Mathieu Lacoste 0 Posted June 6, 2018 Share Posted June 6, 2018 (edited) Hello I have setup ESET Security for SharePoint Server 6.5.15014 on one of our servers using SharePoint 2010 Enterprise. Due to internal policies, we need to use a different account for the ESET SharePoint Administrator Account than the Farm Admininistrator Account of SharePoint. I have setup an account for ESET with the following rights: Farm Admininistrator Local Server Administrator (after some tests) SYSADMIN on the SQL Server Full Control on all Web Applications User policies Even with all these rights, I have the following warning: "Unable to access some of the SharePoint web site objects". When I open the SharePoint Database Scan window, and I select "Custom Targets", I am able to see all site collections and subsites, except for the Central Admininistration site collection (I cannot launch a scan on it). But, If I log on to the server, I can access the Central Admininistration just fine with the browser, and I have full rights inside it. I did a test of using the actual SharePoint Farm Administrator Account as the ESET account, and everything works fine with it. I have no warning and I can browse the central Admin in the Database Scan Window, and launch a scan of the Central Admin. Any idea about what could be wrong or missing with our custom account? Thanks Mathieu Edited June 6, 2018 by Mathieu Lacoste Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted June 7, 2018 Administrators Share Posted June 7, 2018 Under the account you've created for ESET, run " SHPIO13.exe displaystructure". Also provide the output of running the command "Shpio13.exe usercount /print /withnames /diag". Link to comment Share on other sites More sharing options...
Mathieu Lacoste 0 Posted June 7, 2018 Author Share Posted June 7, 2018 (edited) Hello Marcos Here are the output. C:\Windows\system32>SHPIO13.exe displaystructure Web service: Application web de Microsoft SharePoint Foundation, , Web application count: 1 Web App: SharePoint, Online, , Sites count: 2 Site: [hxxp://SHAREPOINTHOST] Webs count: 1 Web: Portail SharePoint, [hxxp://SHAREPOINTHOST] Site: [hxxp://SHAREPOINTHOST/mysites] Webs count: 1 Web: mysites, [hxxp://SHAREPOINTHOST/mysites] Web service: Administration centrale, WSS_Administration, WSS_Administration Web application count: 1 Web App: , Online, , Sites count: 2 Site: [hxxp://SHAREPOINTHOST:800] UNAUTHORIZED Site: [hxxp://SHAREPOINTHOST:800/sites/Help] UNAUTHORIZED Processed sites: 2, webs: 2 Unauthorized sites: 2, webs: 0 C:\Windows\system32>Shpio13.exe usercount /print /withnames /diag Getting all sites... Done. Num sites: 4 Site: hxxp://SHAREPOINTHOST Web: hxxp://SHAREPOINTHOST, user count: 7 +User: SHAREPOINT\system; sid is empty: 0; no sid but unique SysID: 0; is group: 0; has unique sid: 1 +User: i:0#.w|LAB\eset_account; sid is empty: 1; no sid but unique SysID: 1; is group: 0; has unique sid: 0 +User: i:0#.w|LAB\SPFarm; sid is empty: 1; no sid but unique SysID: 1; is group: 0; has unique sid: 0 +User: i:0#.w|LAB\SPSearch; sid is empty: 1; no sid but unique SysID: 1; is group: 0; has unique sid: 0 +User: LAB\testuser; sid is empty: 0; no sid but unique SysID: 0; is group: 0; has unique sid: 1 +User: i:0#.w|LAB\testuser; sid is empty: 1; no sid but unique SysID: 1; is group: 0; has unique sid: 0 +User: LAB\testuser2; sid is empty: 0; no sid but unique SysID: 0; is group: 0; has unique sid: 1 Site: hxxp://SHAREPOINTHOST/mysites Web: hxxp://SHAREPOINTHOST/mysites, user count: 6 +User: i:0#.w|autorite nt\système; sid is empty: 1; no sid but unique SysID: 1;is group: 0; has unique sid: 0 +User: AUTORITE NT\Système; sid is empty: 0; no sid but unique SysID: 0; is group: 0; has unique sid: 1 -User: SHAREPOINT\system; sid is empty: 0; no sid but unique SysID: 