Archive

Archive for the ‘SharePoint 2010’ Category

SharePoint 2010: Adding SAML Claim permission for All Authenticated Users using PowerShell.

February 1, 2017 Leave a comment

I recently had to convert one of my SharePoint 2010 Web Applications from using Windows Claims/NTLM to use SAML Claims, removing the need for NTLM authentication by using a Claims Provider (ADFS) for authentication. When doing so permissions on the SALM Claims Web Application broke because it was still leveraging the Windows Claims Permissions. Since the NTLM permission was removed at the Web Application level, and to meet the DISA STIG requirement Anonymous Access permissions were also removed; this in return restricted access to users who used to have “read” rights to the Portal. To fix this problem I had to grant the “read” permissions for the SAML Claims ‘All Authenticated Users’ to all Site Collections / Sites so these users can once again gain access. Below is how I accomplished this using PowerShell.

————————————————————————–

$webApp = Get-SPWebApplication "[WEB APPLICATION URL]"
$sts = Get-SPTrustedIdentityTokenIssuer "[CLAIMS PROVIDER TOKEN ISSUER NAME]"

$PermLevels = @{}

"URL `t" + "userName `t" + "userLogin `t" + "userEmail `t" + "permissionLevel `t" + "SAMLClaim" >> User_Permissions_AllAuthenticatedUsers.csv

foreach ($web in $webApp | Get-SPSite -Limit All | Get-SPWeb -Limit All)
{

	foreach ($role in $web.Roles)
	{
		$permmask = $role.PermissionMask
		$permname = $role.Name
		$PermLevels.Add("$permmask", "$permname")
		trap [Exception] {continue}
	}
	foreach ($perm in $web.Permissions)
	{
		$permmaskcurrent = $perm.PermissionMask
		$level = $PermLevels.Get_Item("$permmaskcurrent")

		if ($perm.Member.Name -like "*All Authenticated Users*")
		{
				#CLAIM PRINCIPAL FOR ROLE
				$claimPrincipal = New-SPClaimsPrincipal -ClaimValue $perm.Member.Name -ClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -TrustedIdentityTokenIssuer $sts
				
				
				$newUser = New-SPUser -UserAlias $claimPrincipal.ToEncodedString() -Web $web

				$account = $web.EnsureUser($newUser)
			
				if ($level -eq "Limited Access")
				{
					$level = "Read"
					$role = $web.RoleDefinitions[$level]
					$assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
					$assignment.RoleDefinitionBindings.Add($role)
					$web.RoleAssignments.Add($assignment)
				}
				else
				{
					$role = $web.RoleDefinitions[$level]
					$assignment = New-Object Microsoft.SharePoint.SPRoleAssignment($account)
					$assignment.RoleDefinitionBindings.Add($role)
					$web.RoleAssignments.Add($assignment)
				}
				
				$web.Url + "`t" + $perm.Member.Name + "`t" + $perm.Member.UserLogin + "`t" + $perm.Member.Email + "`t" + $level + "`t" + $account >> User_Permissions_AllAuthenticatedUsers.csv

		}
	}
}

————————————————————————–

The above script loops through all the Site Collections and Sites to search for the Windows Claim for ‘All Authenticated Users’ once it finds an instance where the ‘All Authenticated Users’ permissions is used it adds the SAML Claim for ‘All Authenticated Users’

This script does not clean up/remove the old Windows Claims permission for the ‘All Authenticated Users’ I did that just incase the Web Application needs to be extended to once again support Windows Claims/NTLM authentication.

I will later blog about how to add the ‘All Authenticated Users’ SAML Claim to Groups, and also how to add indivdual SAML Claim permissions to users by granting their SAML Token for email.

Hopefully this is helpful for those that are struggling to reprovision their Windows Claims permissions to SAML Claims.

SharePoint 2010: Enable (Page) Output Cache Settings using PowerShell

January 25, 2017 Leave a comment

To optimize performance in SharePoint 2010, there are a few settings you can do to help with page load times and optimizing SharePoint Cache.

The three main ways to do this is:

1. BLOB Cache
2. Object Cache
3. Page Output Cache

In my environment we are not leveraging BLOB cache, and Object Cache is already enabled by default. Though you can optimize it for your SP environment.

However the Page Output Cache is not enabled by default.

Below is a PowerShell script I created that enables the Page Output Cache at the Site Collection Level for a Web Application.

$webapp = Get-SPWebApplication [URL OF WEB APPLICATION]

foreach ($web in $webapp.Sites)
{
$cacheSettings = New-Object Microsoft.SharePoint.Publishing.SiteCacheSettingsWriter($web.url)
$cacheSettings.EnableCache = $true
$cacheSettings.Update();
Write-Host “Updated Page Output Cache Settings…” $web.Url
}

Options:

#Default Page Output Cache Profile. The Cache Profile Id is built off the Cache Profile List (Site Actions – Site Settings – Site Collection Cache Profiles (under Site Collection Administration))

SetAnonymousPageCacheProfileId($web.Url, 1)
SetAuthenticatedPageCacheProfileId($web.Url, 2);

#Page Output Cache Policy
$cacheSettings.AllowPublishingWebPageOverrides = $true;
$cacheSettings.AllowLayoutPageOverrides = $true;
$cacheSettings.EnableDebuggingOutput = $true;

SharePoint 2010: Output Search Query Results Using PowerShell into .csv file

January 21, 2015 Leave a comment

I recently had to perform a massive search query for specific terms (key words) in my SharePoint 2010 environment, and provide a .csv file for all returned results.  The easiest way for me to do this was by utilizing the power of PowerShell.  So instead of having to manually execute separate Search queries within SharePoint Search I executed this script, which outputs the search results in an easy to read formatted .csv file.

