Documentation Version: er2.0.28-docs-1.1

SharePoint Server

This section covers the following topics

Requirements

Component

Description

Version Support

SharePoint Server 2013 and above.

Agent ER 2.0.24 Agent and newer.
TCP Allowed Connections
  • Port 1433 for Microsoft SQL Server.
  • All TCP ports used by the SharePoint web applications.

Licensing

SharePoint Server Targets are licensed by data allowance and also require 1 server license per database server or cluster.


To scan SharePoint web applications that are stored on 8 database servers and contain 1.5 TB of data requires:
  1. 8 server licenses, and
  2. Minimum 2 TB data allowance.

See Licensing for more information.

Scanning a SharePoint Server Target

In SharePoint, a single content database can host the content for Site Collections from multiple Web Applications. When a SharePoint database server is added as a scan Target, ER2 searches through all SharePoint content databases residing on the database server and returns all root-level Site Collections within the SharePoint database server.

For the example below, "SharePointDBS" is added as a SharePoint Server Target in ER2. When the Target is probed, users can view and scan all root-level Site Collections in stored in "MsSQL_DB_1" and "MsSQL_DB_2", as shown below:

SharePoint Database Server (host name: SharePointDBS) +-- Content database 1 (MsSQL_DB_1) +-- Web Application 1 (https://sharepoint.example.com) +-- Site Collection 1 (https://sharepoint.example.com/) +-- Site Collection 2 (https://sharepoint.example.com/operations) +-- Web Application 2 (https://sharepoint.example.com:100) +-- Site Collection 1 (https://sharepoint.example.com:100/) +-- Site Collection 2 (https://sharepoint.example.com:100/engineering) +-- Content database 1 (MsSQL_DB_2) +-- Web Application 1 (https://sharepoint.example.com:9999) +-- Site Collection 1 (https://sharepoint.example.com:9999/)
When probing a SharePoint database server, only the Site Collections that are stored within databases that the credential set has access to will be listed.

Credentials

To successfully scan all resources that reside on a SharePoint Server Target, use credentials that have the minimum required privileges to access all the content databases and web applications on the database server.

To scan all the SharePoint Web Applications hosted in "SharePoint DBS", use credentials that have at least read access to all Web Applications in "MsSQL_DB_1" and "MsSQL_DB_2".

Using Multiple Credentials to Scan a SharePoint Server Target

When multiple credentials are required to access the different Site Collections or Sites, a user can upload a text file containing granular access credentials when setting up a SharePoint Server Target. The text file contents must follow these rules:

  1. Each line of the text file defines a credential set for a URL path.
  2. Each line must be formatted as <url_path>|<username>|<password>.

    Field

    Description

    <url_path>

    The URL path to a Site Collection or Site.

    If the <url_path> is left blank, the credentials will be used to access all content in the SharePoint database server.

    <username>User name that has access to the URL path.
    <password>Password for the corresponding user.

Here is an example of a text file with granular access credentials for SharePointDBS:

1
2
3

https://sharepoint.example.com/operations|myUserName1|myPassword1
https://sharepoint.example.com:9999/|myUserName2|myPassword2
https://sharepoint.example.com:100/engineering|myUserName3|myPassword3

Adding a SharePoint Server Target

To add a SharePoint Server Target:

  1. From the New Search page, Add Targets.

  2. In the Server > Enter New Target Hostname field, enter the host name of your SharePoint database server.

  3. Click Test. If ER2 can connect to the Target, the button changes to a Commit button.

  4. On the left of the Select Types dialog, select Database > SharePoint.
  5. In the next window, fill in the following fields:

    Field

    Description

    Path

    Enter a resource path to scan.

    If the Path field is left blank, all resources in the SharePoint database server (e.g. web applications, site collections, sites, lists, list items, folders and files) will be scanned.

    See Path Syntax table for more information on scanning specific resources in the SharePoint server.

    Credential Details

    If you have stored the credentials, select from Stored Credentials.

    If not, enter:

    • Credential Label: Enter a descriptive label for the credential set.
    • Username: User name for the database server.
    • Password: Password for the database server.

    Windows Authentication for Microsoft SQL
    From ER2 2.0.21, Windows authentication is supported for Microsoft SQL 2008 and above.
    To use Windows authentication, enter your Windows account credentials:
    • Username: Windows domain and username in the <domain_name\user_name> format.

    • Password: Windows password.

    For more information on Windows or SQL Server authentication modes, see Choose An Authentication Mode.
    Credentials must have the minimum privileges described in Credentials.

    (Optional) API passwords

    Upload the text file containing multiple credentials to access different Site Collections or Sites.

    For example, my_sharepoint_credentials.txt

    See Using Multiple Credentials to Scan a SharePoint Server Target for more information.

    Proxy Details

    Select a suitable Agent.

  6. Click Test, and then + Add customised to finish adding the Target location.

Path Syntax

The following options can be defined in the Path field to setup a SharePoint Server scan:

Example of SharePoint Web Application structure: Web Application 1 (https://sharepoint.example.com) +-- Site Collection 1 (https://sharepoint.example.com/) +-- Site Collection 2 (https://sharepoint.example.com/operations) +-- Sub-site 1 (https://sharepoint.example.com/operations/sub-site.aspx) +-- Folder 1 (https://sharepoint.example.com/operations/myFolder) +-- File 1 (https://sharepoint.example.com/operations/myFolder/myFile.txt) +-- Lists (https://sharepoint.example.com/operations/Lists) +-- List 1 (https://sharepoint.example.com/operations/Lists/myList) +-- Item 1 https://sharepoint.example.com/operations/Lists/myList/myFile.pptx)

Description

Syntax and Example

Scan all resources on all content databases in the SharePoint server.

This includes all web applications, site collections, sites, lists, list items, folders and files for all content databases.

Leave Path blank.

Scan a web application.

This includes all site collections, sites, lists, list items, folders and files for the web application.

Syntax:
<web_application_url>

Example:
https://sharepoint.example.com

Scan a root site collection.

This includes all sites, lists, list items, folders and files for the root site collection.

Syntax:
<web_application_url>/

Example:
https://sharepoint.example.com/

Scan a non-root site collection.

This includes all sites, lists, list items, folders and files for the site collection.

Syntax:
<web_application_url>/<site_collection>

Example:
https://sharepoint.example.com/operations

Scan a site in a site collection.

Syntax:
<web_application_url>/<site_collection>/<site>

Example:
https://sharepoint.example.com/operations/sub-site

Scan a folder in a site collection.

Syntax:
<web_application_url>/<site_collection>/<folder>

Example:
https://sharepoint.example.com/operations/myFolder

Scan a file in a site collection.

Syntax:
<web_application_url>/<site_collection>/<folder>/<file>

Example:
https://sharepoint.example.com/operations/myFolder/myFile.txt

Scan all lists in a site collection.

Syntax:
<web_application_url>/<site_collection>/Lists

Example:
https://sharepoint.example.com/operations/Lists

Scan a list in a site collection.

Syntax:
<web_application_url>/<site_collection>/Lists/<list>

Example:
https://sharepoint.example.com/operations/Lists/myList

Scan a list item in a site collection.

Syntax:
<web_application_url>/<site_collection>/Lists/<list>/<list_item>

Example:
https://sharepoint.example.com/operations/Lists/myList/myFile.pptx