Check Anonymous access for all web applications in SharePoint

InfoPath alternatives for form designing SharePoint

So we came across requirement where we had to check anonymous access at web application, site and list level. We were having lot many sites and powershell script is useful to retrieve the data. The below scripts will get the items and mark the flag if it’s web application level ,site level or list level anonymous setting is enabled.

Also read:
– Create Azure App and Deploy to SharePoint Online as an App Step by Step

– Steps to Create Azure Webapps and Download Publish Profile in Windows Azure

– Azure Add-in Send Email SharePoint Online Office 365

Add-PSSnapin “Microsoft.SharePoint.PowerShell” -ErrorAction SilentlyContinue
#[Void][System.Reflection.Assembly]::LoadWithPartialName(“Microsoft.SharePoint”)
try{
Start-SPAssignment -Global

#Create a variable based on the current date and time
$StartTime = (Get-Date -UFormat “%Y-%m-%d_%I-%M-%S %p”).tostring()

$0 = $MyInvocation.MyCommand.Definition
$dp0 = [System.IO.Path]::GetDirectoryName($0)
$output = $(“$dp0\Result\AnonymousAccessInformation_” +$StartTime +”.csv”)

#$logFile=$(“$dp0\CheckAnonymousAccessLog.txt”)
$logFile=$(“$dp0\Logs\AnonymousAccessInformationLog.txt”)
Write “Script started running at ” $StartTime >> $logFile

##Creating and Returning a DataTable##
function createDT()
{
###Creating a new DataTable###
$tempTable = New-Object System.Data.DataTable

##Creating Columns for DataTable##
$col1 = New-Object System.Data.DataColumn(“Anonymous Access”)
$col2 = New-Object System.Data.DataColumn(“Level”)
$col3 = New-Object System.Data.DataColumn(“URL”)
$col4 = New-Object System.Data.DataColumn(“Configured List\Lib”)

###Adding Columns for DataTable###
$tempTable.columns.Add($col1)
$tempTable.columns.Add($col2)
$tempTable.columns.Add($col3)
$tempTable.columns.Add($col4)

return ,$tempTable
}

##Check WebApp for Anonymous Access##
function checkwebappAnon()
{
Write “`r`n Checking how Anonymous is set up on Web Application:” $site.WebApplication.Name >> $logFile
$webAnon = $site.IISAllowsAnonymous.tostring()
$tempanonCheck = 0;
if ($webAnon -eq “true”)
{
#Add a row to DataTable
$row = $dTable.NewRow()
$row[“Anonymous Access”] = “Enabled”
$row[“Level”] = “WebApplication”
$row[“URL”] = $site.WebApplication.Name
$dTable.rows.Add($row)
}

}

##Check the Site for Anonymous Access#
function checksiteAnon()
{
Write “`r`n Checking how Anonymous is set up on site:” $web.Url >> $logFile
$tempanonCheck = 0
$checkWeb = $web.AllowAnonymousAccess.tostring()
$checkWebState = $web.AnonymousState.tostring()
$webMask = $web.AnonymousPermMask64.tostring()

if(($checkWeb -eq “True”) -and ($checkWebState -eq “On”))
{
#Add a row to DataTable#
$row = $dTable.NewRow()
$row[“Anonymous Access”] = “Enabled”
$row[“Level”] = “Site Level: Entire WebSite”
$row[“URL”] = $web.Url.tostring()
$dTable.rows.Add($row)
$tempResult = 1
}
elseif(($checkWeb -eq “False”) -and ($checkWebState -eq “Enabled”) -and ($webMask -eq “Open”))
{
#Add a row to DataTable#
$row = $dTable.NewRow()
$row[“Anonymous Access”] = “Enabled”
$row[“Level”] = “Site Level: Lists and Libraries”
$row[“URL”] = $web.Url.tostring()
$dTable.rows.Add($row)
$tempResult = 2
}
else
{
$tempResult = 3
}

return $tempResult
}

##Check List\Libraries for Anonymous Access#
function checklistAnon()
{
###Checking each list and library for anonymous access###
$lists = $web.lists
$count1 = $lists.count
$hasAnon = 0

Write “`r`n Checking ” $lists.count ” lists\libaries for Anonymous Access” >> $logFile

###Setting String Vars###
$defMask1 = “OpenWeb”
$defMask2 = “EmptyMask”
$defTax = “TaxonomyHiddenList”

foreach($list in $lists)
{
$listUrl = $web.url + “/” + $list.Title
$listMask = $list.AnonymousPermMask.tostring()
$tax = $list.Title.ToString()

