Check SharePoint 2010 anonymous permissions
Great PowerShell for checking the state of SharePoint anonymous permissions from Max Ruswell at Microsoft:
SharePoint PowerShell Script Series Part 6 – Is Anonymous Access Enabled?
Note: This PowerShell script is tested only on SharePoint 2010
Instructions for running the script:
1. Copy the below script and save it in notepad
2. Save it with a anyfilename.ps1 extension
3. To run, copy the file to a SharePoint Server
4. Select Start\Microsoft SharePoint 2010 Products\SharePoint 2010 Management Shell
5. Browse to directory holding the copied script file
6. Run the script: .\anyfilename.ps1 (assuming anyfilename is the name of the file)
<# ==============================================================
//
// Microsoft provides programming examples for illustration only,
// without warranty either expressed or implied, including, but not
// limited to, the implied warranties of merchantability and/or
// fitness for a particular purpose.
//
// This sample assumes that you are familiar with the programming
// language being demonstrated and the tools used to create and debug
// procedures. Microsoft support professionals can help explain the
// functionality of a particular procedure, but they will not modify
// these examples to provide added functionality or construct
// procedures to meet your specific needs. If you have limited
// programming experience, you may want to contact a Microsoft
// Certified Partner or the Microsoft fee-based consulting line at
// (800) 936-5200.
//
// For more information about Microsoft Certified Partners, please
// visit the following Microsoft Web site:
// </span><a href="https://partner.microsoft.com/global/30000104"><span style="font-size: x-small;">https://partner.microsoft.com/global/30000104</span></a>
<span style="font-size: x-small;">//
// Author: Russ Maxwell (russmax@microsoft.com)
//
// ---------------------------------------------------------- #></span>
<h3></h3>
<span style="font-size: x-small;">[Void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") </span>
<h3></h3>
<span style="font-size: x-small;">Start-SPAssignment -Global</span>
<h3></h3>
<span style="font-size: x-small;">######################################
##Creating and Returning a DataTable##
######################################
function createDT()
{
###Creating a new DataTable###
$tempTable = New-Object System.Data.DataTable
##Creating Columns for DataTable##
$col1 = New-Object System.Data.DataColumn("Anonymous Access")
$col2 = New-Object System.Data.DataColumn("Level")
$col3 = New-Object System.Data.DataColumn("URL")
$col4 = New-Object System.Data.DataColumn("Configured List\Lib")
###Adding Columns for DataTable###
$tempTable.columns.Add($col1)
$tempTable.columns.Add($col2)
$tempTable.columns.Add($col3)
$tempTable.columns.Add($col4)
return ,$tempTable
}</span>
<h3></h3>
<span style="font-size: x-small;">#####################################
##Check WebApp for Anonymous Access##
#####################################
function checkwebappAnon()
{
$webAnon = $site.IISAllowsAnonymous.tostring()
$tempanonCheck = 0;
if ($webAnon -eq "true")
{
#Add a row to DataTable
$row = $dTable.NewRow()
$row["Anonymous Access"] = "Enabled"
$row["Level"] = "WebApplication"
$row["URL"] = $site.WebApplication.Name
$dTable.rows.Add($row)
}
}</span>
<h3></h3>
<span style="font-size: x-small;">######################################
##Check the Site for Anonymous Access#
######################################
function checksiteAnon()
{
$tempanonCheck = 0
$checkWeb = $web.AllowAnonymousAccess.tostring()
$checkWebState = $web.AnonymousState.tostring()
$webMask = $web.AnonymousPermMask64.tostring()
Write-Host
Write-Host "Checking how Anonymous is set up on site: " $web.Url -ForegroundColor Magenta
if(($checkWeb -eq "True") -and ($checkWebState -eq "On"))
{
#Add a row to DataTable#
$row = $dTable.NewRow()
$row["Anonymous Access"] = "Enabled"
$row["Level"] = "Site Level: Entire WebSite"
$row["URL"] = $web.Url.tostring()
$dTable.rows.Add($row)
$tempResult = 1
}
elseif(($checkWeb -eq "False") -and ($checkWebState -eq "Enabled") -and ($webMask -eq "Open"))
{
#Add a row to DataTable#
$row = $dTable.NewRow()
$row["Anonymous Access"] = "Enabled"
$row["Level"] = "Site Level: Lists and Libraries"
$row["URL"] = $web.Url.tostring()
$dTable.rows.Add($row)
$tempResult = 2
}
else
{
$tempResult = 3
}
return $tempResult
}</span>
<h3></h3>
<span style="font-size: x-small;">############################################
##Check List\Libraries for Anonymous Access#
