SharePoint Classifier Guide

SharePoint Classifier Guide
UM643503
February 19
© Boldon James Ltd. All rights reserved.

Customer Documentation
This document is for informational purposes only, and Boldon James cannot guarantee the precision of any information supplied.
BOLDON JAMES MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
SharePoint Classifier Guide UM643503
Contents
1 Introduction ........................................................................................................................................... 4
1.1 Architecture Overview ............................................................................................................... 4
1.2 Migration from SharePoint Classifier Full Trust (SharePoint Classifier version 3.6 or earlier) . 6
2 Installation and Deployment ................................................................................................................ 7
2.1 Pre-deployment Configuration ................................................................................................... 7
2.1.1 SharePoint Configuration 7
2.1.1.1 Service Accounts ......................................................................................................... 7
2.1.1.2 Document Library for the Service Data ........................................................................ 8
2.1.1.3 Document Library for Client Files ................................................................................. 9
2.1.2 Windows Servers for Services and Website 9
2.1.3 Classifier Label Configuration 10
2.2 SharePoint Classifier Website for Clients ................................................................................ 11
2.2.1 Installation 11
2.2.2 Configuration 11
2.3 SharePoint Classifier Configuration Sweeper Service ............................................................ 12
2.4 SharePoint Classifier Item Sweeper Service ........................................................................... 12
2.5 SharePoint Classifier PowerShell Configuration ..................................................................... 13
3 SharePoint Classifier Service Configuration ................................................................................... 14
3.1 SharePoint Classifier Configuration Sweeper Service Tool .................................................... 14
3.1.1 SharePoint Authentication 14
3.1.1.1 Username .................................................................................................................. 14
3.1.1.2 Password ................................................................................................................... 15
3.1.1.3 Type ........................................................................................................................... 15
3.1.1.4 Proxy Server .............................................................................................................. 15
3.1.1.5 Test SharePoint Permissions ..................................................................................... 16
3.1.2 Service Configuration 18
3.1.2.1 Service Period (Seconds) .......................................................................................... 18
3.1.3 Data List 18
3.1.3.1 Site URL ..................................................................................................................... 18
3.1.3.2 List Name ................................................................................................................... 18
3.1.4 Client Files List 18
3.1.4.1 Site URL ..................................................................................................................... 18
3.1.4.2 List Name ................................................................................................................... 19
3.1.5 Clients Website 19
3.1.5.1 URL ............................................................................................................................ 19
3.1.6 Site Collections to Monitor 19
3.2 SharePoint Classifier Item Sweeper Service Configuration Tool ............................................ 19
boldonjames.com 2
3.2.1 SharePoint Authentication 20

3.2.2 Service Configuration 20
3.2.3 Data List 20
3.2.4 Site Collections to Monitor 20
4 SharePoint Classifier Configuration ................................................................................................. 21
4.1 Supported Settings .................................................................................................................. 21
4.1.1.1 Enabled ...................................................................................................................... 22
4.1.1.2 Propagate Labels ....................................................................................................... 23
4.1.1.3 Is this a Quarantine List? ........................................................................................... 23
4.1.1.4 ServiceURL ................................................................................................................ 23
4.1.1.5 Use Permissions Modification for Quarantining ......................................................... 24
4.1.1.6 Quarantine Site URL .................................................................................................. 24
4.1.1.7 Quarantine List Name ................................................................................................ 24
4.1.1.8 Apply Default Label .................................................................................................... 24
4.1.1.9 Default Label Name ................................................................................................... 25
4.1.1.10 Apply Clearance ......................................................................................................... 25
4.1.1.11 Clearance Name ........................................................................................................ 25
4.1.1.12 Stop Unlabelled .......................................................................................................... 26
4.2 Boldon James Classifier Settings ............................................................................................ 27
4.3 Boldon James SharePoint Classifier PowerShell Configuration ............................................. 29
4.3.1.1 Common Shared Parameters..................................................................................... 29
4.3.1.2 Get-BJSCSiteCollectionSettings ................................................................................ 30
4.3.1.3 Set-BJSCSiteCollectionSetting .................................................................................. 30
4.3.1.4 Get-BJSCSiteSettings ................................................................................................ 31
4.3.1.5 Set-BJSCSiteSetting .................................................................................................. 31
4.3.1.6 Get-BJSCLibrarySettings ........................................................................................... 31
4.3.1.7 Set-BJSCLibrarySetting ............................................................................................. 32
4.4 Setting SharePoint Classifier Settings directly on Property Bags ........................................... 32
5 SharePoint Classifier Functionality .................................................................................................. 33
5.1 Apply Default Classification ..................................................................................................... 33
5.2 Quarantine Items with Inappropriate Classification ................................................................. 33
5.2.1 Inappropriate Classification Reasons 34
5.2.1.1 Classifier Clearance Failure ....................................................................................... 34
5.2.1.2 Unclassified Failure .................................................................................................... 34
5.2.2 Quarantine Options 34
5.2.2.1 Quarantine List ........................................................................................................... 34
5.2.2.2 Permissions Modification ........................................................................................... 35
5.2.2.3 Quarantine Notification Email ..................................................................................... 36
5.3 Adding SharePoint Classifier functionality to a Document Library .......................................... 36
6 User View of SharePoint Classifier ................................................................................................... 37
6.1 Library View ............................................................................................................................. 37
6.2 Uploading a File ....................................................................................................................... 37
6.3 Viewing and Changing Label Value after upload .................................................................... 37
6.4 Inappropriate Classification ..................................................................................................... 39
7 Interworking with Classifier applications ........................................................................................ 40
boldonjames.com 3
1 INTRODUCTION
This document summarises the features supported by Boldon James SharePoint Classifier.
SharePoint Classifier extends SharePoint to present Classifier applied Label values in document
library columns. Uploading a labelled file will propagate the label into the document library columns.
Items already in a document library can have Label values applied and changed using SharePoint
Classifier.
The Label values supported are as defined by a Classifier Configuration as established using
Classifier Administration. See the Classifier Administration Guide for details on running Classifier
Administration.
Note: Throughout this document, Administration Guide means Administration Guide or Administration
Server Guide depending upon whether you are using the Administration Console or Administration
Server environment.
See SharePoint Classifier Functionality for a description of the functionality that SharePoint
Classifier provides.
1.1 Architecture Overview

SharePoint Classifier is not a tightly coupled full trust SharePoint solution but uses a loosely
coupled model using public APIs and extensibility frameworks. This allows consistent functionality
across all of the SharePoint platforms supported by SharePoint Classifier and includes platforms
such as SharePoint Online in Office 365 where full trust solutions are not supported.
The product is supplied as the SharePoint Classifier Bundle which contains:
 Boldon James SharePoint Classifier Website for Clients.
 Boldon James SharePoint Classifier Configuration Sweeper Service.
 Boldon James SharePoint Classifier Item Sweeper Service.
 Boldon James SharePoint Classifier PowerShell Configuration.
The SharePoint Classifier Website for Clients provides the Classifier configuration for the
SharePoint Client label dialog. This website installs into an IIS website on a Windows Server. This
IIS website must be accessible from all client machines where users will be accessing the
SharePoint Classifier functionality.
The SharePoint Classifier Configuration Sweeper Service is a Windows Service which monitors the
SharePoint environment for changes to the SharePoint configuration using the SharePoint client-
side object model (CSOM) API. This service monitors the SharePoint environment for changes
using the SharePoint Change Log and enables/disables the SharePoint Classifier functionality on
document libraries based on settings on SharePoint property bags at the site collection, site and
document library level.
The SharePoint Classifier Item Sweeper Service is a Windows Service which monitors the
SharePoint environment for changes to the items in document libraries using the SharePoint client-
side object model (CSOM) API. This service monitors the SharePoint environment for changes
using the SharePoint Change Log and applies SharePoint Classifier functionality to items in
document libraries when the items are changed. The SharePoint Classifier functionality is derived
from settings on the SharePoint property bags at the site collection, site and document library level.
boldonjames.com 4
The SharePoint Classifier PowerShell Configuration allows the SharePoint Classifier settings to be
read, written and removed from the SharePoint property bags at the site collection, site and
document library level using the SharePoint client-side object model (CSOM) API.
These four separate components work together to allow SharePoint Classifier to be configured and
provide the SharePoint Classifier Functionality.
Figure 1 shows an overview of the SharePoint Classifier architecture.
SharePoint 2013 Collection/Site/

SharePoint 2016 Document Library
SharePoint OnLine Properties
SharePoint CSOM API