##Checking List eventhough Anonymous Access was disabled at SPWeb Level##
if(($webResult -eq ‘3’) -and ($defTax.CompareTo($tax) -ne ‘0’))
{
if($listMask.CompareTo($defMask2) -ne ‘0’)
{
if($listMask.CompareTo($defMask1) -eq ‘0’)
{
#Anonymous Access is Enabled but not Configured on list\library#
$row = $dTable.NewRow()
$row[“Anonymous Access”] = “Enabled”
$row[“Level”] = “List\Library”
$row[“URL”] = $listUrl
$row[“Configured List\Lib”] = “No”
$dTable.rows.Add($row)
$hasAnon++
}
else
{
#Anonymous Access Enabled and Configured on list\library#
$row = $dTable.NewRow()
$row[“Anonymous Access”] = “Enabled”
$row[“Level”] = “List\Library”
$row[“URL”] = $listUrl
$row[“Configured List\Lib”] = “Yes”
$dTable.rows.Add($row)
$hasAnon++
}
}
}
elseif(($webResult -eq ‘2’) -and ($defTax.CompareTo($tax) -ne ‘0’))
{
if(($listMask.CompareTo($defMask2) -ne ‘0’) -and ($listMask.CompareTo($defMask1) -ne ‘0’))
{
#Anonymous Access Enabled and Configured on list\library#
$row = $dTable.NewRow()
$row[“Anonymous Access”] = “Enabled”
$row[“Level”] = “List\Library”
$row[“URL”] = $listURL
$row[“Configured List\Lib”] = “Yes”
$dTable.rows.Add($row)
$hasAnon++
}
}

if($count1 % ’10’ -eq ‘0’)
{
#Write-Host “Total # of lists\libraries left to check: ” $count1 -ForegroundColor DarkYellow
Write “`r`n Total # of lists\libraries left to check: ” $count1 >> $logFile
}
}
Write “`r`n Total # of lists\libraries with Anonymous Access Enabled:” $hasAnon >> $logFile
}

########################
###Script Starts Here###
########################

###Getting a new DataTable###
[System.Data.DataTable]$dTable = createDT

###Getting Site Collection###
#$site = Get-SPSite $url

$farm = [Microsoft.SharePoint.Administration.SPFarm]::Local
$websvcs = $farm.Services | where -FilterScript {$_.GetType() -eq [Microsoft.SharePoint.Administration.SPWebService]}
foreach ($websvc in $websvcs)
{
try{
foreach ($Webapp in $websvc.WebApplications)
{
Write “`r`n Checking if WebApp has Anonymous set” >> $logFile

$site = Get-SPSite -WebApplication $WebApp.Url
if($site)
{
###Checking if WebApp has Anonymous set###
checkwebappAnon
}
try{
#Loops through each site collection within the Web app, if the owner has an e-mail address this is written to the output file
Foreach ($Site in $Webapp.Sites)
{
###Gathering web collection###
$webs = $Site.Allwebs
$count = $webs.Count
Write “`r`n Checking for Anonymous Access on ” $count ” Sites” >> $logFile
try{
foreach($web in $webs)
{
$webResult = 0
###calling function to check anonymons on spweb###
$webResult = checksiteAnon

if(($webResult -eq ‘2’) -or ($webResult -eq ‘3’))
{
Write “`r`n Checking for Anonymous Access on List and Libraries” >> $logFile
###calling function to check anonymons on lists and libs###
checklistAnon
}

if($count -ne ‘0’)
{
Write “`r`n Total # of sites left to check: ” $count >> $logFile
}
else
{
Write “`r`n Operation Completed” >> $logFile
}
$web.Dispose()
}
}
catch [Exception]
{
Write $_.Exception|format-list -force >>$logFile
Write-Host -f red $_.Exception|format-list -force
}
finally{
if($web){
$web.Dispose()
}
}
$Site.Dispose()
}
}
catch [Exception]
{
Write $_.Exception|format-list -force >>$logFile
Write-Host -f red $_.Exception|format-list -force
}
finally{
if($Site){
$Site.Dispose()
}
}
}
}
catch [Exception]
{
Write $_.Exception|format-list -force >>$logFile
Write-Host -f red $_.Exception|format-list -force
}
}
if($dTable -ne $null)
{
$dTable | Export-CSV -path $output -notype
Write “`r`n Anonymous Access was detected” >> $logFile
}
else
{
Write “`r`n Anonymous Access is Disabled for the entire Site Collection and No Log File Created” >> $logFile
}

#Write-Host “Script Complete”

Stop-SPAssignment -Global
}
catch [Exception]{
Write $_.Exception|format-list -force >>$logFile
Write-Host -f red $_.Exception|format-list -force
}
$EndTime = (Get-Date -UFormat “%Y-%m-%d_%I-%M-%S %p”).tostring()
Write “Script stopped at” $EndTime >> $logFile

Hope this will be helpful.

Similar SharePoint 2013 Tutorials


About Sambita Rath

I have 9 years of exprience into SharePoint implementation, architecture, Administrator, development and Training.Designing Information Architecture in SharePoint 2007, 2010,2013 and Office 365.

View all posts by Sambita Rath →

Leave a Reply