Documentation forAccess Rights Manager

Configure additional properties

  1. Ensure that you have configured a SharePoint on-premise or SharePoint Online resource in ARM.

  2. Start the Configuration application.

  3. Click Scans.

  4. Locate the SharePoint scan configuration.

  5. Click the additional properties link at the bottom of the window.

  6. Click the SharePoint Version drop-down menu and select your SharePoint version.

    To communicate with the SharePoint system, ARM uses Microsoft components that are specific to the version of the SharePoint system. Specifying the correct SharePoint version ensures that all information is shared correctly with the SharePoint system. If the configured version of SharePoint differs from the actual version, you may experience incomplete or incorrect data.

  7. Configure the basic scanner configuration settings.

    1. Determine how many maximum parallel requests the scan will perform. The higher the number, the higher the scanning speed and the load on the SharePoint server.

    2. Select the number of maximum connector renew attempts to connect to the SharePoint server.

    3. Select the timeout (in minutes) that ARM waits for the connection to the SharePoint Server or the result of a query. You can select a value between 1 and 120 minutes.

      Select 10 minutes for systems with lists and libraries less than 5,000 elements (recommended).

      Select 60 minutes for systems with lists and libraries greater than 5,000 elements (recommended)

  8. Select the Exclude Administrators checkbox to exclude administrators from the scan. They will not be available in views and reports. Otherwise, leave this checkbox unchecked.

  9. Select the Exclude Owners checkbox to exclude owners from the scan. They will not be available in views and reports. Otherwise, leave this checkbox unchecked.

    This option is not effective for SharePoint 2010. Microsoft does not provide the information about the owner in this release.

  10. Select the Exclude Secondary Contact checkbox to exclude secondary contacts from the scan. They will not be available in the views and reports. Otherwise, leave this option unchecked.

    This selection is optional in SharePoint. The option is ineffective if no secondary contact is entered.

    This option is not effective for SharePoint 2010. Microsoft does not provide the secondary contact information in this release.

  11. Select the Exclude Limited Access checkbox to exclude the limited access from the scan. This information is not available in views and reports. Otherwise, leave this checkbox unchecked.

    Limited access is automatically granted by the SharePoint system to ensure that SharePoint users can navigate through the application.

  12. Select the Include hidden lists checkbox to exclude hidden lists from the scan. They are not available in the views and reports. Otherwise, leave this checkbox unchecked.

  13. Select the Exclude list items checkbox to exclude list items from the scan. They will not be available in the views and reports. Otherwise, leave this checkbox unchecked.

  14. Select the Include list items with unique rights only checkbox to determine whether only list items or documents with specific permissions (such as interrupted inheritance) will be scanned. Otherwise, leave this checkbox unchecked.

  15. Select the maximum element scan attempts after which the scan of a specific SharePoint object is canceled. You can select a value between 1 and 5. SolarWinds recommends setting this value to 3.

  16. Set the maximum list view threshold value for reading list elements.

  17. Select the Detailed logging checkbox to enable the extended error analysis. When enabled, the scan speed slows down and the ARM server log file increases in size. Otherwise, leave this checkbox unchecked.

  18. (SharePoint on-premise only) Select the Ignore domain in SharePoint Credentials checkbox if the targeted scanned system is not operated in the local network infrastructure (for example, an external service provider) and the account name uses the abc@xyz.com format. Otherwise, leave this checkbox unchecked.

  19. (Recommended) Select the PowerShell CredSSP-Authentication checkbox to determine the available SharePoint items and display them in the tree view. Enable this option if SharePoint is running in a multi-server environment (for example, dedicated servers are used for the front end database).

    To enable the scanner to work properly, configure WinRM and prepare PowerShell to use CredSSP authentication.

  20. Select the Use SSL for WSMarr checkbox to use Web Services Management / Windows Remote Management (WSMAN/WinRM) over SSL.

  21. In the Port for WSMan field, select a non-default port for WSMan/WinRM. If you are using the default ports, you can leave the field blank. Default ports for WSMan/WinRM are 5985 for HTTP and 5986 for HTTPS.

Prepare SharePoint to use CredSSP

Before you begin, configure all SharePoint servers and then the ARM server. The ARM server needs to access SharePoint during the configuration.

See the following article for more information: How to enable Remote PowerShell for SharePoint 2013 for Non-Administrators (© 2020 Microsoft, https://docs.microsoft.com/de-de/archive/blogs/anneste/how-to-enable-remote-powershell-for-sharepoint-2013-for-non-administrators, obtained on November 27, 2020).

Perform the following steps on the SharePoint front-end server to prepare SharePoint to use the Credential Security Support Provider (CredSSP) protocol:

  1. Start the SharePoint Management Shell with local administrator privileges.

  2. Active Remoting for PowerShell.

    Enable-PSRemoting -Force

  3. Activate Remoting for PowerShell.

    Enable-PSRemoting -Force

  4. Activate MultiHop support in WinRM.

    Enable-WSManCredSSP -Role "Server" -Force