SharePoint JSOM API
HTTP/HTTPS
SharePoint SharePoint SharePoint SharePoint

Classifier Classifier Classifier Classifier
Website for Item Configuration PowerShell
Clients Sweeper Sweeper Configuration
Service Service
Classifier
SharePoint User Configuration
Classifier
Administration
Figure 1
boldonjames.com 5
1.2 Migration from SharePoint Classifier Full Trust (SharePoint

Classifier version 3.6 or earlier)
Do not uninstall SharePoint Classifier Full Trust until all document libraries where SharePoint
Classifier is used have either been migrated to the new SharePoint Classifier or has SharePoint
Classifier Full Trust disabled.
Process for migrating from the existing SharePoint Classifier Full Trust to the new SharePoint
Classifier.
1. Install and configure the new SharePoint Classifier.
2. If using Classifier Clearance security trimming in SharePoint Classifier Full Trust ensure this
is disabled on all document libraries and these libraries have “Propagate Labels” set.
3. When the new SharePoint Classifier is enabled on a document library with SharePoint
Classifier Full Trust then the new SharePoint Classifier disables the SharePoint Classifier
Full Trust functionality and then enabled the new SharePoint Classifier functionality.
4. When all document libraries where SharePoint Classifier Full Trust is enabled have either
been migrated to the new SharePoint Classifier or had SharePoint Classifier Full Trust
disabled then the SharePoint Classifier Full Trust solution “boldon james sharepoint
classifier.wsp” can be retracted then uninstalled from the SharePoint environment.
Please note the SharePoint Classifier Full Trust supported SharePoint Server 2010 and SharePoint
Server 2013. The new SharePoint Classifier supports SharePoint Server 2013, SharePoint Server
2016 and SharePoint Online in Office 365. So, these migration instructions only apply to SharePoint
Classifier Full Trust installation in SharePoint Server 2013.
boldonjames.com 6
2 INSTALLATION AND DEPLOYMENT

The product is supplied as the SharePoint Classifier Bundle which contains:
 Boldon James SharePoint Classifier Website for Clients.
 Boldon James SharePoint Classifier Configuration Sweeper Service.
 Boldon James SharePoint Classifier Item Sweeper Service.
 Boldon James SharePoint Classifier PowerShell Configuration.
Note: Environment information (including supported platforms) for each of the above is provided in
the Release Notes found under SharePoint Classifier Bundle \ <Product>
2.1 Pre-deployment Configuration

Before installing SharePoint Classifier certain pre-deployment configuration is required.
2.1.1 SharePoint Configuration

2.1.1.1 Service Accounts
Accounts are required for the SharePoint Classifier Configuration Sweeper Service and Item
Sweeper Service to access the SharePoint environment. Both services require the same
SharePoint permission levels and can use the same account, but due to throttling in SharePoint we
would advise using different accounts for the services.
These accounts only require SharePoint permissions. They do not require logon or “logon as a
service” permissions on the servers where the SharePoint Classifier Configuration Sweeper Service
and Item Sweeper Service are installed.
The SharePoint permission levels required for the accounts are:
List Permissions
Manage Lists
Add Items
Edit Items
Delete Items
View Items
Open Items
View Versions
Create Alerts
Manage Alerts
Site Permissions
Manage Permissions
boldonjames.com 7
Manage Web Site

Add and Customize Pages
Browse Directories
View Pages
Enumerate Permissions
Browse User Information
Use Remote Interfaces
Open
The service accounts must be assigned these permissions to the site collections SharePoint
Classifier Configuration Sweeper Service or Item Sweeper Service are monitoring. If these
permissions are not inherited to the sites and/or the document libraries within these sites then they
must have these permissions assigned to them at the appropriate level.
Note: If these SharePoint permission levels are not assigned to the service accounts then SharePoint
Classifier will not operate correctly.
Note: If the service accounts do not have these permissions assigned at the site collection, site or
document library level where SharePoint Classifier is required then SharePoint Classifier will not
operate correctly.
Note: If the service accounts have no permissions for one or more sites in a site collection then
SharePoint Classifier functionality will not be available for that site collection. Test SharePoint
Permissions in the Configuration Tools allows sites and lists which have no access or incorrect
permissions for the service accounts to be identified.
Note: The SharePoint Classifier Configuration Sweeper Service and the SharePoint Classifier
Item Sweeper Service generate Windows event log entries when a site, document library or
document library item has no access or incorrect permissions for the service accounts. These
Classifier Windows event log entries can be used to determine if there are access or permission
issues within SharePoint for the service accounts.
Note: It is recommended that a SharePoint Permission Level is created with these permissions and
this assigned to the SharePoint Group. The service accounts can then be added into the SharePoint
group and will have the correct permissions applied to them. Refer to Understanding permission
levels in SharePoint in the Microsoft SharePoint documentation more information on SharePoint
Permission Levels and SharePoint Groups.
2.1.1.2 Document Library for the Service Data
The SharePoint Classifier Configuration Sweeper Service and Item Sweeper Services store their
current state in a SharePoint Document Library. This Document Library should be configured in
SharePoint before installing and configuring SharePoint Classifier. The Service Accounts created in
Service Accounts require access to this Document Library using the permissions specified in
Service Accounts. Users do not require access to this Document Library and we do not advise
enabling SharePoint Classifier on this Document Library.
The URL of the SharePoint site containing this Document Library and the Document Library Name
are required when configuring the Configuration Sweeper Service and the Item Sweeper Service.
boldonjames.com 8
Note: This document library can be shared between multiple instances of the SharePoint Classifier
Configuration Sweeper Service and Item Sweeper Services.
Note: The state data from the SharePoint Classifier Configuration Sweeper Service and Item Sweeper
Services are stored in the document library when these services shutdown. The data they store should
not be modified unless instructed by Boldon James support.
2.1.1.3 Document Library for Client Files
The client files (primarily HTML, CSS and JavaScript files) used for the Classifier user interface in
SharePoint are stored in a SharePoint Document Library. The Service Accounts created in Service
Accounts require access to this Document Library using the permissions specified in Service
Accounts. Users only require read access to this Document Library and we do not advise enabling
SharePoint Classifier on this Document Library.
The URL of the SharePoint site containing this Document Library and the Document Library Name
are required when configuring the SharePoint Classifier Configuration Sweeper Service.
When they are loaded into a SharePoint user’s client web browser they communicate with:
 The SharePoint Classifier Website for Clients over HTTP/HTTPS to perform Classifier
functionality in the SharePoint Classifier user interfaces in SharePoint.
 The SharePoint environment using the SharePoint JavaScript object model (JSOM) API to
access SharePoint data.
Note: A separate document library for client files is required for each instance of the SharePoint
Classifier Configuration Sweeper Service.
Note: The contents of a document library for client files is populated when the SharePoint Classifier
Configuration Sweeper Service instance using that document library starts.
2.1.2 Windows Servers for Services and Website
At least one Windows Server is required to install the SharePoint Classifier Configuration Sweeper
Service, Item Sweeper Service and Website for Clients. All three of these products can be installed
on the same or separate Windows Servers.
Note: There can only be one installed copy of the SharePoint Classifier Configuration Sweeper
Service, Item Sweeper Service and Website for Clients on each server, but the SharePoint Classifier
Configuration Sweeper Service, Item Sweeper Service and Website for Clients products can all be
installed on the same server.
Multiple installations of the SharePoint Classifier Configuration Sweeper Service, Item Sweeper
Service and Website for Clients on multiple Windows Servers is supported.
Note: If you intend to use multiple installations of the SharePoint Classifier Configuration Sweeper
Service or Item Sweeper Service then it is recommended that each service installation has its own
Service Account. Using the same Service Account for multiple service installations increases the
possibility that SharePoint will throttle the Service Account and result in degraded performance of the
services.
boldonjames.com 9
Installations of the SharePoint Classifier Configuration Sweeper Service on different Windows

