SharePoint Risk and Health Assessment Scoping Tool


I came across a SharePoint Risk and Health Assessment Scoping Tool, turns out that this tool can help you identify risks within your MOSS 2007 farm.

The read me of the tool says this about the tool:

The MOSSRAP Scoping Tool verifies connectivity requirements, permissions requirements, and other prerequisites for successful execution of the MOSSRAP tool set. This is done by remotely querying the servers in the SharePoint farm.

The tool does NOT make any changes to the environment. It simply uses standard operations such as WMI queries, SQL queries, port queries and so on.  It is completely read-only.

The tool is serial in nature and only attempts to perform a single check against a single server at a time.  This means there should be relatively minimal network or target system overhead while the tool is running.  This also means it may take it several minutes to complete depending upon the size of the farm.

Launch the Scoping Tool by executing Microsoft.MossRap.Scoping.exe
a.  This must be run from a computer that has full network connectivity to
all servers in the SharePoint farm (including SQL servers). This should be the
same computer that will be used to run the tool set during the MOSSRAP
engagement.
IMPORTANT: Building a separate “tools computer” for the MOSSRAP is STRONGLY
recommended. It is NOT recommended to run the scoping tool OR the MOSSRAP
tool set from a server that is a member of the SharePoint farm. Please see the
prerequisites document provided in the initial scoping email from your TAM for
more details on tools computer requirements.

b.  The scoping tool must be run using an account that has:
1) Member of the local Administrators group on every SharePoint server in
the farm
2) Member of the local Administrators group on every SQL server in the farm
3) Read permissions to every site in the farm (this can be granted via the
web application policy in Central Administration)
4) Full permissions to the Central Administration site and the
personalization services for each Shared Services Provider (SSP) in the farm.
5) Member of the sysadmin role on every SQL instance used by the farm

Ideally, this should be a dedicated account that will also be
used during the MOSSRAP engagement.  The account does not need to remain after
the engagement is complete.

image

 

image

image

Be aware that the tool needs to make use of the Logparser and the Baseline Security Analyzer. So these need to be installed on the servers!

Download links:

MossRap: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=535266cc-88e8-4180-a4da-838f94d6a10d&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+MicrosoftDownloadCenter+%28Microsoft+Download+Center%29#tm

Logparser: http://www.microsoft.com/downloads/details.aspx?familyid=890CD06B-ABF8-4C25-91B2-F8D975CF8C07&displaylang=en

Baseline Security Analyzer: http://www.microsoft.com/downloads/details.aspx?familyid=B1E76BBE-71DF-41E8-8B52-C871D012BA78&displaylang=en

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s