Using Discovery to Collect Information for the ControlPoint Database Cache
Using the Discovery Service
Using Sensitive Content Manager Services
Launching the Discovery Setup Application
Changing Discovery Service Configuration and Settings
Starting or Stopping the Metalogix ControlPoint Discovery Service and Changing Discovery Service Properties
Monitoring the Discovery Service Queue
Running Discovery Interactively from the ControlPoint Application
Launching the SCM Services Setup Application
Changing SCM Services Configuration and Settings
Monitoring the Status of ControlPoint Interactions with SCM
Setting Sensitive Content Manager EndPoints and Managing Scanning Preferences
Managing ControlPoint Configuration and Permissions
Managing ControlPoint Users and Permissions
Preparing Your Environment for Using ControlPoint Sentinel
Modifying ControlPoint Configuration Settings
Setting Up ControlPoint Users and Groups
Auto-Adding Users to ControlPoint Groups
Making ControlPoint Accessible from within SharePoint
Configuring ControlPoint Menus
Customizing ControlPoint Menus
Defining Custom Properties to Apply to SharePoint Sites
Purging Historical Activity and Storage Data from the ControlPoint Services (xcAdmin) Database
Enabling Server Details to Display in the SharePoint Summary Report
Guidelines for Creating Customized Menus for Different Groups of Users
Accessing the ControlPoint Menu Maintenance Page
Creating a Custom Menu
Adding and Editing Custom Items in a Menu
Managing Access to ControlPoint Menus
Editing and Deleting Custom Menus
Customizing Your Favorites
Changing Default Settings for Actions and Analyses
Changing Trace Switch Logging Levels
Archiving SharePoint Audit Log Data
Supress "Item is inherited - no processing done" Message(SkipNotDoneMsg)
Maximum Line Items in Real-time (REPCAP)
"Use Cached Data" Default Value (CACHEDREP)
Abort Report Processing on Error (ABORTREPORTONERROR)
Display "Include users with AD group membership" Parameter (SHOWADGROUPS)
Copy/Move Default Temporary Location (TEMPLOCATION)
Time to Retain Page Data in Cache (CACHEREPORT4)
Time to Retain Temporary UI Objects in Cache (UICACHEDURATION)
Number of Reports to Keep in Memory After Drill-Down (RVSESSIONSKEPT)
Exclude Web Application(s) from Statistics List (DASHBOARDWAPEXCLUDE)
Number of List Items to Display in Selection Grid (DISPLAYSINGLELISTITEMS)
Use Activity Min. Date as Start Date (UseActivityDbDate)
"Show unique permissions only" Default Value (SHOWUNIQUEPERMONLY)
Duplicate Files Report Limit (DuplicateFilesReportLimit)
Users to Exclude from Reports (EXCLUDEDUSERS)
Eliminate Claims Prefix from Username in Reports (UseCleanedLoginNameInReports)
Maximum Number of Orphaned Users to Delete Per Scheduled Batch (OrphanDeleteBatchSize)
CSV Delimiter Character (CSVDELIMETER)
Largest Active Directory Group to Expand in Reports (MAXMEMBERS)
Maximum Number of Users to Act On (MAXUSERSFORACTION)
Hide the "Set User Direct Permissions" Action in Permissions Management (PREVENTUSERPERMS)
Prevent Set Site Collection Quotas (PreventSetSCQuota)
Show Nested Active Directory Groups (PROCESSADHIERARCHY)
Use Minimum Activity Date as Start Date (USEACTIVITYDBDATES)
Changing Default Settings to Improve Application Performance
Time to Run an Operation Before Timing Out (OPERATIONTIMEOUT)
Maximum Number of Objects to Processed in Parallel (MaxParallelProcs)
Operations Using Parallel Processing (ParallelProcs)
Objects Subject to Parallel Processing (ParallelProcSites)
SQL Command Timeout Value (COMMANDTIMEOUT)
Maximum Number of Objects to Pass to the Selection Builder (MaxObjectsForSelection)
Maximum Alert Processing Interval (MaxAlertProcessingPeriod)
Number of Seconds After Which Browser Reports Server Timeout (SERVERTIMEOUT)
Idle Time Before Session is Ended (STIMEOUT)
Maximum Size of Library in Which to Search for Web Part Pages (WEBPAGESLIMIT)
Audit Log Configuration Settings
ArchiveAuditLog Configuration Settings
Number of Days to Keep Audit Records (AUDITMAXDAYS)
Excluding Users from Audit Log Analyses (ExcludeUsersAudit)
Specifying Whether to Display Site Names in Audit Log Analyses (PROCESSAUDITNAMES)
Changing Settings for Anomalous Activity Detection
Enabling Anomalous Activity Detection via the ControlPoint Scheduled Job Review
Changing the Subject and/or Body of Anomalous Activity Detection Emails
Restricting Functionality for Members of the Business Administrators Group
Prevent Business Admins from Deleting Orphaned users (BAPreventDelete)