Servers must be configured to monitor different site collections. It is not recommended that multiple
SharePoint Classifier Configuration Sweeper Services monitor the same site collections. By using
different SharePoint Classifier Configuration Sweeper Services to monitor different site collections it
is possible apply different Classifier Configuration Policies to site collections.
Installations of the SharePoint Classifier Item Sweeper Service on different Windows Servers must
be configured to monitor different site collections. It is not recommended that multiple SharePoint
Classifier Item Sweeper Services monitor the same site collections. By using different SharePoint
Classifier Item Sweeper Services to monitor different site collections it is possible apply different
Classifier Configuration Policies to site collections.
Multiple installations of the SharePoint Classifier Website for Clients can be configured to use
different Classifier Configuration Policies so site collections, sites or document libraries can be
configured to use different Classifier Configuration Policies.
Multiple installations of the SharePoint Classifier Website for Clients can be placed behind a load
balancing solution. In this scenario all of the installations of the SharePoint Classifier Website for
Clients behind load balancing solution must be using the same Classifier Configuration Policy.
Note: It is recommended that the SharePoint Classifier Configuration Sweeper Service, Item Sweeper
Service and Website for Clients configured for a site collection use the same Classifier Configuration
Policy. If they do not use the same Classifier Configuration Policy then the Classifier functionality may
not be consistent due to differences between the Classifier Configuration Policies in use.
Note: The release notes for the SharePoint Classifier Configuration Sweeper Service, Item Sweeper
Service and Website for Clients specify which versions of Windows Server they support and the
prerequisites they require. Reference these release notes so ensure that the Windows Servers are
valid for the products you are installing on them.
2.1.3 Classifier Label Configuration
The following steps are required to establish a working SharePoint Classifier installation for the
SharePoint Classifier Website for Clients, Configuration Sweeper Service and Item Sweeper
Service:
1. Apply your SharePoint Classifier licence to your Classifier Configuration using Classifier
Administration Global Settings / Licence mechanisms.
2. Ensure that the updated configuration is Published (using Classifier Administration /
Publish) to a location accessible to your intended SharePoint server.
3. Ensure that the relevant Classifier configuration registry keys are set on the server that is to
run the SharePoint Classifier Website for Clients, Configuration Sweeper Service and/or
Item Sweeper Service to indicate the Location of the Configuration (File Store or Active
Directory), the Name of the Configuration and the Classifier Policy to be used. For
example, if the Classifier Configuration is published via File Store, then set up the following
registry entries with the relevant site values:
HKEY_LOCAL_MACHINE\SOFTWARE\Boldon James\ConfigManager
ServerRootType REG_DWORD 0
ServerFileSystemRoot REG_SZ \\ICS-SVR-1\Classifier Configuration
LabelConfiguration REG_SZ Classifier Test
Policy REG_SZ All users
boldonjames.com 10
(Further details can be found in the Classifier Administration Guide Configuration

Deployment section).
Note: SharePoint Classifier Website for Clients, Configuration Sweeper Service and Item
Sweeper Service use a single Classifier Policy. All users of those services will see the same
label selectors and selector values.
2.2 SharePoint Classifier Website for Clients

The SharePoint Classifier Website for Clients provides the Classifier configuration for the
SharePoint Client label dialog. This website installs into an IIS website on a Windows Server. This
IIS website must be accessible from all client machines where users will be accessing the
SharePoint Classifier functionality.
The client files in the Document Library for Client Files communicate with the SharePoint Classifier
Website for Clients when they are loaded into a SharePoint user’s client web browser. They
communicate over HTTP/HTTPS to perform Classifier functionality in the SharePoint Classifier user
interfaces in SharePoint.
2.2.1 Installation
The installation instructions for SharePoint Classifier Website for Clients are included on the
product’s Release Note.
2.2.2 Configuration
The SharePoint Classifier Website for Clients requires a correctly configured Classifier Label
Configuration.
You will need the URL that client machines will use to access this website when configuring the
SharePoint Classifier Configuration Sweeper Service. This URL will be determined by the method
you will be using to provide access to the SharePoint Classifier Website for Clients from your client
machines.
Depending on the environment the URL may be based on a server name, a fully qualified domain
name or an IP address. Which you use is dependent on how your client machines will locate the
server or network device that provides access to the server or servers running the SharePoint
Classifier Website for Clients.
Depending on whether you are using HTTP or HTTPS bindings and if a custom port number is used
then the URL will need to include this information.
Some SharePoint Classifier Website for Clients URL examples are shown below:
Using the server name “TheServer” over HTTP with the standard port number 80: Error! Hyperlink
reference not valid.http://TheServer/
Using the fully qualified domain name “TheServer.my.domain” over HTTPS with the standard port
number 443: https://TheServer.my.domain/
Using the IP address “10.0.0.1” over HTTP with a customer port number of 8080:
http://10.0.0.1:8080/
boldonjames.com 11
Note: The website must be configured to use HTTP or HTTPS bindings and can use standard or
custom ports. If you are using Office 365’s SharePoint Online or another SharePoint environment
which uses HTTPS then the website for the SharePoint Classifier Website for Clients must be
configured to use a HTTPS binding and the SSL certificate for the HTTPS binding must be fully trusted
by all client browsers used to access SharePoint.
Note: This website must be accessible from all client computers and devices where users will be
accessing the SharePoint Classifier functionality. The website does not need to be accessible from
the SharePoint environment. It only needs to accessible from the client computers and devices where
users will be accessing the SharePoint environment.
2.3 SharePoint Classifier Configuration Sweeper Service

The SharePoint Classifier Configuration Sweeper Service is a Windows Service which monitors the
SharePoint environment for changes to the SharePoint configuration using the SharePoint client-
side object model (CSOM) API.
This service monitors the SharePoint environment for changes using the SharePoint Change Log
and enables/disables the SharePoint Classifier functionality on document libraries based on settings
on SharePoint property bags at the site collection, site and document library level. It installs the
client files into the Clients Files List specified in the services configuration.
2.3.1 Installation
The installation instructions for SharePoint Classifier Configuration Sweeper Service are included
on the product’s Release Note.
2.3.2 Configuration
The SharePoint Classifier Configuration Sweeper Service requires a correctly configured Classifier
Label Configuration.
The SharePoint Classifier Configuration Sweeper Service Configuration Tool is installed with the
SharePoint Classifier Configuration Sweeper Service. This tool is used to configure the SharePoint
Classifier Configuration Sweeper Service installation on an individual server.
2.4 SharePoint Classifier Item Sweeper Service

The SharePoint Classifier Item Sweeper Service is a Windows Service which monitors the
SharePoint environment for changes to the items in document libraries using the SharePoint client-
side object model (CSOM) API.
This service monitors the SharePoint environment for changes using the SharePoint Change Log
and applies SharePoint Classifier functionality to items in document libraries when the items are
changed. The SharePoint Classifier functionality is derived from settings on the SharePoint property
bags at the site collection, site and document library level.
2.4.1 Installation
The installation instructions for SharePoint Classifier Item Sweeper Service are included on the
boldonjames.com 12
2.4.2 Configuration
The SharePoint Classifier Item Sweeper Service requires a correctly configured Classifier Label
Configuration.
The SharePoint Classifier Item Sweeper Service Configuration Tool is installed with SharePoint
Classifier Item Sweeper Service. This tool is used to configure the SharePoint Classifier Item
Sweeper Service installation on an individual server.
2.5 SharePoint Classifier PowerShell Configuration

The SharePoint Classifier PowerShell Configuration allows the SharePoint Classifier settings to be
read, written and removed from the SharePoint property bags at the site collection, site and
document library level using the SharePoint client-side object model (CSOM) API.
2.5.1 Installation
The installation instructions for SharePoint Classifier PowerShell Configuration are included on the
2.5.2 Configuration
The SharePoint Classifier PowerShell Configuration does not require a Classifier Label
Configuration.
boldonjames.com 13
3 SHAREPOINT CLASSIFIER SERVICE

CONFIGURATION
3.1 SharePoint Classifier Configuration Sweeper Service Tool
SharePoint Classifier Configuration Sweeper Service Configuration Tool

