This article describes how to install the Security Blueprints in your SharePoint environment. The first step is to install the solution package. After you have done this, this article shows you how to configure the security blueprints. The last part of this article describes how you can manually start the process for 1 site collection.
Step 1 – Install the solution package
The first step is to install the Security Blueprints software to your environment. Unzip the file that you have downloaded from CodePlex to a folder on the server that is running Central Administration.
SharePoint Objects Security Blueprints are now installed in your SharePoint farm. The installation process has installed these files and folders to your server(s):
|TST.SharePointObjects.SecurityBluePrint.dll||Global Assembly Cache|
Step 2 – Configure the timer job
Security blueprints are generated by a SharePoint timerjob, that can be installed by activating a feature. Navigate to the Central Administration of your SharePoint farm. On the Application Management tab, select Mangage Web application features. On this page, find the web application that runs the site collections that you want to monitor using the security blueprints. Then click the Activate button for the feature ‘SharePoint Objects – Security Blueprint Menu’.
The timer job is now installed, it can be configured by using a special administration page. The menu to navigate to this administration page can be activating a site collection feature. Navigate to the Site Settings of the Central Administration site. In the Site Collection Administration section, click Site collection features. Find the feature called ‘SharePoint Objects – Security Blueprint Menu’ and click Activate.
If you now navigate to the Application Management tab in Central Administration, you will find a new section called ‘SharePoint Objects’. This section now has a menu option called ‘Configure timerjob for creating security blueprints’. Click this link to configure the timerjob. The first section on this page lets you choose a web application.
If you select a web application that does not have the Security Blueprint Timerjob featere activated, the Status field will notify you the timerjob is not activated. If the feature is activated, the Status field will show the last run time of the timerjob. In this section you can also set the display title for the timerjob and the schedule.
The second section on the configuration page allows you to configure the location where the blueprints will be stored. When the blueprint timerjob runs, it creates a security blueprint for every site collection in the web application. This blueprint is saved as a XML file in an automatically created document library. By configuring the Library Site Url setting, you can decide where the timerjob publishes the blueprint.
There are 3 options:
- Leave the setting empty
The blueprint library is created in the root site of each site collection.
- Enter a relative url (e.g. ‘/admin/blueprints’)
The blueprint library is created in each site collection, in the subsite with this url. If there is no subsite found on this url, the blueprints are saved in the root site of each site collection.
- Enter an absolute url (e.g. http://admin.intranet/blueprints)
All blueprints of all site collections are stored in 1 document library. The timer job creates a subfolder for each site collection. These folder are hidden from the user in the view. This allows you to manage the blueprints in a central location.
The last section of the timerjob setup page allows you to configure endpoints. Endpoints are relative urls to specific sub sites in your site collections. The blueprint process stops generating the blueprint XML at this site, if the url equals one of the endpoints. Suppose you have a subsite called ‘Projects’. This site has a number of subsites for a number of projects. You are interested in the security settings of this Projects site, but the security settings for each project site are not important. You can enter ‘/Projects’ as an endpoint, meaning the Projects site is the last site in the tree to be included in the blueprint. You can now add new project sites to your site collection(s) without changing the security blueprint for your site collection. Otherwise every new project site is seen as a change to the security blueprint of the site collection, and a new report is published.
You can enter multiple endpoints by putting every endpoint on a new line in the text box.
Step 3 – Start the process manually
The Security Blueprints allow you to start the process manually for a single site collection. If you do not have the feature activated for the site collection, navigate to the Site Settings of the root site in your site collection. In the Site Collection Administration section, select Site collection features. Find the feature called ‘SharePoint Objects – Security Blueprint Menu’ and click the Activate button.
If you navigate to the Site Settings page, this page will have a new section called SharePoint Objects. This section has a menu option called ‘Create security blueprint’. This link is available for every subsite in the site collection. This allows you to create a blueprint for just 1 subsite, instead of a full report for all sites in the site collection. The root site of the site collection is always included in the blueprint.
After clicking this link, you can manually start the process by clicking the Create button. You can publish the blueprint to a specific location or a central location in your farm by entering a url. See Step 2 in this article for the details. The paragraph also contains an explanation of the endpoints you can configure.
After clicking the Create button, the blueprint is created and you are redirected to the library that contains the report.-