Quest® Site Administrator for SharePoint—Security Auditor
Version 1.3.1
Release Notes
October 02, 2009
Welcome to Site Administrator for SharePoint—Security Auditor
Resolved Issues and Enhancements
Site Administrator for SharePoint—Security Auditor helps you track the activity in your SharePoint environment by providing the following:
The following is a list of issues addressed and enhancements implemented in this release of Site Administrator for SharePoint—Security Auditor 1.3.1 release.
|
Feature |
Resolved Issue |
Defect ID |
| Deployment | During the Security Auditor Console setup, you will have an incorrect connection setting in the Report Pack data source (userid=sa). This may cause data source connection errors. | ST60425 |
| You will receive an error about being unable to verify the audit database after you specify the audit database name and location during the Security Auditor Console setup. This happens only if the default SQL Server database for user who is running the console deployment is other than master database. | ST62624 | |
| If you run the Security Auditor Agent setup on Windows Server 2008-based computer under a non-administrator account and this account is similar to account under which the Security Auditor Agent works, the Agent setup will fail with the following error message: "Could not set user rights". This problem is related to User Account Control (UAC) on Windows Server 2008. | ST61331 | |
| Security Auditor Console | Reports are not upgraded after the Security Auditor Console upgrade to version 1.3. | ST62649 |
| If more than one front-end server is discovered in the certain SharePoint Web Farm and you click the Install link to deploy the Security Auditor Agent on this farm, only parent front-end server will be shown by Security Auditor Console. | ST61327 | |
| If you install the Security Auditor Agent manually on the front-end server that is not in the list of discovered front-end servers of the certain SharePoint Web Farm, the table of installed agents will be shown empty and you will receive an error message. | ST61326 | |
| Security Auditor Agent | The event with ID 1008 'Quest Site Administrator for SharePoint—Security Auditor Service cannot be stopped properly' is generated upon service stop or restart, when the Security Auditor Service 1.3 is configured to be integrated into the InTrust Framework. This event should be considered unnecessary. | ST62174 |
| When you upgrade the Security Auditor Service via the Console that is already upgraded, you will see the dialog with available front-ends selection. Moreover if you choose a host other than the host where the agent to upgrade is installed, the new deployment process will start on this host and then fail with error message about solution “quest.itsp.monitor.wsp” is already deployed. This is valid only when upgrading to 1.3. | ST62650 | |
|
Reporting |
||
|
The 'Document story' report does not contain information about SharePoint documents that were deleted because of a folder deletion. |
ST58620 |
|
|
Event Logging
|
If you use audit database that works with non-english instance of SQL Server, events generated by Security Auditor Agent are not logged and you will have the error message ID 1050 in your event log. | ST60905 |
The following is a list of issues known to exist at the time of Site Administrator for SharePoint—Security Auditor 1.3.1 release.