The SharePoint Classifier Configuration Sweeper Service Configuration Tool is used to set the
configuration for a SharePoint Classifier Configuration Sweeper Service installation on an individual
server. The SharePoint Classifier Configuration Sweeper Service monitors SharePoint site
collections and configures SharePoint Classifier functionality in those site collections and the
document libraries contained within the sites in those site collections.
The SharePoint Classifier Item Sweeper Service Configuration Tool and the SharePoint Classifier
Configuration Sweeper Service Configuration Tool contain similar configuration options but they
have separate configurations and both must be configured correctly.
3.1.1 SharePoint Authentication
This specifies the credentials for the Service Account that will used to access the SharePoint
environments.
3.1.1.1 Username
This is the user name for the Service Account. This account can be entered as the
DOMAIN/USERNAME format for SharePoint environments using AD authentication or
USERNAME@TENANT.EMAIL.ADDRESS format for SharePoint Online.
boldonjames.com 14
3.1.1.2 Password
This is the password for the user name. It is encrypted before being stored.
3.1.1.3 Type
This is type of authentication the SharePoint environment is using. The authentication types
supported are:
 Default Authentication Current Credentials
 Default Authentication Supplied Credentials
 Anonymous Authentication
 Forms Based Authentication Supplied Credentials
 SharePoint Online Authentication Supplied Credentials
On premises SharePoint environments support Default Authentication, Anonymous Authentication
and Forms based Authentication. Default Authentication is the standard authentication type for on
premises SharePoint environments.
SharePoint Online in Office 365 only supports SharePoint Online Authentication.
The different between Default Authentication Current Credentials and Default Authentication
Supplied Credentials is that for Supplied Credentials the user name and password entered into the
configuration tool are used to authenticate to the SharePoint environment. For Current Credentials
the credentials of the user the “Boldon James SharePoint Classifier Configuration Sweeper Service”
Windows Service is running as are used.
When initially installed the “Boldon James SharePoint Classifier Configuration Sweeper Service
Windows Service runs as the “Network Service” account. This can be changed to be the Service
Account used to access SharePoint in the Windows Server “Services” tool. When using Current
Credentials user name and password are not required.
The choice between Current Credentials or Supplied Credentials is only available with Default
Authentication.
3.1.1.4 Proxy Server
The “Proxy Server” button opens the “Proxy Server” Dialog.
boldonjames.com 15
Proxy Server
The “Proxy Server” dialog gives the option of using a Web Proxy server for the communication
between the Service and the SharePoint environment. The use of a Web Proxy server is optional
and its configuration will depend on the end user’s environment.
3.1.1.5 Test SharePoint Permissions
The “Test SharePoint Permissions” button opens the “Test SharePoint Permissions” dialog.
Test SharePoint Permissions
The “Test SharePoint Permissions” dialog allows the settings in the configuration tool to be tested.
A username and password for a user with access to the Site Collections To Monitor in SharePoint is
required. This user is used to determine if the Service Account specified in the configuration tool
has the required access and permissions to these sites and lists within the Site Collections To
Monitor. This user must be able to access all of the sites and lists within the Site Collections To
Monitor to allow the Service Account’s access and permissions to be checked.
Note: The user used for the Test SharePoint Permissions should not be the Service Account. If the
Service Account user is used it will not be possible to determine the sites and lists which have no
access or incorrect permissions for the Service Account.
boldonjames.com 16
Clicking on the “Start Testing” button tests the settings in the configuration tool.
The settings it tests are:
 Tests that the Service Account has the required access and permissions to the Site
Collections To Monitor.
 Tests that the Service Account has the required access and permissions to the Data List.
 Tests that the Service Account has the required access and permissions to the Client Files
List.
 Tests that the Clients Website can be accessed. If it can be accessed basic information
about the Clients Website configuration is displayed.
This testing can take a significant amount of time depending on the complexity of the Site
Collections To Monitor. When the testing is taking place a progress bar is shown.
When the testing is complete the results are shown on the dialog. These results detail problems
with the four areas that are tested. The results can be saved or printed using the buttons on the
dialog.
Note: For the Site Collections To Monitor only the sites and lists with access or permission problems
are included in the results. Sites and lists where the access and permissions are correct are not
shown.
Note: SharePoint Classifier cannot set the required access or permissions on the sites and lists in
the Site Collections To Monitor. Please refer to the Service Accounts section on the permissions
that are required for SharePoint Classifier to operate.
boldonjames.com 17
3.1.2 Service Configuration

3.1.2.1 Service Period (Seconds)
This specifies how often the service checks for changes to the SharePoint and SharePoint Classifier
configuration.
3.1.3 Data List
This Document Library for the Service Data is where the service stores its state data. This
document library should have been created as part of the pre-deployment configuration. These
settings specify the location for that document library.
3.1.3.1 Site URL
The URL of the SharePoint site containing the Document Library for the Service Data which will
store the service data.
3.1.3.2 List Name
The name of the Document Library for the Service Data in that site which will store the service data.
3.1.4 Client Files List
The client files used for the Classifier user interface in SharePoint are stored in a Document Library
for Client Files. This should have been created as part of the pre-deployment configuration. These
settings specify the location for that document library.
The SharePoint Classifier Configuration Sweeper Service installs the files into this document library
when the service starts up.
3.1.4.1 Site URL
The URL of the SharePoint site containing the Document Library for Client Files which will contain
the client files used for the Classifier user interface.
boldonjames.com 18
3.1.4.2 List Name
The name of the Document Library for Client Files in that site which will contain the client files used
for the Classifier user interface.
3.1.5 Clients Website
This specifies the URL of the Boldon James SharePoint Classifier Website for Clients.
3.1.5.1 URL
The URL for the Boldon James SharePoint Classifier Website for Clients.
3.1.6 Site Collections to Monitor
This specifies the SharePoint site collections that this service will monitor. Multiple site collections
can be monitored by entering the site collection URLs on separate lines.
3.2 SharePoint Classifier Item Sweeper Service Configuration Tool
Boldon James SharePoint Classifier Item Sweeper Service
The SharePoint Classifier Item Sweeper Service Configuration Tool is used to set the configuration
for the SharePoint Classifier Item Sweeper Service. The SharePoint Classifier Item Sweeper
Service monitors SharePoint site collections for changes to document library items and when
required performs SharePoint Classifier processing on those items when changes occur.
boldonjames.com 19
The SharePoint Classifier Item Sweeper Service Configuration Tool and the SharePoint Classifier
Configuration Sweeper Service Configuration Tool contain similar configuration options but they
have separate configurations and both must be configured correctly.
3.2.1 SharePoint Authentication
See SharePoint Authentication for the options supported.
Note: The Test SharePoint Permissions results for the Item Sweeper Configuration Tool do not
contain results for the Clients Files List or Clients Website as these settings are only available on
the Configuration Sweeper Configuration Tool.
3.2.2 Service Configuration
See Service Configuration for the options supported.
3.2.3 Data List
See Data List for the options supported.
3.2.4 Site Collections to Monitor
See Site Collections To Monitor for the options supported.
boldonjames.com 20
4 SHAREPOINT CLASSIFIER CONFIGURATION

SharePoint Classifier functionality can be configured in three ways, using:
 Boldon James Classifier Settings
 SharePoint Classifier PowerShell Configuration
 Setting SharePoint property bag settings directly
Boldon James Classifier Settings web page allows the settings to set easily accessed using the
SharePoint web interface.
The SharePoint Classifier PowerShell Configuration allows the settings to be set using Microsoft
PowerShell commands. This is primarily for, but not limited to, SharePoint provisioning systems
which cannot set SharePoint property bag settings directly.
Setting SharePoint property bag setting directly is primarily for, but not limited to, SharePoint
provisioning systems which can set property bag settings directly.
When SharePoint Classifier settings are modified they are applied to the SharePoint environment by
the SharePoint Classifier Configuration Sweeper Service and the SharePoint Classifier
Configuration Item Service. These services monitor the SharePoint environment for changes to the
SharePoint Classifier settings and apply them to the SharePoint environment.
NOTE: The SharePoint Classifier Configuration Sweeper Service and the SharePoint Classifier
Configuration Item Service monitoring the SharePoint site collection where the SharePoint Classifier
settings have been applied must both be running for that the SharePoint Classifier settings to be
applied correctly.
NOTE: The SharePoint Classifier Configuration Sweeper Service and the SharePoint Classifier
Configuration Item Service only check for changes to the SharePoint environment periodically. The
SharePoint Classifier settings will only be applied once a SharePoint Classifier Configuration Sweeper
Service and a SharePoint Classifier Configuration Item Service have successfully processed those
changes.
4.1 Supported Settings

