SharePoint
Feedback by UserVoice

I suggest you ....

SharePoint Management Shell/Central Administration Auditing

Currently, when an administrator performs an action in the Management Shell/Central Administration, most of the data regarding who and what action took place is not recorded. This makes auditing impossible when there are multiple administrators managing the farm. I would propose putting auditing controls in for the SharePoint Management Shell and Central Administration, to record who and what changes were made.

221 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Trevor Seward shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for your feedback! Your idea sounds interesting, but we need more information to understand. Can you tell us more about how you would like to use this feature?

    Is your primary intent to use these logs for reporting and for troubleshooting? Will collection and centralization of these logs in a DB, such as the usage DB, provide the functionality that you seek (if these logs contain data of who performed the action, what the action is, what the target of the action, and when the timestamp of the action is)? How important is having a UX, in addition to the centralized log location, on a scale from 1-5 (1 being least important, 2 being somewhat important, 3 being neutral, 4 being important, 5 being not important)?

    18 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        examples expecting in audit log
        - SPO tenant setting changes
        - site creation, deletion, rename
        - enable /disable sharing on sites (it takes more as 4 days prio A case to find when happen)
        - change , add primary,secondary site admin
        - enable,disable scripting
        - mange hub site tasks
        - quota changes

        Some information are in the compliance center audit log where a SPO admin has no access in some companies.

      • Trevor Seward commented  ·   ·  Flag as inappropriate

        Anonymous... :) I've had extensive conversations with the PG directly on this topic; don't worry, they do fully understand the request. It's a complicated solution and goes above and beyond 'just implement some logging'.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Guys, the request is not that hard to understand... Obviously it would be for auditing purposes, and just make it easy to use and find! 9_9

      • Star D. commented  ·   ·  Flag as inappropriate

        Just want to add that I too agree with Trevor, as well the points brought up by Tony, Daniel, Dean, Rajkumar and Thuan.

      • Tony Rockwell commented  ·   ·  Flag as inappropriate

        Compliance for many organizations is getting huge, and with that comes auditing. Why allow auditing of user actions and NOT provide easy auditing of Administrator actions? This just makes sense from a business perspective. Trevor points out exactly what everyone needs: "I want is to be able to tell which administrator took such an action against an object in order to place responsibility with that administrator."

      • cacallahan commented  ·   ·  Flag as inappropriate

        I agree with Trevor. With the power that Central Administration wields, it would be great to be able to surface an audit of who made what change and when. I for one, would also love having it surfaced in the UI, so consider my vote to be VERY important (which you don't have but maybe is a 5?)

      • Trevor Seward commented  ·   ·  Flag as inappropriate

        The idea would be to audit actions taken place on SharePoint objects, similar to the AuditLog/EventCache we have today, but more detailed. If I ran '$wa = Get-SPWebApplication https://webAppUrl;$wa.AlertsEnabled = $true;$wa.Update()`, I would want that string recorded to a log with a date/timestamp and username attached to it and if the command encountered an error or not. This would go to a queryable database (through the OM or T-SQL); such a structure could be simply a datetime: occurred on, nvarchar(255): username, nvarchar(MAX): action/cmdlet/script run, bit: success/error during cmdlet execution, uniqueidentifier: CorrelationId, if applicable. UX would be the least important (1), I'd be happy with a CSV export from a Get-SPAdminActionLog. Centralized Log location would be a must (5). If there is an option to clear the log, then much like the Windows Event Log, I would want that to be the first action recorded with the administrator's name attached to it. Ultimately, what I want is to be able to tell which administrator took such an action against an object in order to place responsibility with that administrator. Right now, I simply cannot do that with ease, or at all depending on the scenario. SharePoint Insights will not always be appropriate for this -- this needs to be available on farms that do not have any sort of Internet access or for companies who do not have O365 Subscriptions.

      • Daniel C. Kline commented  ·   ·  Flag as inappropriate

        Absolutely. SharePoint is big enough that I frequently am overdrawn at the memory bank. A little augmented memory would be awesome.

      • Thuan Ng commented  ·   ·  Flag as inappropriate

        Totally agreed with Trevor. In enterprises especially who outsource IT resource, there are many people touching one farm even we have governance plan. It's much better to have an auditing feature that capture changes made in SharePoint admin content database and configuration.

      • Roger Cormier commented  ·   ·  Flag as inappropriate

        I have several customers who are jumping through hoops to artificially add this functionality to SharePoint 2013. It's a very common ask.

      Feedback and Knowledge Base