#Setup a keyword query object
$site = New-Object Microsoft.SharePoint.SPSite http://portal
$kq = New-Object Microsoft.Office.Server.Query.KeywordQuery $site

#Set some query properties
$kq.ResultTypes = [Microsoft.Office.Server.Search.Query.ResultType]::RelevantResults
$kq.RowlLimit = 10000
$kq.QueryText = “TERM OR KEYWORDS TO QUERY”

#issue the query
$resultTableCollection = $kq.Exectute()

#Get the result Table
$relResultTable = $resultTableCollection.Item([Microsoft.Office.Server.Search.Query.ResultType]::RelevantResults)
$relDataTable = $relResultTable

#Output the results to .csv file
$relDataTable.Rows | select-object Path, Title, Description, Write, HitHighligedSummary | Export-Csv “c:\temp\searchresults.csv” -NoTypeInformation

The .csv file will provide the Path, Title, Description, Date Modified, and Highlighted Summary of the search results.

Hope this helps others that might need to do a similar search against their SP environment.

SharePoint 2010: Get List of All Web Applicatons/Site Collections/Sub-Sites/Permissions and Last Modified using PowerShell

November 12, 2014 3 comments

#GET ALL WEB APPLICATIONS IN THE FARM
$webApp = Get-WebApplication

#FOREACH LOOP, LOOPING THROUGH ALL WEB APPLICATIONS IN THE FARM
foreach ($webApps in $webApp)
{

#WRITE-HOST WEB APPLICATION NAME
write-host “WEBAPP:” $webApps.Name

#FOREACH LOOP, LOOPING THROUGH ALL SITE COLLECTIONS WITHIN WEB APPLICATION
foreach ($site in $webApps.Sites)
{

#WRITE-HOST SITE COLLECTION URL
write-host “SITE: ” $site.URL

#FOREACH LOOP, LOOPING THROUGH ALL SITE COLLECTION ADMINISTRATORS
foreach ($siteAdmin in $site.RootWeb.SiteAdministrators)
{
#WRITE-HOST SITE COLLECTION ADMINS
write-host -foregroundcolor green “SITE COLLECTION ADMINS – $($siteAdmin.DisplayName)”
}

#FOREACH LOOP, LOOPING THROUGH ALL SUB-SITES IN SITE COLLECTION
foreach ($webs in $site.AllWebs)
{
#WRITE-HOST SUB-SITE NAME
write-host “SUB-SITE NAME:” $webs.Name
#WRITE-HOST SUB-SITES URL
write-host “SUB-SITES URL:” $webs.URL

#FOREACH LOOP, LOOPING THROUGH ALL ROLE ASSIGNMENTS IN THE WEB ROLE ASSIGNMENTS
foreach ($roleAssignment in $webs.RoleAssignments)
{
#FOREACH LOOP, LOOPING THROUGH ALL ROLE DEFINITIONS IN ROLE ASSIGMENT ROLE DEFINITIONS
foreach ($roleDefinition in $roleAssignment.RoleDefinitionBindings)
{
#IF STATEMENT (IF ROLE DEFINITION EQUALS FULL CONTROL)
if ($roleDefinition.Name -eq “Full Control”)
{
#WRITE-HOST PERMISSION LEVEL AND PERMISSION NAME
write-host -foregroundcolor red “Permission Level: ” $roleDefinition.Name “| Permission Name: “$roleAssignment.Member.Name
}
}
}

#FOREACH LOOP, LOOPING THROUGH ALL LISTS IN THE WEB
foreach ($list in $webs.Lists)
{
#WRITE-HOST LIST NAME AND LAST MODIFIED DATE
write-host “LIST NAME: ” $list.Title “| LAST MODIFIED DATE: ” $list.LastItemModifiedDate
}
}
}
}
}

SharePoint 2010: Access Denied by Business Data Connectivity within SharePoint 2010 Designer

August 22, 2014 Leave a comment

If you are attempting to add a connection to an external data source within SharePoint 2010 Designer and you recieve the following error:

“Access denied by Business Data Connectivity”

Make sure you grant the proper permissions to the Business Data Connectivity Service Metadata Store within Central Administration.

1.  Browse to your Central Administration Site
2.  Browse to Application Management – Manage Service Application – Business Data Connectivity
3.  Within the Business Data Connectivity Service Application, click the “Set Metadata Store Permissions” icon in the ribbon
4.  Grant the proper permissions to those needed to establish DBC external connections (Edit, Execute and Set Permissions).

After granting permissions, attempt to establish your connection within SharePoint 2010 Designer again.  This time you should be able to connect and see your data source.

Hopefully this helps others.