SharePoint Classifier settings can be set at the site collection, site and document library level. The
individual settings at these levels are hierarchical.
 If a setting is present at the document library level it will be used for that document library.
 If the document library level setting is not present then a site level setting will be used
for that document library.
 If a document library or site level setting is not present then a site collection
level setting is used.
 If no setting is present at the document library, site or site collection
level then that setting is disabled.
The SharePoint Classifier settings and the level they are supported at are shown below:
Setting Name Supported at Supported at Supported at
Site Collection Level Site Level Document Library Level
boldonjames.com 21
Enabled 
Propagate Labels 
Is This a Quarantine List? 
ServiceURL   
Use Permissions Modification   

for Quarantining
Quarantine Site URL   
Quarantine List Name   
Apply Default Label   
Default Label Name   
Apply Clearance   
Clearance Name   
Stop Unlabelled   
The SharePoint property bags names of the SharePoint Classifier settings for the three levels are
shown below:
Setting Name Property Bag Setting Name at Property Bag Setting Name at Property Bag Setting Name at
Site Collection Level Site Level Document Library Level
Enabled bjSPAEnable
Propagate Labels bjSPAPropogateLabels
Is This a Quarantine bjSPAQuarantine
List?
ServiceURL bjSPASCInternalServiceURL bjSPAInternalServiceURL bjSPAInternalServiceURL
Use Permissions bjSPASCQuarantinePermissions bjSPAQuarantinePermissions bjSPAQuarantinePermissions
Modification for
Quarantining
Quarantine Site URL bjSPASCQuarantineSiteUrl bjSPAQuarantineSiteUrl bjSPAQuarantineSiteUrl
Quarantine List bjSPASCQuarantineListName bjSPAQuarantineListName bjSPAQuarantineListName
Name
Apply Default Label bjSPASCApplyDefaultLabel bjSPAApplyDefaultLabel bjSPAApplyDefaultLabel
Default Label Name bjSPASCDefaultLabel bjSPADefaultLabel bjSPADefaultLabel
Apply Clearance bjSPASCApplyClearance bjSPAApplyClearance bjSPAApplyClearance
Clearance Name bjSPASCClearance bjSPAClearance bjSPAClearance
Stop Unlabelled bjSPASCStopUnlabelled bjSPAStopUnlabelled bjSPAStopUnlabelled
NOTE: Site collection level settings are stored on the property bag in the root site of the site collection.
NOTE: Site level settings are stored on the property bag of that site.
NOTE: Document library level settings are stored on the root folder’s property bag in that document
library.
NOTE: All property bag setting names are case sensitive and must be used exactly as shown.
4.1.1.1 Enabled
The “Enabled” setting is only supported at the document library level.
boldonjames.com 22
This setting sets whether SharePoint Classifier functionality is enabled or disabled on a document
library.
The supported values are:
 1 – When this setting has the value 1 then SharePoint Classifier functionality is enabled on
that document library.
 All other values or the setting not being present means that all SharePoint Classifier
functionality is disabled on the document library.
4.1.1.2 Propagate Labels
The “Propagate Labels” setting is only supported at the document library level and requires the
“Enabled” setting to be configured correctly.
This setting propagates any existing classifications from the items in a document library into the
SharePoint Classifier fields and applies SharePoint Classifier functionality based on those
classifications.
 1 – When this setting has the value 1 then existing Classifications are propagated.
 All other values or the setting not being present means this functionality is disabled.
4.1.1.3 Is this a Quarantine List?
The “Is this a Quarantine List?” setting is only supported at the document library level and requires
the “Enabled” setting to be configured correctly.
This setting defines a list as a quarantine list.
 1 – When this setting has the value 1 then the list is a quarantine list.
4.1.1.4 ServiceURL
The “ServiceURL” setting is supported at the site collection, site and document library level.
This setting defines the complete URL for the Boldon James SharePoint Classifier Website for
Clients.
The value of the “ServiceURL” setting is the URL for the Boldon James Website for Clients with the
path “/SCClients” added. E.g. the URL for the IIS website hosting the Boldon James Website for
Clients is https://this.is.a.url so the “ServiceURL” setting value would be
https://this.is.a.url/SCClients
Note: A site collection level “ServiceURL” setting is automatically created by the Boldon James
Configuration Sweeper Service when it is set to monitor a site collection. This can be overwritten at
the site or document library level by setting appropriate values for the setting at the site or document
library level.
boldonjames.com 23
4.1.1.5 Use Permissions Modification for Quarantining
The “Use Permissions Modification for Quarantining” setting is supported at the site collection, site
and document library level.
This setting defines the type of quarantining that occurs when items with Inappropriate
Classifications are added or updated in a document library.
 1 – When this setting has the value 1 then items with Inappropriate Classifications will be
quarantined using Permissions Modification.
 All other values or the setting not being present then items with Inappropriate Classifications
will be quarantined using a Quarantine List. The Quarantine Site URL and Quarantine List
Name must be configured to use quarantining to a Quarantine List.
4.1.1.6 Quarantine Site URL
The “Quarantine Site URL” setting is supported at the site collection, site and document library level.
This setting is only used when the “Use Permissions Modification for Quarantining” setting is
disabled or not present.
This setting defines the URL for the SharePoint site which contains the quarantine list defined in the
“Quarantine List Name” setting.
Note: The “Quarantine List Name” setting defines the name of the document library configured as a
quarantine list.
4.1.1.7 Quarantine List Name
The “Quarantine List Name” setting is supported at the site collection, site and document library
level.
This setting is only used when the “Use Permissions Modification for Quarantining” setting is
disabled or not present.
This setting defines the name of a document library configured as a quarantine list. The SharePoint
site which contains this document library is defined in the “Quarantine Site URL” setting.
Note: The “Quarantine Site URL” setting defines the URL for the SharePoint site which contains this
document library configured as a quarantine list.
4.1.1.8 Apply Default Label
The “Apply Default Label” setting is supported at the site collection, site and document library level.
This setting defines whether a default classification is applied to unclassified items when they are
added or updated in a document library with SharePoint Classifier enabled.
 1 – When this setting has the value 1 then a default classification will be applied.
boldonjames.com 24
NOTE: The “Default Label Name” setting specifies the default label which will be applied to
unclassified items when this setting is enabled.
4.1.1.9 Default Label Name
The “Default Label Name” setting is supported at the site collection, site and document library level.
This setting contains the Name of a “Default Label” entry from a Classifier Configuration Policy
which can be configured using Classifier Administration  Label Configurations <label
configuration name>  Policies  <policy name>  Default Label tab.
NOTE: The “Apply Default Label” setting determines if this setting is used.
NOTE: “Default Label” names are defined within a Classifier Configuration Policy. The Name specified
here must be a name of a “Default Label” library entry contained within the Classifier Configuration
Policy being used by the Boldon James SharePoint Classifier Item Sweeper Service monitoring this
site collection.
NOTE: If the “Default Label Name” setting does not exist, does not contain a value or the value
contains the name of the “Default Label” library entry which does not exist then a default classification
will not be set.
4.1.1.10 Apply Clearance
The “Apply Clearance” setting is supported at the site collection, site and document library level.
This setting defines whether a Classifier Clearance is applied to items when they are added or
updated in the document library with SharePoint Classifier enabled.
The “Clearance Name” specifies the Classifier Clearance which will be applied to items.
 1 – When this setting has the value 1 then a Classifier Clearance will be applied.
Note: The “Clearance Name” setting specifies the Classifier Clearance which will be applied to items.
4.1.1.11 Clearance Name
The “Clearance Name” setting is supported at the site collection, site and document library level.
This setting contains the Name of a “Clearance Library” entry from a Classifier Label Configuration
which can be configured using Classifier Administration  Label Configurations <label
configuration name>  Clearance Settings  Clearance Library.
Note: The “Apply Clearance” setting determines if this setting is used.
NOTE: “Clearance Library” names are defined within a Classifier Configuration Policy. The Name
specified here must be a name of a “Clearance Library” library entry contained within the Classifier
Configuration Policy being used by the Boldon James SharePoint Classifier Item Sweeper Service
monitoring this site collection.
boldonjames.com 25
Note: If the “Clearance Name” setting does not exist, does not contain a value or the value contains
the name of the “Clearance Library” entry which does not exist then a Classifier Clearance will not be
applied.
Note: The SharePoint Classifier label dialog will be masked using the “Clearance Library” entry’s
Classifier Clearance to stop users selecting an inappropriate classification for an item in SharePoint.
This masking of the label dialog is only present when using the SharePoint Classifier label dialog. Any
other Classifier applications used to classify an item in this document library will be not have masking
applied using this Classifier Clearance.
Note: If the clearance value of the “Clearance Library” entry is changed then the updated clearance
value will be applied to items in the document libraries where it applies when the SharePoint Classifier
Configuration Sweeper Service is restarted.
4.1.1.12 Stop Unlabelled
The “Stop Unlabelled” setting is supported at the site collection, site and document library level.
This setting defines whether unclassified items can be added or updated in a document library with
SharePoint Classifier enabled.
 1 – When this setting has the value 1 then unclassified items cannot be added or updated.
 All other values or the setting not being present means this functionality is disabled. When
this setting is disabled both classified and unclassified items can be added or updated.
boldonjames.com 26
4.2 Boldon James Classifier Settings
Boldon James Classifier Settings
The Boldon James Classifier Settings is accessed from the settings context menu in the SharePoint
web interface.
This option opens the Classifier Settings page for the current site collection. From this page settings
can be set at:
 This site collection level
 The site level for the sites contained within this site collection
 The document library level for document libraries contained with the sites in this site
collection
Clicking on the values to the left of a setting’s name allows its value to be set.
When a setting has a value its value can be deleted by clicking on the icon.
The settings at the site collection, site or document library level can be updated by clicking in the
icon.
Click on “About SharePoint Classifier Client Website” display information about the version of the
product and the Classifier Configuration it is using.
boldonjames.com 27
Classifier Settings
boldonjames.com 28
4.3 Boldon James SharePoint Classifier PowerShell Configuration