############################################
function checklistAnon()
{
###Checking each list and library for anonymous access###
$lists = $web.lists
$count1 = $lists.count
$hasAnon = 0
Write-Host "Checking " $lists.count " lists\libaries for Anonymous Access" -ForegroundColor Magenta
###Setting String Vars###
$defMask1 = "OpenWeb"
$defMask2 = "EmptyMask"
$defTax = "TaxonomyHiddenList"
foreach($list in $lists)
{
$listUrl = $web.url + "/" + $list.Title
$listMask = $list.AnonymousPermMask.tostring()
$tax = $list.Title.ToString()
##Checking List eventhough Anonymous Access was disabled at SPWeb Level##
if(($webResult -eq '3') -and ($defTax.CompareTo($tax) -ne '0'))
{
if($listMask.CompareTo($defMask2) -ne '0')
{
if($listMask.CompareTo($defMask1) -eq '0')
{
#Anonymous Access is Enabled but not Configured on list\library#
$row = $dTable.NewRow()
$row["Anonymous Access"] = "Enabled"
$row["Level"] = "List\Library"
$row["URL"] = $listUrl
$row["Configured List\Lib"] = "No"
$dTable.rows.Add($row)
$hasAnon++
}
else
{
#Anonymous Access Enabled and Configured on list\library#
$row = $dTable.NewRow()
$row["Anonymous Access"] = "Enabled"
$row["Level"] = "List\Library"
$row["URL"] = $listUrl
$row["Configured List\Lib"] = "Yes"
$dTable.rows.Add($row)
$hasAnon++
}
}
}
elseif(($webResult -eq '2') -and ($defTax.CompareTo($tax) -ne '0'))
{
if(($listMask.CompareTo($defMask2) -ne '0') -and ($listMask.CompareTo($defMask1) -ne '0'))
{
#Anonymous Access Enabled and Configured on list\library#
$row = $dTable.NewRow()
$row["Anonymous Access"] = "Enabled"
$row["Level"] = "List\Library"
$row["URL"] = $listURL
$row["Configured List\Lib"] = "Yes"
$dTable.rows.Add($row)
$hasAnon++
}
}
$count1--
if($count1 % '10' -eq '0')
{
Write-Host "Total # of lists\libraries left to check: " $count1 -ForegroundColor DarkYellow
}
}
Write-Host
Write-Host "Total # of lists\libraries with Anonymous Access Enabled: " $hasAnon -ForegroundColor Cyan
}
</span>
<h3></h3>
<span style="font-size: x-small;">########################
###Script Starts Here###
########################
$output = Read-Host "Enter a location for the output file (For Example: c:\logs\)"
$filename = Read-Host "Enter a filename"
$url = Read-Host "Please enter the URL of desired site collection and press enter"</span>
<h3></h3>
<span style="font-size: x-small;">###Getting a new DataTable###
[System.Data.DataTable]$dTable = createDT</span>
<h3></h3>
<span style="font-size: x-small;">###Getting Site Collection###
$site = Get-SPSite $url</span>
<h3></h3>
<span style="font-size: x-small;">###Checking if WebApp has Anonymous set###
checkwebappAnon</span>
<h3></h3>
<span style="font-size: x-small;">###Gathering web collection###
$webs = $site.Allwebs
$count = $webs.Count
Write-Host "Checking for Anonymous Access on " $count " Sites" -ForegroundColor Magenta</span>
<h3></h3>
<span style="font-size: x-small;">foreach($web in $webs)
{
$webResult = 0
###calling function to check anonymons on spweb###
$webResult = checksiteAnon
if(($webResult -eq '2') -or ($webResult -eq '3'))
{
Write-Host "Checking for Anonymous Access on List and Libraries" -ForegroundColor Magenta
###calling function to check anonymons on lists and libs###
checklistAnon
}
$count--
if($count -ne '0')
{
Write-Host
Write-Host "Total # of sites left to check: " $count -ForegroundColor DarkYellow
}
else{Write-Host "Operation Completed" -ForegroundColor DarkYellow}
}</span>
<h3></h3>
<span style="font-size: x-small;">if($dTable -ne $null)
{
$name = $output + "\" + $filename + ".csv"
$dTable | Export-Csv $name -NoTypeInformation
Write-Host "Anonymous Access was detected" -ForegroundColor Green
Write-Host "Log File Created: " $name
}
else
{
Write-Host "Anonymous Access is Disabled for the entire Site Collection" -ForegroundColor Green
Write-Host "No Log File Created" -ForegroundColor Green
}
Stop-SPAssignment -Global
Incoming search terms:
- handling for sharepoint 2013 anonymous access
- sharepoint 2010 anonymous access 401 unauthorized
- sharepoint 2010 check anonymous permissions on a site
- sharepoint 2013 401 unauthorized iis
- sharepoint 2013 and edit anonymouspermmask64
- sharepoint 2013 anonymous access 401 unauthorized
- sharepoint 2013 anonymous access gives 401
Tags: anonymous access, anonymous permissions
Trackback from your site.
Keith Tuomi
itgroove is a team of dedicated professionals specializing in Microsoft technologies for the small and medium sized business. Our SharePoint practise offers expert level assistance in architecting, implementing, and customising this industry leading collaboration platform.