SharePoint Integration
Use direct SQL database access
ESET Security for Microsoft SharePoint uses the SharePoint object model for all database operations (read and write) by default. Enable the Use direct SQL database access setting to allow ESET Security for Microsoft SharePoint read-only access to read data directly from the SQL Server (SharePoint Content databases). Direct database access has several advantages over the SharePoint object model. Direct database access is faster, performs better, and uses fewer system resources. It is used for all read operations, while all write operations (Clean, Delete, etc.) are executed via the SharePoint object model.
Both access models (direct database and the SharePoint object) support parallel threads. You can configure parallelism by specifying Number of concurrent downloads in the SharePoint database scan.
|
This account must have SharePoint Farm Administrator privileges to access website collections for scanning and "Log on as service" privileges. If SharePoint is configured to connect to the database using Windows authentication, this account must also be a member of the SQL Sysadmin role on the database server. We recommend that you use the Farm Administrator account created during SharePoint installation. If you do not type valid login credentials, ESET Security for Microsoft SharePoint will not be functional after the installation. If the installation is performed without GUI, type the SharePoint administrator account via the GUI or PowerShell 7 afterward; otherwise, the product will not work. Ensure to update the ESET Security for Microsoft SharePoint SharePoint service credentials whenever your SharePoint Farm Administrator password changes. In an ESET PROTECT managed environment, you can use a Client Task called Run Command to execute eShell commands. Having ESET PROTECT in a managed environment is useful for a large farm with many SharePoint instances or if you want to supply credentials remotely whenever the SharePoint Farm Administrator password changes. When creating a new ESET PROTECT Client Task, specify the Command line to run: PowerShell Set-Service -Name eShpSvc -Credential $credential -Status Running Where $credential is System.Management.Automation.PSCredential type. See Microsoft's article for further details on creating credential object. This command will update the ESET Security for Microsoft SharePoint service and enable it to access your SharePoint infrastructure. Ensure that you use PowerShell version 7.0 or later. |
|
If you do not want to use the SharePoint Farm Administrator for ESET Security for Microsoft SharePoint to access your SharePoint, use a dedicated user account with specific privileges. Ensure the user account meets the following: 1.SharePoint Web Application access. Modify Policy for Web Application in Central Administration > Security > Specify web application user policy > Add Users and give the account access to (All zones) and Full Control permission. See the SharePoint Diary's article for a more detailed guide on configuring Web Application User Policy in SharePoint. 2.Access to SQL databases. The same account must have granted explicit permissions to SharePoint-related databases. Use a database management tool, such as Microsoft SQL Server Management Studio. Alternatively, you can accomplish the same with PowerShell. List of databases with required database roles: SharePoint_AdminContent_{hash} •SharePoint_Shell_Access •SPDataAccess SharePoint_Config •SPDataAccess
WSS_Content •SPDataAccess
Any other WSS_Content_X •SPDataAccess
|
eShell can securely configure credentials for SharePoint integration.
|
Use eShell to set the SharePoint farm administrator account credentials. First, you need to retrieve and export or store the credentials using PowerShell, then run the eShell command to read and apply these credentials, allowing for ESET Security for Microsoft SharePoint integration with SharePoint. To retrieve and set the credentials, choose one of the two methods: PSCredential object and XML file or Credential Manager and Windows Vault. Ensure that you use PowerShell version 3.0 or later for each method. Method 1 (PSCredential object and XML file) 1.Export PSCredential object to XML file using Export-Clixml PowerShell cmdlet by running the following two commands in PowerShell: $Credentials = Get-Credential $Credentials | Export-Clixml -Path "C:\FarmAdminCredentials.xml" 2.Open eShell and run the following command to set the credentials from the XML file: set sharepoint integration farm-password pscredential "C:\FarmAdminCredentials.xml" 3.Remove the XML file by running the PowerShell command: Remove-Item "C:\FarmAdminCredentials.xml"
Method 2 (Credential Manager and Windows Vault) 1.Install third-party PowerShell module CredentialManager from PSGallery (there is no standard) by running the following command in PowerShell: Install-Module -Name CredentialManager 2.Store credentials from the PSCredential object into Windows Vault by running the following two commands in PowerShell. $Credentials = Get-Credential New-StoredCredential -Credentials $Credentials -Target "FarmAdminCredentials" 4.Open eShell and run the following command to set the credentials from the Windows Vault: set sharepoint integration farm-password winvault "FarmAdminCredentials" 5.Remove stored credentials target from the Windows Vault by running the PowerShell command: Remove-StoredCredential -Target "FarmAdminCredentials" |
Even if you do not have a large SharePoint farm, you can use the eShell command (see above) to populate the credentials of the SharePoint farm administrator account. Alternatively, you can do it while upgrading to the latest version rather than manually entering the Username and Password.
|
To ensure continuous protection, you must update SharePoint administrator account credentials whenever they change. If the credentials entered here do not match the SharePoint administrator account, ESET Security for Microsoft SharePoint will not function properly and will not provide maximum protection. |