The Boldon James SharePoint Classifier PowerShell Configuration allows the SharePoint Classifier
settings to be set using PowerShell commands. The PowerShell commands support getting and
setting the SharePoint Classifier settings at the site collection, site and document library levels.
The Boldon James SharePoint Classifier PowerShell Configuration is a PowerShell module and is
automatically imported into PowerShell sessions.
4.3.1.1 Common Shared Parameters
The PowerShell scripts contain some common shared parameters. Those parameters are detailed
below.
SiteURL – The URL of a SharePoint site. This parameter is mandatory.
 For site collection commands this is the URL of any site within the site collection.
 For site commands this is the URL of the site.
 For document library commands this the URL of the site containing the document
library.
AuthenticationMode – This must match the authentication type used by the SharePoint
environment specified in the SiteURL parameter. This parameter is mandatory.
 The possible values for this parameter are {DefaultCurrentUser |
DefaultSuppliedCredentials | Anonymous | FormsBased | SharepointOnline}
UserName – This is the user name used to authenticate to the SharePoint environment
specified in the SiteURL parameter.
 This is mandatory for the AuthenticationMode values {DefaultSuppliedCredentials |
FormsBased | SharepointOnline}
SecurePassword – This is the password for the UserName parameter. It is entered as a
secure string. The ConvertTo-SecureString PowerShell command allows a plain text
string to be converted to a secure string.
 This is mandatory for the AuthenticationMode values {DefaultSuppliedCredentials |
FormsBased | SharepointOnline}
UseProxyServer – Use a Web Proxy server for communication with the SharePoint
environment. The parameter is optional, and the default value is $false.
 The parameter is optional, and the default value is $false.
 The possible values for this parameter are {$true | $false}
ProxyServer – The name or IP Address for the Web Proxy server used for communication
with the SharePoint environment.
 This is mandatory when the UseProxyServer parameter is set to $true.
 It is not required when UseProxyServer parameter is set to $false or not specified.
ProxyServerPort – The port number for the Web Proxy server used for communication with
the SharePoint environment.
 This is mandatory when the UseProxyServer parameter is set to $true.
UseProxyServerAuthentication – The Web Proxy server used for communication with the
SharePoint environment requires authentication.
boldonjames.com 29
 The parameter is optional, and the default value is $false.

 The possible values for this parameter are {$true | $false}
ProxyServerUserName – This is the user name used to authenticate to the Web Proxy
server used for communication with the SharePoint environment.
 This is mandatory when the UseProxyServer and UseProxyServerAuthentication
parameters are set to $true.
 It is not required when UseProxyServer parameter is set to $false or not specified, or
UseProxyServerAuthentication is set to $false or not specified
ProxyServerPassword – This is the password for the ProxyServerUserName parameter. It is
entered as a secure string. The ConvertTo-SecureString PowerShell command allows a
plain text string to be converted to a secure string.
 This is mandatory when the UseProxyServer and UseProxyServerAuthentication
parameters are set to $true.
 It is not required when UseProxyServer parameter is set to $false or not specified, or
UseProxyServerAuthentication is set to $false or not specified
4.3.1.2 Get-BJSCSiteCollectionSettings
Get-BJSCSiteCollectionSettings [-SiteUrl] <string> [-AuthenticationMode]

<BJSCAuthenticationType> {DefaultCurrentUser | DefaultSuppliedCredentials | Anonymous |
FormsBased | SharepointOnline} [[-UserName] <string>] [[-SecurePassword] <securestring>]
[<CommonParameters>]
The “Get-BJSCSiteCollectionSettings” command gets the site collection settings for a given
SharePoint site collection. It returns a dictionary object containing entries with Name set to the
SharePoint property bag setting name and Value set to the SharePoint property bag setting value.
This command only contains the common shared parameters.
4.3.1.3 Set-BJSCSiteCollectionSetting
Set-BJSCSiteCollectionSetting [-SiteUrl] <string> [-AuthenticationMode] <BJSCAuthenticationType>

{DefaultCurrentUser | DefaultSuppliedCredentials | Anonymous | FormsBased |
SharepointOnline} [[-UserName] <string>] [[-SecurePassword] <securestring>] -PropertyName
<string> {bjSPASCInternalServiceURL | bjSPASCApplyClearance | bjSPASCClearance |
bjSPASCApplyDefaultLabel | bjSPASCDefaultLabel | bjSPASCQuarantinePermissions |
bjSPASCQuarantineListName | bjSPASCQuarantineSiteUrl | bjSPASCStopUnlabelled} [-
PropertyValue <string>] [<CommonParameters>]
The “Set-BJSCSiteCollectionSetting” command sets a site collection setting for a given SharePoint
site collection.
This command contains the common shared parameters and the following additional parameters:
PropertyName – This the SharePoint property bag setting name for the site collection setting
being set. This parameter is mandatory.
 The possible values for this parameter are {bjSPASCInternalServiceURL |
bjSPASCApplyClearance | bjSPASCClearance | bjSPASCApplyDefaultLabel |
bjSPASCDefaultLabel | bjSPASCQuarantinePermissions |
bjSPASCQuarantineListName | bjSPASCQuarantineSiteUrl |
bjSPASCStopUnlabelled}
boldonjames.com 30
PropertyValue – This is the property value being set.
NOTE: The supported values for settings can be found in Supported Settings
NOTE: To remove a property from the property bag set the PropertyValue to an empty string
4.3.1.4 Get-BJSCSiteSettings
Get-BJSCSiteSettings [-SiteUrl] <string> [-AuthenticationMode] <BJSCAuthenticationType>

SharepointOnline} [[-UserName] <string>] [[-SecurePassword] <securestring>]
The “Get-BJSCSiteSettings” command gets the site settings for a given SharePoint site. It returns a
dictionary object containing entries with Name set to the property bag setting name and Value set to
the property bag setting value.
This command only contains the common shared parameters.
4.3.1.5 Set-BJSCSiteSetting
Set-BJSCSiteSetting [-SiteUrl] <string> [-AuthenticationMode] <BJSCAuthenticationType>

<string> {bjSPAInternalServiceURL | bjSPAApplyClearance | bjSPAClearance |
bjSPAApplyDefaultLabel | bjSPADefaultLabel | bjSPAQuarantinePermissions |
bjSPAQuarantineListName | bjSPAQuarantineSiteUrl | bjSPAStopUnlabelled} [-PropertyValue
<string>] [<CommonParameters>]
The “Set-BJSCSiteSetting” command sets a site setting for a given SharePoint site.
This script contains the common shared parameters and the following additional parameters:
PropertyName – This the property bag setting name for the site setting being set. This
parameter is mandatory.
 The possible values for this parameter are {bjSPAInternalServiceURL |
bjSPAApplyClearance | bjSPAClearance | bjSPAApplyDefaultLabel |
bjSPADefaultLabel | bjSPAQuarantinePermissions | bjSPAQuarantineListName |
bjSPAQuarantineSiteUrl | bjSPAStopUnlabelled}
4.3.1.6 Get-BJSCLibrarySettings
Get-BJSCLibrarySettings [-SiteUrl] <string> [-LibraryName] <string> [-AuthenticationMode]

<BJSCAuthenticationType> {DefaultCurrentUser | DefaultSuppliedCredentials | Anonymous |
FormsBased | SharepointOnline} [[-UserName] <string>] [[-SecurePassword] <securestring>]
The “Get-BJSCLibrarySettings” command gets the document library settings for a for a given
SharePoint document library in a given SharePoint site. It returns a dictionary object containing
boldonjames.com 31
entries with Name set to the property bag setting name and Value set to the property bag setting
value.
This command contains the common shared parameters and the following additional parameter:
LibraryName – The name of a document library where settings are being read. This
4.3.1.7 Set-BJSCLibrarySetting
Set-BJSCLibrarySetting [-SiteUrl] <string> [-AuthenticationMode] <BJSCAuthenticationType>