|
Feature |
Known Issue |
Defect ID |
|
Installation/Deployment |
If you run the Security Auditor Console setup on Windows Server 2008-based computer it may fail and you will receive an error message that you have not enough rights to unpack a Report Pak from the Common Files folder. To resolve this issue, run a Command Prompt as Administrator and then type <msiexec /I "%pathtoconsolemsi%"> and press Enter. The "%pathtoconsolemsi%" is a full path to the Security Auditor Console installation file including QSASA.Console.1.3.0.xxx.msi. | ST61405 |
|
Before installing, repairing or removing the Site Administrator for SharePoint—Security Auditor Agent in a SharePoint farm, make sure that all front-end servers and the server hosting Central Administration site are running. Make sure that the Windows SharePoint Timer Service is started on these servers. |
ST54816, |
|
|
Site Administrator for SharePoint—Security Auditor Agent configuration settings are set to defaults every time the product is re-deployed. |
ST55137 |
|
|
When reinstalling Site Administrator for SharePoint—Security Auditor Console, if you specify a different reporting database, reinstalled reports continue using the old reporting database as the data source. If you need to use a different database, edit it in the properties of the Quest Site Administrator for SharePoint—Security Auditor Database data source using Report Manager. |
ST56290 |
|
|
When reinstalling or upgrading the Site Administrator for SharePoint—Security Auditor Agent, after you have reinstalled the Security Auditor Console and specified different reporting database, the entire contents of the Site Administrator for SharePoint—Security Auditor log are transferred to the new database, whether or not they are present in the old database. If you want to avoid this, reinstall the product as follows:
|
ST56292 |
|
| When installing Site Administrator for SharePoint—Security Auditor Agent remotely on Windows Server 2008, the installation might fail if the Terminal Server is not running on Windows Server 2008. To workaround this issue, run the Security Auditor Agent installation package on the server of you choice (by default, the Security Auditor Agent installation files are located on the Quest Site Administrator for SharePoint CD in the Security Auditor folder). | ST58102 | |
| When you install the Security Auditor Agent on the SharePoint server of you choice, it is automatically distributed by SharePoint to all the servers in this farm, and farm-wide auditing is automatically activated. If you want to install the Agent and disable farm-wide auditing, run the setup through the following command-line msiexec /i “%1” QSASA_DONOTACTIVATEFEATURES=1 on the server you want. “%1” means path to the agent installation package. This feature is not available if you use the Security Auditor Console for an agent installation. | ST58494 | |
|
Event Logging |
||
|
The Site Administrator for SharePoint—Security Auditor Agent may create duplicated events when the service is stopped unexpectedly (e.g. using Task Manager). Only events generated within the last second of service operation are duplicated. |
ST54152 |
|
|
SharePoint site and site collection, list and document library, list item and document deletion events are logged even if the deletion operation is cancelled by its initiator or fails to complete. Whether or not the operation was successful, the event record indicates only the deletion attempt, not the result. |
ST54681 |
|
|
If you create a SharePoint site or site collection from a custom template while the auditing service is stopped, auditing will not be activated for the new site/site collection. |
ST54688 |
|
|
When browsing events logged by Site Administrator for SharePoint—Security Auditor with Event Viewer, the name of the event initiator and actual event date/time are not displayed in the User, Date and Time fields. Instead, these data are available in the event descriptions' insertion strings. |
ST53737 |
|
|
The Initiator insertion string of the EventID #30: Security Group created may contain the group owner user account instead of the actual account used to create the Security Group. This only happens when using SharePoint Object Model (e.g. via a script) to create the group; for Security Groups created with SharePoint Web UI the event is logged correctly. |
ST55232 |
|
|
Events coming from different site collections may be recorded in the event log in an order different from the order of their actual appearance. |
ST54578 |
|
|
No events indicating item conversion are recorded. |
ST52228 |
|
|
The List item viewed and Document viewed events may not be recorded. Quest is working with Microsoft to resolve this issue (CaseId SRZ080929000283). |
ST52627, |
|
|
Incomplete events (or no events) may be logged on permission changes, if the changes are made and then revoked within a short period of time (smaller than the Site Administrator for SharePoint—Security Auditor Agent poll period.) Quest is working with Microsoft to resolve this issue (CaseId SRZ080929000295). |
ST52723 |
|
|
Native SharePoint audit data logged before Site Administrator for SharePoint—Security Auditor deployment are converted partially. Event IDs ##50-51, 200-206, 208, 211, 250-252, 256-257, 300-304, 400-452 are not converted. Other events may contain incomplete data if the object (or its parent) on which particular event occurred was moved or deleted by the time the Site Administrator for SharePoint—Security Auditor Agent has been deployed. |
