Risk and Health Assessment Program for SharePoint Server (MOSSRAP) – Scoping Tool

 

Overview

The MOSSRAP Scoping Tool verifies connectivity requirements, permissions requirements, and other prerequisites for successful execution of the MOSSRAP toolset. This is done by remotely querying the servers in the SharePoint farm. This information is required before proceeding with the request process.

Description
The tool does NOT make any changes to the environment. It simply uses standard operations such as WMI queries, SQL queries, port queries and so on. It is completely read-only.The tool is serial in nature and only attempts to perform a single check against a single server at a time. This means there should be relatively minimal network or target system overhead while the tool is running. This also means it may take it several minutes to complete depending upon the size of the farm.

Who should run this tool?The scoping tool must be run using an account that has:
Member of the local Administrators group on every SharePoint server in the farm
Member of the local Administrators group on every SQL server in the farm
Read permissions to every site in the farm (this can be granted via the web application policy in Central Administration)
Full permissions to the Central Administration site and the personalisation services for each Shared Services Provider (SSP) in the farm.
Member of the sysadmin role on every SQL instance used by the farm

What areas it report on?

The scoping tool runs through below areas to collect data and create report:
Port 135 (Netbios) Check to ensure port 135 is not blocked by a firewall.

Port 139 (Netbios) Check to ensure port 139 is not blocked by a firewall.

Port 445 (Microsoft-DS) Check to ensure port 445 is not blocked by a firewall.

Farm Topology The Farm Topology Check determines the topology and components within the SharePoint farm which will be used to run additional tests.

Farm Admin The Farm Admin Check verifies that the current logged on user has rights to access the farm which is required during your Risk Assessment from the tools machine

Metabase Access The Metabase check ensures that the IIS metabase can be queried remotely
Ping During the Risk Assessment network access to all machines is required. This check attempts to ping the remote machines via the NetBIOS name.

Remote Registry Access to the remote registry from the tools machine is required during your Risk Assessment. This check attempts to open the HKLM registry hive via the remote registry service.

Admin Shares Access to administrative shares is required during your Risk Assessment from the tools machine. This check attempts to enumerate through the administrative shares by querying the Win32_Shares WMI class.

Admin Access Access to the admin shares on the every server in the farm is required during your Risk Assessment.

Query Logman Logman.exe is used during the Risk Assessment to collect performance counters from the tools machine. This check ensures Logman.exe works against remote machines by running ‘logman.exe /query /s [machine]‘.

Log Parser 2.2 Logparser.exe is used during the Risk Assessment to collect and display information. This check verifies that LogParser 2.2 is installed on the local machine.

Windows Update Service Running This check verifies that the Windows Update service is running as required by the MBSA component during your Risk Assessment.

Latest Version of Windows Update Agent Installed The Automatic Updates service is used to ensure consistent application of Security and Critical Updates.

MBSA Installed Microsoft Baseline Security Assessment (MBSA) is used during the Risk Assessment to determine missing hotfixes. This check verifies that MBSA is installed on the local machine.

SysAdmin on Databases Checks to verify that the current user is a sysadmin on the content database instances. This is required in order to run the SQL BPA.

Server Service Running File and Print Services for Microsoft are required during your Risk Assessment for access to resources on the Servers and Nodes being checked. This check verifies that access to the Server Service is successful.

OS Language (Tools) Determines if the installed operating system Language is English on the computer running the tool. Currently, the tools machine must run an English language Windows Server operating system. Target systems may be non-English OS.

OS Locale (Tools) Determines if the installed operating system Locale is English (United States) on the computer running the tool. Currently, the tools machine must have Locale set as English (United States). Target systems may have non-English (United States) Locale.

Correct .NET Libraries Installed .NET Framework version 3.5 SP1 must be installed to ensure Tools are able to perform properly.

OS and SP Supportability Check Determines if the target operating system is supported or not. A RAP cannot be conducted against environments running unsupported products.
Separate Tools Computer Verifies that the tools computer is not a member of the farm being evaluated.
Loopback Check Security Feature Determines whether the loopback check security feature is enabled.

OS and SP RAP Supportability Check Determines if the target operating system and service pack have been tested for compatibility with the RAP. A RAP can be conducted against untested environments; however the RAP content is not validated or ensured to be functional. The delivery should proceed at the risk of the customer.

Got my test SharePoint 2010 environment checked, surprised with the result 3 failure and 4 warnings not bad lol.