<string> {bjSPAEnable | bjSPAPropagateLabels | bjSPAInternalServiceURL |
bjSPAApplyClearance | bjSPAClearance | bjSPAApplyDefaultLabel | bjSPADefaultLabel |
bjSPAQuarantine | bjSPAQuarantinePermissions | bjSPAQuarantineListName |
bjSPAQuarantineSiteUrl | bjSPAStopUnlabelled} [-PropertyValue <string>]
The “Set-BJSCLibrarySetting” command sets a document library setting for a given SharePoint
document library in a given SharePoint site.
This command contains the common shared parameters and the following additional parameters:
LibraryName – The name of a document library where settings are being set. This parameter
is mandatory.
PropertyName – This the property bag setting name for the site setting being set. This
 The possible values for this parameter are {bjSPAEnable | bjSPAPropagateLabels |
bjSPAInternalServiceURL | bjSPAApplyClearance | bjSPAClearance |
bjSPAApplyDefaultLabel | bjSPADefaultLabel | bjSPAQuarantine |
bjSPAQuarantinePermissions | bjSPAQuarantineListName | bjSPAQuarantineSiteUrl
| bjSPAStopUnlabelled}
4.4 Setting SharePoint Classifier Settings directly on Property Bags

Please refer to the Supported Settings to get the property bag settings information. This includes
the names of the SharePoint property bag settings at site collection, site and document library levels
and details the supported values for each setting. It also defines the location of the SharePoint
property bags where the settings are stored at each level.
Note: When setting property bag settings information directly please note the property names are
case sensitive and the property values must be stored as string values.
boldonjames.com 32
5 SHAREPOINT CLASSIFIER FUNCTIONALITY

SharePoint Classifier allows Classifier classifications to be shown on fields in a SharePoint
document library. Fields are created to hold the Classifier selector values and a summary marking
value showing the complete classification. The fields shown are dependent on the Classifier
selectors in the Classifier Configuration Policy that is in use by the Boldon James SharePoint
Classifier Configuration Sweeper Service monitoring the site collection which contains the document
library.
Classifications on SharePoint document library items can be set within SharePoint using the
SharePoint Classifier label dialog. The SharePoint Classifier label dialog applies SharePoint
Classifier rules to ensure any classification selected by the user is valid.
Note: The SharePoint Classifier label dialog can classify more than one file simultaneously. It is not
recommended that more than 10 files are classified simultaneously. For classifying more than 10 files
it is recommended that Boldon James Power Classifier for SharePoint is used.
SharePoint Classifier supports SharePoint item file types which are and are not natively classified
by Classifier.
Files types which are natively classified by Classifier use the classification contained within the file
as the primary Classification.
 When a natively classified file type has its classification updated using the SharePoint
Classifier label dialog then the classification contained within the file is updated with the new
Classification. This updated classification is then used by any Classifier application which
subsequently accesses this file. This is correct for whether the file is accessed from within
SharePoint or if the file is moved outside of the SharePoint environment.
 When a natively classified file type has its classification updated by an application outside of
SharePoint then this updated classification is reflected on the item in SharePoint by
SharePoint Classifier.
File types which are not natively classified by Classifier have a Classification which only resides in
the SharePoint environment. When the file is accessed by any other Classifier application or moved
from SharePoint environment then the classification defined by SharePoint Classifier is lost.
The Classifier classification on document library items can have certain SharePoint Classifier
specific functionality applied to them.
5.1 Apply Default Classification

It is possible to apply a default classification to unclassified items in a SharePoint Classifier enabled
document library when the item is added or updated.
See the SharePoint Classifier Configuration section on how to configure this functionality.
5.2 Quarantine Items with Inappropriate Classification

When an item is added or updated in a SharePoint Classifier enabled document library with an
inappropriate classification it can be quarantined until an appropriate Classification is set on the
item.
boldonjames.com 33
When an inappropriate classification is detected the item can be either be moved to a quarantine list
or have its permissions modified to stop other users seeing and accessing the item.
5.2.1 Inappropriate Classification Reasons

5.2.1.1 Classifier Clearance Failure
Classifier Clearances can be applied to SharePoint Classifier enabled document libraries. These
Classifier Clearances define which Classifier classification elements are valid for these document
libraries.
When an item is added or updated with a classification containing one of more Classifier
classification elements which are not in the Classifier Clearance then the item is quarantined until a
classification appropriate for this document library’s Classifier Clearance is selected.
5.2.1.2 Unclassified Failure
When an item in a SharePoint Classifier enabled document library is added or updated it can be
quarantined if it does not have a classification set. This stops items with no classification being
added or updated in a SharePoint Classifier enabled document library. The item is quarantined until
a classification appropriate for this document library is selected.
5.2.2 Quarantine Options
There are two options for quarantining items in SharePoint Classifier; moving to a quarantine list or
have its permissions modified to stop other users seeing and accessing the item.
5.2.2.1 Quarantine List
This is special type of SharePoint Classifier enabled document library with the Is this a Quarantine
List? setting enabled. This special type of SharePoint Classifier enabled document library has extra
options added to the document library ribbon buttons and context menu which allow items to be
restored to their original document library locations after an appropriate classification has been
applied.
This type of quarantining occurs when the Use Permissions Modification for Quarantining setting is
disabled or not present on a SharePoint Classifier enabled document library and the Quarantine
Site URL and Quarantine List Name settings are configured correctly.
Note: The quarantine list the Quarantine Site URL and Quarantine List Name settings point to must
exist and this quarantine list must have the “Is this a Quarantine List?” setting enabled before this
type of quarantining can occur. If these settings are incorrect then quarantining will not occur.
When an inappropriate item is moved to a Quarantine List:

 The item is moved to the Quarantine List.
 The inappropriate label on this item is shown in the Quarantine List.
To restore an item from a Quarantine List:
boldonjames.com 34
 Select a classification which is appropriate for the original document library which contained
this item. This can be achieved using the SharePoint Classifier label dialog or using other
Classifier applications which can natively label this item’s file type.
 Select the “Restore Item” option from the ribbon bar or item context menu in the quarantine
list.
 In the “Restore Item” dialog choose to restore the item.
 The item will be moved back to the original document library and the appropriate
classification which has been selected will be shown on the item in the original document
library.
Note: If an inappropriate classification is present on the item when it is restored it will be returned to
the quarantine list.
Note: The quarantine list must be in the same site collection as the document libraries which are
using it. Document libraries cannot use a quarantine list outside of their site collection. If a quarantine
list outside of the site collection is used then quarantining will fail because the item cannot be moved
to the quarantine list.
Note: Multiple quarantine lists can be configured within the sites in a site collection.
Note: Quarantine lists can be shared between multiple document libraries in a site collection.
5.2.2.2 Permissions Modification
This type of quarantining occurs when the Use Permissions Modification for Quarantining settings is
enabled for a SharePoint Classifier enabled document library.
This type of quarantining modifies the permissions on the item in the document library to stop other
users seeing and accessing the item until an appropriate classification for the document library has
been selected.
When an item is quarantined the item in the document library has:
 Permission inheritance removed from the item.
 The user making the inappropriate change has edit permissions assigned to the item so they
can set an appropriate classification or remove the item from the document library.
 Users with “Manage List” permissions for that document library have their permissions left on
the item. This allows users who have the relatively high level permissions to manage the list
can set an appropriate classification or remove the item from the document library.
 All other users have permissions removed from the item so they cannot see or access the
item.
When an appropriate classification is applied to the item it has:
 Permission inheritance restored on the item.
 All of the modified permissions assigned to the item by SharePoint Classifier are removed
when permission inheritance is restored. This allows all users to see and access the item
with the same inherited permissions they had before the item was quarantined.
boldonjames.com 35
NOTE: SharePoint Classifier quarantine permissions modification relies on inherited

permissions. If an item within a document library has permissions inheritance disabled then
it will have permissions inheritance enabled after it has had SharePoint Classifier quarantine
permissions modifications applied.
5.2.2.3 Quarantine Notification Email
When an item is quarantined using either a quarantine list or permissions modification a notification
email is send to the user who added or update the item with the inappropriate classification. The
email is sent though the SharePoint environments email functionality.
This email can only be sent when:
 The user’s profile in SharePoint contains their correct email address.
 The SharePoint enviroment is configured to allow outgoing email.
5.3 Adding SharePoint Classifier functionality to a Document Library

SharePoint Classifier functionality is added onto a document library by setting the Enabled setting to
the correct value. This will enable the basic SharePoint Classifier functionality on the document
library. Other functionality can be enabled by setting the Supported Settings with values appropriate
to your environment.
Enabling and configuring SharePoint Classifier can be achieved using the Boldon James
SharePoint Classifier Settings, PowerShell Configuration or setting SharePoint property bag setting
directly.
NOTE: SharePoint Classifier cannot be automatically enabled on all document libraries in a

