SharePoint cleanup – How to keep your farm permissions healthy

SPDocKit is a SharePoint administration tool that helps you view all SharePoint permissions across your farm and easily clean them up.

In this blog post, we’re going to go focus on SharePoint clean and how to remove unused users and groups from SharePoint site collections.

If you have been tasked with cleaning up user accounts in SharePoint, you certainly have a lot on your plate. So, where do you start? Good question.

It’s time to fire up SPDockit!

SPDockit is a SharePoint administration tool that helps you view all SharePoint permissions across your farm. You can explore permissions history and create site and user specific reports to manage your way through the SharePoint permission chaos.

SharePoint cleanup with SPDockit’s clean site collections wizard

Can you answer some simple questions? Who has permission, which permissions, where, and why? Thought so, you have no clue and I don’t blame you.

It’s very important to revoke the access for all users who are no longer working in your company. This also goes for your colleagues whose role within the organization has changed and requires their permission level to be adjusted.

This means cleaning orphaned users, users without permissions, groups without permissions, and groups without permissions so that they no longer pop up in the People Picker or SharePoint interface. Most clutter can be taken care of when the following is deleted and permissions are assigned properly.

Use the SPDockit Clean Site Collections Wizard to perform SharePoint cleanup by removing unused users and groups.

Use various SPDockit Permissions reports in SPDockit to check permissions for the following SharePoint objects:

  • Site Collections
  • Subsites
  • Lists
  • List Items
  • Users
  • Groups

Keeping up with SharePoint permissions is a hassle usually because the whole SharePoint structure might be set up chaotically.

Once you’ve check out what’s going on and what kind of permissions you’re dealing with, you can start the permissions clean up.

Delete orphaned users

Track down all farm users that still have access to the farm and are listed as a Site Collection user but have been disabled or deleted in Active Directory.

This means that an orphaned user doesn’t exist in the authentication provider. However, they can still be found in the User Information List. When you delete these users, they will also stop appearing so this will solve the problem of those users appearing on the People Picker.

Orphaned users should be deleted if for nothing else apart from security reasons. If an employee left the company, why keep their account? There have been cases when someone else impersonates that user or even cases when the user might try to re-use the account outside your company and steal sensitive information.

Delete users without permissions

Gather information on all users that no longer have any permissions assigned.

This means these users weren’t assigned any permissions directly or through some of the SharePoint groups. The problem with this is that these users cannot access any data on your corporate SharePoint and, once you track these users, you can address the problem either by deleting these users or assigning them appropriate permissions.

With this SharePoint cleanup wizard, you can find even users with “Limited Access” that have somehow slipped through and remained after their permissions on a specific item in this site collection have been removed.

Delete SharePoint groups without permissions

Keep your SharePoint permissions in check with Cleanup Wizard

You need to find all SharePoint groups that haven’t been assigned any permissions. The sole purpose of a SharePoint group is to use it to manage user permissions. No permissions or members in group equals clutter.

SPDockit will also provide you with a list of all groups with ”Limited Access” that remained after their permissions on a specific item in this site collection were removed.

Delete SharePoint groups without users

Audit all SharePoint groups without any members. There’s really no point in having SP groups without any users in them, is there?

Group owners disabled in AD

Check if the owner of a group is disabled or deleted in the Active Directory. If that’s the case, it might be a good idea to appoint a new owner since they are by default the only ones who can modify group members and settings.

How can SPDockit help you keep SharePoint Farm permissions healthy?

Use SPDockit to rearrange SharePoint permissions to stay compliant, organized, and make further SharePoint permission management a fail-safe procedure.

Use options like:

  • Edit
  • Clone
  • Transfer
  • Remove
  • Move or copy user to group
  • Remove user or group

SharePoint cleanup best practices

There are some best practices that make SharePoint permission management easier to handle and maintain. Of course, with these few tips and tricks you can prevent your SharePoint site from becoming cluttered again.

  • Assign permissions via Security or SharePoint groups.
  • Forecast the future growth of your SharePoint site and assign permissions accordingly.
  • Use the existing groups whenever possible and avoid creating too many groups.
  • Delete all unused groups and orphaned users.
  • Create as few as possible custom permission levels.
  • When creating new permission levels, start on the Site Collection level.

And, that’s it!

Subscribe to our Newsletter

Related Posts