Web Application — Isaac's Blog

Posts Tagged ‘Web Application’

enumerate site / web permission per web application PowerShell Script

Posted by IsaacBlum at 5 July 2011

Category: Business, For The Greater Good, Free Help, Microsoft, PowerShell, SharePoint, SharePoint 2010, SharePoint 2010 Foundation, Windows Server 2008 R2

Tags: enumerate, PowerShell, PowerShell Script, SharePoint, SharePoint 2010, Web Application, web permission

Use case: Needed to understand the current security layout of a SharePoint site that was migrated from 2007 to 2010. The customer didn’t know what permissions were set where. They needed a way to report on how each site was granting or restricting permissions.

*Notes:

I’m not disposing of any objects. Sure I understand this is bad, but the intention of this script is to be run one time in a test environment. So if you plan on running this in production, I would suggest adding the dispose objects.
Script is set to put the raw xml file at the C:\, you change this in the .ps1 file.
Runs against all web applications in farm minus central admin.

$logfilepath = "C:\"
 
##Create Table - ScanTable
$ScanTable = New-Object system.Data.DataTable "ScanTable"
$col1 = New-Object system.Data.DataColumn ("URL", [string])
$col2 = New-Object system.Data.DataColumn ("Member", [string])
$col3 = New-Object system.Data.DataColumn ("BasePermissions", [string])
$col4 = New-Object system.Data.DataColumn ("PermFriendlyName", [string])
$col5 = New-Object system.Data.DataColumn ("User_Group", [string])
$ScanTable.columns.add($col1)
$ScanTable.columns.add($col2)
$ScanTable.columns.add($col3)
$ScanTable.columns.add($col4)
$ScanTable.columns.add($col5)
 
$PermLevels = @{}
 
function getsec
{
	Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue
 
	$PortalName = Get-SPWebApplication | select DisplayName
	foreach ($p in $PortalName)
	{
		$webapp = Get-SPWebApplication | ? {$_.DisplayName -eq $p.Displayname}
		#$webapp = Get-SPWebApplication | ? {$_.DisplayName -eq "SharePoint"}
		foreach ($s in $webapp.Sites)
		{
			foreach ($web in $s.AllWebs)
			{
				foreach ($r in $web.roles)
				{
					$permpermmask = $r.PermissionMask
					$permname = $r.Name
					$PermLevels.Add("$permpermmask", "$permname")
					trap [Exception] {continue;}
				}
				$red = $web.HasUniqueRoleDefinitions
				foreach ($perm in $web.Permissions)
				{
					#$perm | select *
					#$perm.PermissionMask
					$permpermmaskcurrent = $perm.PermissionMask
					$level = $PermLevels.Get_Item("$permpermmaskcurrent")
					if ($perm.xml -like "*GroupName*")
					{
						$usergroup = "SharePoint Group"
					}
					if ($perm.xml -like "*UserLogin*")
					{
						$usergroup = "AD User"
					}
					$MemberIsADGroup = $perm.Member.IsDomainGroup
					if ($MemberIsADGroup -eq $true)
					{
						$usergroup = "AD Group"
					}
					$output = $ScanTable.Rows.Add($web.url, $perm.Member, $perm.BasePermissions, $level, $usergroup)
				}
			}
		}
	}
	$ScanTable.WriteXML("$logfilepath\SecurityReport.xml")
}
getsec

2 Comments

Creating Windows AMI – Amazon Cloud

Posted by IsaacBlum at 17 February 2009

Category: Business, Cloud, For The Greater Good

Tags: Amazon, AMI, bundle, Cloud, Indexer Service, Instance, sdelete, SQL, SQL 2005 Express, walk through, Web Application, Windows

This walk through can be used when creating a windows AMI.

Installed Software:

SQL 2005 Express
Indexer Service
.net 2.0 SP1
.net 3.5 SP1

Server Purpose:

.net 2.0 web application w/ database

Instance Configuration:

One attached volume 22gb in size. I recommend using drive letter Z: if you can. So that if you attach the volume later to another windows image you don’t accidently take a required drive letter. (normal system admin advice)

Step 1: Detach your web application’s databases

Step 2: Turn off SQL Services.

Step 3: Turn off the Indexing Service.

Step 4: Turn Off IIS

Step 5: Turn off anything else that may be accessing the hard drive and all programs Ex: antivirus software or internet explorer.

Step 6: Download and Install http://download.sysinternals.com/Files/SDelete.zip , *(delete anything that you do not want to be part of the instance now. Then empty the recycle bin.) Then run this command : delete -c %%Your Hard Drive letter%%, repeat this for all hard drives attached to your instance.

Step 7: Bundle the image…. You can use this link http://docs.amazonwebservices.com/AWSEC2/latest/DeveloperGuide/index.html?bundling-an-ami-windows.html which caused me more trouble than it was worth or use http://developer.amazonwebservices.com/connect/entry.jspa?externalID=609 (preferred) I used this software to make the process go a lot faster. You can just right click the instance and start bundling the instance.

****BE Patient***** BE Patient ******* BE Patient***** this process can take up to an hour or more to complete. **** BE Patient******* you can check the output window for more information.

Once complete, Register your instance. And your off. Don’t forget that your instance will need its database reattached and etc…

*note not following these guidelines can/will cause corruption to database and or files on these hard drives.

Please throw me a comment if you need help. Thanks

1 Comment

Isaac's Blog

So Many Rambles So Little Time….

Posts Tagged ‘Web Application’

enumerate site / web permission per web application PowerShell Script

Archives

Tags

Pages

More

Disclaimer…