SharePoint environment. There are numerous document libraries hidden from the user which
are used by SharePoint. SharePoint Classifier should not be enabled on these document
libraries and automatically enabling SharePoint Classifier on all document libraries would
result in SharePoint not working correctly when these internal use document libraries are
modified.
boldonjames.com 36
6 USER VIEW OF SHAREPOINT CLASSIFIER

Adding SharePoint Classifier functionality to a Document Library has the following effects:
 The Library View is enhanced to display Label value information.
6.1 Library View

New columns are added (one for each configured Label Selector, plus one showing the Summary
Marking value), as in the example below. The columns shown and their order is managed on a per
library basis using the standard SharePoint features found under Library Tools / Library / Library
Settings / All documents.
Library Columns
6.2 Uploading a File

When you upload a file into a SharePoint Classifier enabled library, SharePoint Classifier will check
the file and one of the following conditions will apply:
1. The file is a Classifier supported document and contains a label recognised by Classifier. In this
case the label is propagated into the SharePoint columns.
2. This file is a Classifier supported document but does not include a label recognised by
Classifier, or it is a Classifier unsupported document. In either case the file is uploaded into
SharePoint and the SharePoint columns show the item as unlabelled or a default classification
can be applied.
The label value can be viewed and where appropriate modified as described in the next section.
6.3 Viewing and Changing Label Value after upload

Any file in SharePoint Classifier can have a label applied. However, the ability to change an existing
label value can be controlled by Check for label change rules, details of which can be found in
Classifier Administration Guide / Policies / Rules supported / Check Rules.
 Select the file
 Choose the Classify option from the Document ribbon bar or Classify from the item context
menu.
boldonjames.com 37
Edit Properties
Classifier will enforce any Check these mandatory selectors or Check for label change rules
defined for SharePoint.
All unlabelled items within SharePoint may be labelled by this mechanism. However, items fall into
three categories:
a) Items that Office Classifier can label (Word, Excel, PowerPoint, Project, Visio). Labelling
these items will update the Classifier label property of the item, but will not change the item
in any other way (e.g. Markings will not be updated).
b) Items that can be labelled by File Classifier or Power Classifier (e.g. ZIP, JPEG, PDF,
HTML, Open Office Documents – see Classifier Administration Guide – Appendix Label
Propagation Mechanisms for full details). Labelling these items will set the appropriate item
property.
c) All other items (e.g. TXT, Database). Labelling such items only sets the label as a
SharePoint property. Such labels are never available outside SharePoint.
NOTE: When Apply Clearance and Clearance Name are correctly configured then the SharePoint
Classifier label dialog will be masked using this Classifier Clearance to stop users selecting an
inappropriate classification for an item in the document library. This masking of the label dialog is only
present when using the SharePoint Classifier label dialog. Any other Classifier applications used to
classify an item in this document library will be not have masking applied using this Classifier
Clearance.
NOTE: When a classification is applied to an item using the Classify option in SharePoint then the
Classifier columns on the item or items which the classification has been applied to will show “Update
Pending” until a SharePoint Classifier Configuration Item Service has successfully processed those
changes. When this processing occurs, the columns will updated to show the correct values for the
selected classification and the selected classification will be applied to natively classified file types.
boldonjames.com 38
6.4 Inappropriate Classification

Items with a classification which is inappropriate for the document library can be quarantined. When
a user adds or updates an item with an inappropriate classification the item will be quarantined and,
if possible, the user will receive an email stating the item has been quarantined.
The user can then apply an appropriate classification to the item for that document library and
restore the item from the quarantined state.
If the user cannot apply an appropriate classification to the item for that document library then the
item must be deleted and cannot be restored from the quarantined state.
boldonjames.com 39
7 INTERWORKING WITH CLASSIFIER APPLICATIONS

Note: More detailed information on the propagation of labels between, and use of labels by,
Classifier applications can be found in Classifier Administration Guide/ Appendix – Label
Propagation Mechanisms. Key SharePoint Classifier information is summarised below.
 SharePoint Classifier uses the same Label information as Office Classifier and CAD Classifier
(Classifier ‘private’ label property and Label Locations) when reading labels from file types
supported (e.g. Microsoft Word, Excel, PowerPoint and Project but not VISIO).
 Using SharePoint Classifier to apply a label value to (for example) an unlabelled Word
document will update the Classifier ‘private’ label property. Consequential effects on Markings
will only be applied the next time the document is opened using Office Classifier.
In this circumstance, SharePoint Classifier will set a custom property indicating to Office
Classifier that the current Markings may not match the label value. Office Classifier will then
automatically update the Markings the next time the document is opened. This mechanism can
be inhibited via a Classifier Administration option:
Label Configurations / Configuration Settings / Classifier Application Settings /
SharePoint Classifier / Set property to refresh markings (default Enabled).
Note: Markings may be refreshed using the label applied by SharePoint Classifier if the document
is printed or saved.
Set property to refresh markings

 For Outlook messages and EML and MSG format messages, SharePoint Classifier uses the
same Label location information stored within the message as is used by Email Classifier.
 For PDF SharePoint Classifier uses the BJ label property (as supported by File Classifier and
Power Classifier for Files), otherwise check configured locations (document label locations
configured in the Classifier configuration) for a label value.
boldonjames.com 40
 For ZIP files check the Comment field to see if it contains a BJ label (as supported by File
Classifier and Power Classifier for Files).
 For the following use the BJ label value if it exists, otherwise check configured locations (email
label locations configured in the Classifier configuration) to determine the current label value:
o JPG files (JPG, JPEG, JPE)
o html, htm
o odf, odt, odp
Note: Support for these file types requires additional configuration of Classifier plug-ins under
guidance from Classifier support. Be aware that the plug in for DXF/DWG files only supports
reading of BJ Label values.
 All other attachment types are treated as unlabelled.

 For all other file types (e.g. .TXT) SharePoint Classifier allows you to apply a label to the file
within SharePoint. This label value is not propagated beyond SharePoint.
Note: Any Classifier label assigned to an RMS or S/MIME protected document or MSG file will not be
available when an upload takes place.
boldonjames.com 41

SharePoint Classifier Guide

Uploaded by

Copyright:

Available Formats

SharePoint Classifier Guide

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SharePoint Classifier Guide

Uploaded by

Copyright:

Available Formats

SharePoint Classifier Guide

© Boldon James Ltd. All rights reserved.

3.2.1 SharePoint Authentication 20

1.1 Architecture Overview

SharePoint 2013 Collection/Site/

SharePoint CSOM API

SharePoint SharePoint SharePoint SharePoint

1.2 Migration from SharePoint Classifier Full Trust (SharePoint

2 INSTALLATION AND DEPLOYMENT

2.1 Pre-deployment Configuration

2.1.1 SharePoint Configuration

Manage Web Site

2.1.1.2 Document Library for the Service Data

2.1.1.3 Document Library for Client Files

2.1.2 Windows Servers for Services and Website

Installations of the SharePoint Classifier Configuration Sweeper Service on different Windows

2.1.3 Classifier Label Configuration

(Further details can be found in the Classifier Administration Guide Configuration

2.2 SharePoint Classifier Website for Clients

2.3 SharePoint Classifier Configuration Sweeper Service

2.4 SharePoint Classifier Item Sweeper Service

2.5 SharePoint Classifier PowerShell Configuration

3 SHAREPOINT CLASSIFIER SERVICE

SharePoint Classifier Configuration Sweeper Service Configuration Tool

3.1.1 SharePoint Authentication

3.1.1.4 Proxy Server

The “Proxy Server” button opens the “Proxy Server” Dialog.

3.1.1.5 Test SharePoint Permissions

Test SharePoint Permissions

The settings it tests are:

3.1.2 Service Configuration

3.1.3 Data List

3.1.3.1 Site URL

3.1.3.2 List Name

3.1.4 Client Files List

3.1.4.1 Site URL

3.1.4.2 List Name

3.1.5 Clients Website

3.1.6 Site Collections to Monitor

3.2 SharePoint Classifier Item Sweeper Service Configuration Tool

Boldon James SharePoint Classifier Item Sweeper Service

3.2.1 SharePoint Authentication

See SharePoint Authentication for the options supported.

3.2.2 Service Configuration

See Service Configuration for the options supported.

3.2.3 Data List

See Data List for the options supported.

3.2.4 Site Collections to Monitor

See Site Collections To Monitor for the options supported.

4 SHAREPOINT CLASSIFIER CONFIGURATION

4.1 Supported Settings

Site Collection Level Site Level Document Library Level

Is This a Quarantine List? 

Use Permissions Modification   

Quarantine Site URL   

Quarantine List Name   

Apply Default Label   

Default Label Name   

The “Enabled” setting is only supported at the document library level.