Prevent Business Admins from Running Cacheable Reports in Real Time (BAPreventRealTime)
Preventing Members of the Business Administrators Group from Emailing Scheduled Analyses (BAPreventScheduledEmail)
Show Full Hierarchy of Business Admin Sites
Changing Default Settings for ControlPoint User Groups
Show All Site Collections to Farm Admins (SUPERADMIN)
Remote Service Account Administrators for Cross-Farm Operations (RSAADMIN)
Auto Add Users To ControlPoint Group Maximum Group Size (CPGroupMemberLimit)
Permissions Needed to See List Items in Reports (ItemSecurityLevel)
Business Administrators Group Name (BADMIN)
Changing Settings to Improve Discovery Performance
Show Menu Items That Require Discovery (DiscoveryEnabled)
Exclude Web Parts from the Discovery (EXCLUDEWEBPARTS)
Site Collections to Exclude from Full Discovery (URLEXCLUDE)
Web Applications to Exclude from Full Discovery (WAPEXCLUDE)
Changing Settings to Accommodate Special Environmental Factors
Alternate Access Mapping Zone for Navigation and Report Links (URLZONE)
Enable SharePoint Server Functionality (MOSS)
Changing Default Settings for Navigation
Postpone Security Trimming of SharePoint Hierarchy Until Site Collection is Expanded (PostponeSecurityTrim)
Search Using Cached Data (CACHEDSEARCH)
How to Display Multiple Farms in SharePoint Hierarchy (FARMNAVIGATION)
Maximum Number of Objects to Display Before Foldering (NAVCAP)
Preload All Site Collections in Server-side Cache (PRELOADSITECACHE)
Show SharePoint Groups with No Permissions in Hierarchy (ShowNoPermSPGroup)
Display url or Site Name in SharePoint Hierarchy (SHOWURLASTITLE)
Maximum Number of Users to Display in SharePoint Hierarchy (SPUSERCAP)
Maximum Number of SharePoint Groups to Display in SharePoint Hierarchy (SPGROUPCAP)
Managing Site Provisioning Settings
Maximum Number of Provisioning Requests in Completed an Rejected Folders
Changing the Subject and/or Body of Provisioning Request Emails
Configuring the Site Provisioning Workflow Settings (SharePoint Server)
Specifying Global Settings for ControlPoint Policies
Users to Exclude from All ControlPoint Policies (CPPOLICYSUPERUSERS)
Content Creation Policy url (POLICYSERVICEURL)
Setting Preferences for the ControlPoint Scheduler
Maximum Number of Scheduled Jobs to Submit at One Time (MAXSUBMIT)
Number of Minutes Scheduler Will Wait Before Next Group of Jobs (OVERIDESCHEDULETIMERMINUTES)
Maximum Line Items in Scheduled Report Results (SCHEDULEDREPCAP)
Defining "Admins" for Scheduled Analysis Results Distribution (SiteAdminCriteria)
Permissions Level for Site Admin Definition for Scheduled Report Distribution (SiteAdminPermissionLevel)
Miscellaneous and Custom Configuration Settings
SQL Server Connection String for xcAdmin Database (xcAdminConnectionString)
Initial Screen (INITSCREEN)
Adding a Custom Banner to the ControlPoint Application
No Dashboard (NODASHBOARD)
Special-Purpose Configuration Settings
How the Audit Log Archiving Process Works
Setting Up the Audit Log Data Archive
Troubleshooting
Creating the Audit_Log_Transfer Database Table
Archive Audit Log Table Connection String (ArchiveAuditLogConnectionString)
Running the Archive Audit Log Process
Running the Archive Process from the ControlPoint Application Interface
Running the Archive Process from a Command Line
Scheduling the Archive Process via Windows Task Scheduler
Managing Archive Audit Log Configuration Settings
ControlPoint Log Files
ControlPoint Web Config File (web.config)
ControlPoint Administration Log (xcAdmin.log)
Logged Errors Report
Troubleshooting Configuration Errors
Blank Page/Unexpected Error
Could Not Load File or Assembly
If You Cannot Resolve a Configuration Error
Troubleshooting the ControlPoint Application Interface
Recent Change Does Not Show Up in the SharePoint Hierarchy
Remote Farms Do Not Display in SharePoint Hierarchy
Site Collections Display as "Inaccessible"
Site Collections Grayed-Out and "Locked"
When Launched from a Server That Has IE Enhanced Security Configuration Enabled, ControlPoint Fails to Launch Properly
Number of Child Objects Specified for an Object in the SharePoint Hierarchy Doesn't Match Number Displayed
The Loading of Site Collections in the SharePoint Hierarchy is Extremely Slow
Error Occurs When Attempting to Launch ControlPoint from a SharePoint Site
A Business Administrator's SharePoint Sites Do Not Display in the SharePoint Hierarchy
"A Script on the Page is Causing Internet Explorer to Run Slowly..."
