Title

A secondary site collection administrator must be defined when creating a new site collection. (Cat III impact)

Discussion

If a site reaches its maximum size, users will be denied access until an administrator fixes the problem. Having a secondary administrator reduces the risk of having a Denial-of-Service on a site. If the site reaches its maximum size, the secondary administrator can fix the problem if the primary administrator is not available. In some situations, having a secondary site administrator could be inappropriate for reasons of control or confidentiality.

Check Content

This check should be marked not applicable if the farm is used only for the support of mySites. 1. In SharePoint Central Administration, click Application Management. 2. On the Application Management page, in the Site Collections list, click Change site collection administrators. 4. For each Site Collection, review Secondary Site Collection Administrator. 5. Mark as a finding if Secondary Site Collection Administrator is not defined unless the site collection is for mySites.

Fix Text

1. In SharePoint Central Administration, click Application Management. 2. On the Application Management page, in the Site Collections list, click Change site collection administrators. 4. For each Site Collection, define a Secondary Site Collection Administrator unless the site collection is for mySites. 5. Select OK.

Additional Identifiers

Rule ID: SV-38149r2_rule

Vulnerability ID: V-29373

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.