SharePoint
Feedback by UserVoice

I suggest you ....

← SharePoint Administration

SharePoint Management Shell/Central Administration Auditing

Currently, when an administrator performs an action in the Management Shell/Central Administration, most of the data regarding who and what action took place is not recorded. This makes auditing impossible when there are multiple administrators managing the farm. I would propose putting auditing controls in for the SharePoint Management Shell and Central Administration, to record who and what changes were made.

258 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Trevor Seward shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

18 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Fouad Chahin commented  ·   ·  Flag as inappropriate

    A user has deleted a site at our tenant within SharePoint and we are unable to view who has done this and we would like further support and assistance to enable this feature

  • Dean Gross commented  ·   ·  Flag as inappropriate

    When can we expect this to become available in SPO/O365. The combined audit log does not contain very many admin activities and is essentially useless for auditing and investigation purposes.

  • Anonymous commented  ·   ·  Flag as inappropriate

    examples expecting in audit log
    - SPO tenant setting changes
    - site creation, deletion, rename
    - enable /disable sharing on sites (it takes more as 4 days prio A case to find when happen)
    - change , add primary,secondary site admin
    - enable,disable scripting
    - mange hub site tasks
    - quota changes

    Some information are in the compliance center audit log where a SPO admin has no access in some companies.

  • Trevor Seward commented  ·   ·  Flag as inappropriate

    Anonymous... :) I've had extensive conversations with the PG directly on this topic; don't worry, they do fully understand the request. It's a complicated solution and goes above and beyond 'just implement some logging'.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Guys, the request is not that hard to understand... Obviously it would be for auditing purposes, and just make it easy to use and find! 9_9

  • Star D. commented  ·   ·  Flag as inappropriate

    Just want to add that I too agree with Trevor, as well the points brought up by Tony, Daniel, Dean, Rajkumar and Thuan.

  • Tony Rockwell commented  ·   ·  Flag as inappropriate

    Compliance for many organizations is getting huge, and with that comes auditing. Why allow auditing of user actions and NOT provide easy auditing of Administrator actions? This just makes sense from a business perspective. Trevor points out exactly what everyone needs: "I want is to be able to tell which administrator took such an action against an object in order to place responsibility with that administrator."

  • cacallahan commented  ·   ·  Flag as inappropriate

    I agree with Trevor. With the power that Central Administration wields, it would be great to be able to surface an audit of who made what change and when. I for one, would also love having it surfaced in the UI, so consider my vote to be VERY important (which you don't have but maybe is a 5?)

  • Trevor Seward commented  ·   ·  Flag as inappropriate

    The idea would be to audit actions taken place on SharePoint objects, similar to the AuditLog/EventCache we have today, but more detailed. If I ran '$wa = Get-SPWebApplication https://webAppUrl;$wa.AlertsEnabled = $true;$wa.Update()`, I would want that string recorded to a log with a date/timestamp and username attached to it and if the command encountered an error or not. This would go to a queryable database (through the OM or T-SQL); such a structure could be simply a datetime: occurred on, nvarchar(255): username, nvarchar(MAX): action/cmdlet/script run, bit: success/error during cmdlet execution, uniqueidentifier: CorrelationId, if applicable. UX would be the least important (1), I'd be happy with a CSV export from a Get-SPAdminActionLog. Centralized Log location would be a must (5). If there is an option to clear the log, then much like the Windows Event Log, I would want that to be the first action recorded with the administrator's name attached to it. Ultimately, what I want is to be able to tell which administrator took such an action against an object in order to place responsibility with that administrator. Right now, I simply cannot do that with ease, or at all depending on the scenario. SharePoint Insights will not always be appropriate for this -- this needs to be available on farms that do not have any sort of Internet access or for companies who do not have O365 Subscriptions.

  • Daniel C. Kline commented  ·   ·  Flag as inappropriate

    Absolutely. SharePoint is big enough that I frequently am overdrawn at the memory bank. A little augmented memory would be awesome.

  • Thuan Ng commented  ·   ·  Flag as inappropriate

    Totally agreed with Trevor. In enterprises especially who outsource IT resource, there are many people touching one farm even we have governance plan. It's much better to have an auditing feature that capture changes made in SharePoint admin content database and configuration.

  • Roger Cormier commented  ·   ·  Flag as inappropriate

    I have several customers who are jumping through hoops to artificially add this functionality to SharePoint 2013. It's a very common ask.

SharePoint Administration: on-premise Central Admin

Categories

Feedback and Knowledge Base

(thinking…)


SharePoint Tech Community

UserVoice Terms of Service & Privacy Policy