ST52706 |
|
|
Incomplete events may be logged on objects and permissions modification if the events happen within a short time window (smaller than the Site Administrator for SharePoint—Security Auditor Agent pull period), and the modified object (or its parent object) is then moved or deleted. |
ST55207 |
|
|
Site Administrator for SharePoint—Security Auditor may log incomplete events on user actions taken while the Site Administrator for SharePoint—Security Auditor Agent is stopped or idle. |
ST53819, |
|
|
Site Administrator for SharePoint—Security Auditor may log incomplete events on SharePoint site creation. In some cases, such events are not logged. Quest is working with Microsoft to resolve this issue (CaseId SRZ080929000295). |
ST55256 |
|
|
SharePoint Audit Database Cleanup |
Audit records for removed SharePoint site collections are not cleaned up from the SharePoint audit database. |
ST55205 |
| Reporting | The 'Document story' report may not contain information about folder removing and renaming. All the rest of data about life of the selected document including last URL of the document in the SharePoint document library is included in the report. | ST61415 |
| To compile the 'Document story' report correctly, you must enter the URL of the document in the SharePoint document library on the filter tab of the report. |
ST58621
|
|
| The URL of a certain SharePoint document may vary depending on the time period because of moving or renaming of a document, document library or a site. When you specify the URL of the document in the 'Document story' report filter tab, the report will contain information about all documents that have this URL within the time frame you have specified. If a number of documents have the same URLs, you can recognize a certain document using the unique DocID identifier. | ST58595 |
Before installing Site Administrator for SharePoint—Security Auditor, ensure your system meets the following minimum hardware and software requirements:
| Platform | Intel x86, -OR- Intel 64 (EM64T), -OR- AMD64 |
| Memory | Same as SharePoint Server system requirements |
| Hard Disk Space | Min. 512 Mbytes |
| Operating System | Microsoft Windows Server 2003 Enterprise Edition Service Pack 2 or later (32-bit or 64-bit), -OR- Microsoft Windows Server 2008 Enterprise Edition Service Pack 1 (32-bit or 64-bit) |
| Additional Software | Microsoft SharePoint Server 2007, -OR- Microsoft SharePoint Server 2007 64-bit Edition, -OR- Windows SharePoint Services 3.0 (WSS)
SQL Server 2005 Reporting Services Service Pack 1 Standard Edition or higher
Microsoft .NET Framework 3.0 for the computer where you install the Security Auditor Console |
For detailed system requirements and list of rights and permissions necessary for product operation please refer to the Site Administrator for SharePoint—Security Auditor Quick Start Guide.
This section contains information about installing and operating this product in non-English configurations, such as those needed by customers outside of North America. This section does not replace the materials about supported platforms and configurations found elsewhere in the product documentation.
This release is Unicode-enabled and supports any character set. In this release, all product components should be configured to use the same or compatible character encodings and should be installed to use the same locale and regional options. This release is targeted to support operations in the following regions: North America, Western Europe and Latin America, Japan.
The Site Administrator for SharePoint—Security Auditor release package contains the following products:
Refer to the Site Administrator for SharePoint—Security Auditor Quick Start Guide for installation instructions.
| info@quest.com | |
| Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA |
|
| Web |
Refer to our Web site for regional and international office information.
Quest Support is available to customers who have a trial version of a Quest product or who have purchased a commercial version and have a valid maintenance contract.
Quest Support provides around the clock coverage with SupportLink, our web self-service. Visit SupportLink at http://support.quest.com.
From SupportLink, you can do the following:
View the Global Support Guide for a detailed explanation of support programs, online services, contact information, and policy and procedures.
The guide is available at: http://support.quest.com/pdfs/Global Support Guide.pdf.
© 2009 Quest Software, Inc.
ALL RIGHTS RESERVED.
This document contains proprietary information protected by copyright. The software described in this document is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Quest Software, Inc.
If you have any questions regarding your potential use of this material, contact:
|
Quest Software World Headquarters
LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656
Email: legal@quest.com |
Refer to our website for regional and international office information.
Quest, Quest Software, the Quest Software logo, and Site Administrator for SharePoint are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks used in this guide are property of their respective owners.
This product includes third-party software.
For details, see the Quest Site Administrator for SharePoint—Security Auditor 1.3—Third-Party Licenses html document.
The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document.