0; is group: 0; has unique sid: 0 -User: i:0#.w|LAB\eset_account; sid is empty: 1; no sid but unique SysID: 0; is group: 0; has unique sid: 0 -User: i:0#.w|LAB\SPSearch; sid is empty: 1; no sid but unique SysID: 0; is group: 0; has unique sid: 0 -User: LAB\testuser2; sid is empty: 0; no sid but unique SysID: 0; is group: 0; has unique sid: 0 Site: hxxp://SHAREPOINTHOST:800 Web: hxxp://SHAREPOINTHOST:800, user count: 7 -User: AUTORITE NT\Système; sid is empty: 0; no sid but unique SysID: 0; is group: 0; has unique sid: 0 +User: LAB\eset_account; sid is empty: 0; no sid but unique SysID: 0; is group: 0; has unique sid: 1 +User: LAB\SPFarm; sid is empty: 0; no sid but unique SysID: 0; is group: 0; has unique sid: 1 +User: LAB\SPAppPool; sid is empty: 0; no sid but unique SysID: 0; isgroup: 0; has unique sid: 1 -User: LAB\testuser; sid is empty: 0; no sid but unique SysID: 0; is group: 0; has unique sid: 0 -User: LAB\testuser2; sid is empty: 0; no sid but unique SysID: 0; is group: 0; has unique sid: 0 -User: SHAREPOINT\system; sid is empty: 0; no sid but unique SysID: 0; is group: 0; has unique sid: 0 Site: hxxp://SHAREPOINTHOST:800/sites/Help OBJECT: hxxp://SHAREPOINTHOST:800/sites/Help ERROR: Accès refusé. (Exception de HRESULT : 0x80070005 (E_ACCESSDENIED)) OBJECT: hxxp://SHAREPOINTHOST:800/sites/Help ERROR: Accès refusé. (Exception de HRESULT : 0x80070005 (E_ACCESSDENIED)) Users verification... -User: SHAREPOINT\system; sid empty: 0; SysID empty: 0; has unique sid: 1; has unique SysID: 1, verified in AD: 0, accUniq: 0, parsedSAM: , verifWithSAM: 0 -User: i:0#.w|LAB\testuser; sid empty: 1; SysID empty: 0; has unique sid: 0; has unique SysID: 1, verified in AD: 0, accUniq: 0, parsedSAM: , verifWithSAM: 0 -User: i:0#.w|autorite nt\système; sid empty: 1; SysID empty: 0; has unique sid: 0; has unique SysID: 1, verified in AD: 0, accUniq: 1, parsedSAM: système, verifWithSAM: 0 -User: AUTORITE NT\Système; sid empty: 0; SysID empty: 0; has unique sid: 1; has unique SysID: 1, verified in AD: 0, accUniq: 0, parsedSAM: , verifWithSAM: 0 -User: LAB\eset_account; sid empty: 0; SysID empty: 0; has unique sid: 1; has unique SysID: 1, verified in AD: 1, accUniq: 0, parsedSAM: , verifWithSAM: 0 -User: LAB\SPFarm; sid empty: 0; SysID empty: 0; has unique sid: 1; has unique SysID: 1, verified in AD: 1, accUniq: 0, parsedSAM: , verifWithSAM: 0 Users verification done in 00:00:00.4314404. AD users: 3 Other users: 3 ======== AD users =========== LAB\SPAppPool LAB\testuser LAB\testuser2 ======== Other users ======== i:0#.w|LAB\eset_account i:0#.w|LAB\SPFarm i:0#.w|LAB\SPSearch ============================= User count duration: 00:00:02.3593007 Thanks Edited June 7, 2018 by Mathieu Lacoste Pasted the wrong information, thanks to Internet Explorer Link to comment Share on other sites More sharing options...
Mathieu Lacoste 0 Posted June 7, 2018 Author Share Posted June 7, 2018 By the way, outputs for the tools were made on SharePoint 2013 in our labs and results are the same as with the 2010. thanks. Link to comment Share on other sites More sharing options...
Mathieu Lacoste 0 Posted July 12, 2018 Author Share Posted July 12, 2018 After contacting support, the issue had to do with the way the tool enumerates the sites in SharePoint. Even if the ESET antivirus for SharePoint Account is a farm Administrator on the SharePoint Farm (and theorically has all the rights to the farm and the central administration), it also needs to be in the Central Administration Site collection Administrators Group for the enumeration to be successful (again, the account has access to the Central Administration). Placing the Eset Account as a secondary Admin on the Central Administration did the trick. Thanks Link to comment Share on other sites More sharing options...
Recommended Posts