(Not) Implementing MSIT Site Delete Capture LE

“Site Delete Capture LE” from Microsoft IT… cool idea, tricky to implement.  Here is the problem:

Attempts to delete a site result in “Access Denied” error messages in the site delete log files.  No corresponding events found in the Security Event logs, nor are we able to detect any “ACCESS DENIED” messages using procmon.exe.  What’s up? 

Well, in this thread:
one of the project authors suggests that the utility requires additional rights beyond the “least-priviledge” baseline, specifically, the account running your SharePoint WFE applicaiton pool needs to be a “Farm Administrator”, and it needs “Full Control” over the web application.

Much as I did not like this suggestion, I decided to give it a try in the test environment, but it fails anyway.  Further investigation reveals that the sharepoint WFE service account is not actaully capable of performing site backups.  If you log in as the service account, you cannot run any “stsadm” commands at all… every command results in “ACCESS DENIED”.

It turns out that stsadm.exe will not run without local administrator privs.  It also would seem (although I cannot prove it) that the Site Delete Capture utility is using stsadm functions to generate its snapshots.  Since I will not be giving our SharePoint WFE app pool local admin rights, I guess I cannot use this utility.  On to testing the Site Lifecycle Manager instead…

Cool Tools for SharePoint

Hey look… Microsoft IT has released some cool tools for SharePoint management:

Possibly of most use would be:
A utility to automatically backup sites upon deletion actions.

Site Lifecycle Management – a potential replacement for the hated “Site Expiration” process we have in place at present.