Troubleshooting Discovery
Troubleshooting SharePoint Users and Permissions
Cannot Locate SharePoint Users Authenticated by Alternate (non-Active Directory) Methods
System Exception: "Cannot get the members of the group..."
Properties Dialog: Total Users with Permissions Displays as "Incomplete"
Users with Permissions Granted Through a Claim are not Showing Up in Permissions Analysis Results
Troubleshooting Site Provisioning
Site Provision Request Workflow Failed on Start
Provisioning Requests Manager: Workflow Status Column is Blank
Troubleshooting ControlPoint Operations
Not All ControlPoint Actions and Analyses Are Available to Me
Your Page has Expired
Timeout Exception: The server has timed out.
Hyperlinks in Activity Analysis Results are broken
Number of Users Has Exceeded the Allowable Threshold
ASP.NET Session Has Expired
Too Many Rows to Display
Download as .csv: No Cached Data for Download
Export Results to Excel: "The file you are trying to open is in a different format..."
Action or Analysis Taking Longer Than Expected
Cannot Perform Operations on Central Administration
Copy/Move Insufficient Permissions Message
Newly-Created Site Does Not Show Up in Manage SharePoint Groups Picker/Cannot be Scheduled
Cannot Run Activity Analysis Using Real-time Data
Activity Data in Analysis Results is Out of Date
Cumulative Hits Only Available Option When Running Activity Analyses
Activity Analysis Requests Column Only Shows 0's for Users and Requests
Number of Lists in Storage Analysis Results Does not Match Number Displayed in SharePoint Hierarchy
Storage Information Reported by ControlPoint is Different than What's Reported by SharePoint
No User Profile Application available to service the request
Subsites and Lists Added to the Scope of a Governance Policy are not Included in Operations
If you Cannot Resolve an Issue with a ControlPoint Operation
Excluding Users from Audit Log Analyses (ExcludeUsersAudit)
By default, unless one or more users are specified in the People Picker, all SharePoint users are included in the ControlPoint Audit Log analysis.
ControlPoint Application Administrators can, however, exclude certain users from these analyses by entering the user account name(s) as the Value for the ControlPoint Configuration Setting Users to Exclude from Audit Log Analyses (ExcludedUsersAudit). Enter multiple account names as a comma-separated list.
You may, for example, want to exclude common system accounts such as SharePoint\System.
NOTE: You must exclude users based on full account names (sometimes known as pre-Windows 2000 account names in Active Directory), not display names. For example, you cannot exclude system accounts by entering the display name System Account.
Note that you can still run Audit Log analyses on excluded users if you enter them in the People Picker.
NOTE: Users can be excluded from permissions and activity analyses via the ControlPoint Configuration Setting Users to Exclude from Reports (EXCLUDEDUSERS).
Specifying Whether to Display Site Names in Audit Log Analyses (PROCESSAUDITNAMES)
By default, ControlPoint Audit Log analysis results include name of the Site on which audited activity occurred. The process required for ControlPoint to collect this information is time-consuming and may affect performance, especially if the scope of the analysis is large.
ControlPoint Application Administrators can, however, prevent this process from being carried out by changing the ControlPoint Configuration Setting PROCESSAUDITNAMES from True to False.
Note that, if PROCESSAUDITNAMES is set to false, you can use the url to identify the site where audited activity occurred.
Changing Settings for Anomalous Activity Detection
The following ControlPoint Sentinel Anomalous Activity Detection settings display under the category Audit Log.
·Enabling Anomalous Activity Detection via the ControlPoint Scheduled Job Review
·Changing the Subject and/or Body of Anomalous Activity Detection Emails
Enabling Anomalous Activity Detection via the ControlPoint Scheduled Job Review
As part of preparing your environment for using ControlPoint Sentinel, Anomalous Activity Detection must be enabled to run:
·via the ControlPoint Anomalous Activity Detection job in Central Administration
OR
·as part of the ControlPoint Scheduled Job Review, by changing the ControlPoint Setting Enable Options That Require Anomalous Activity Detection from False to True.
NOTE: This is an Advanced Setting in the Audit Log category.
See also "Preparing Your Environment for Using ControlPoint Sentinel" in the ControlPoint User Guide.