Data Loss Prevention

Hello,

I have a DLP user who is facing an issue with failed network discover scans amongst their SharePoint sites.  Some work, while others fail, resulting in an "invalid credentials" message. The credentials have been verified, and the user has also verified that the correct persmissions have been established for the account used for the scans:  "browse directories," "use remote interfaces," "enumerate permissions."   

To further troubelshooting, what logging should be referred to, and at what levels?  So far, FINEST has been enabled for Discover Trace logs, but nothing insightful has been generated.  Is there more logging that can be obtained in this situation, other than just invalid credentials?  Need something more to go off of in order to pinpoint where the issue(s) may lie. 

Any help appreciated!

I would normally, validate each scan target share with the Effective Permissions tab to determine the permissions that a user has for certain resources in a domain. Mostly the results that are displayed in the sacn history may be due to inconsistentancy with the actual permissions of the user for that resource.

The belwo URL might help:
https://technet.microsoft.com/en-us/library/cc772184.aspx

I'm aware there are Tools like the one from netwricks, etc. however looking at the long channel one has to follow to get new tools approved on critical server - I'm content using the effective permissions for validation.

Hello,

 Does your user sharepoint site scanner works previously ? Is it always the same which fails ?

Did you check scanner log files on sharepoint server ?

Sharepoint account used for the scan must have following right for site to be scanned :

- Local and farm administrator rights.
- Database owner permissions to the content and to the configuration databases for SharePoint 2007.
- Site collection administrator rights, or full control for all web applications.
- Permissions to access all the resources on the SharePoint 2007 server.

 Regards.