Saturday, November 13, 2010

SharePoint 2010 & PowerShell: Anonymous Web Applications

This is the fourth in a series of posts on scripting administrative functions in SharePoint. I assume you have already created a farm. In this post we will add a new anonymous web application. If you are interested in configuring anonymous access using central administration check out: http://www.topsharepoint.com/enable-anonymous-access-in-sharepoint-2010.
An anonymous web application will allow users to access your SharePoint site without logging in. Let’s start by creating a new web application. This script is similar to the last web application we created with two changes. First, we pass AllowAnonymous flag to New-SPAuthenticationProvider. Similarly, we add the AllowAnonymousAccess flag to New-SPWebApplication. Note that we have only enabled anonymous access at this point. By default, new content will still require authentication unless you explicitly grant permissions to anonymous users.
$WebAppURL = "http://www.brianbeach.com"
$HostHeader = "www.brianbeach.com"
$WebAppName = "Anonymous Web Application"
$ContentDatabase = "Content_Anonymous_Default"
$AppPoolName = "Anonymous Content"
$AppPoolUserName = "DOMAIN\USER_NAME"

Write-Host "Creating the anonymous web application"
$AppPoolCred = Get-Credential $AppPoolUserName
$AppPoolAccount = New-SPManagedAccount -Credential $AppPoolCred
$AuthProvider = New-SPAuthenticationProvider -AllowAnonymous
$WebApp = New-SPWebApplication -AllowAnonymousAccess -ApplicationPool $AppPoolName -ApplicationPoolAccount $AppPoolAccount  -Name $WebAppName -URL $WebAppURL -HostHeader $HostHeader -Port 80 -AuthenticationProvider $AuthProvider -DatabaseName $ContentDatabase
At this point we have a new web application, but there is no content added yet. Now, let’s add a new site collection and grant permission to anonymous users. This script is nearly identical to the scripts we created in the prior post, with addition of AnonymousState and AnonymousPermMask.
$SiteName = "Anonymous Root Site"
$OwnerEmail = "USER_NAME@DOMAIN.com"
$OwnerAlias = "DOMAIN\USER_NAME"
$SiteURL = "http://www.brianbeach.com"

Write-Host "Creating a default site collection in the anonymous web application"
New-SPSite -Url $SiteURL -owneralias $OwnerAlias -ownerEmail $OwnerEmail -Template "STS#0"
$Web = Get-SPWeb $SiteURL
$Web.title = $SiteName
$Web.AnonymousState = 2;
$Web.AnonymousPermMask64 = "ViewListItems, ViewVersions, ViewFormPages, Open, ViewPages, UseClientIntegration, AddListItems"
$Web.update() 
AnonymousState determines if anonymous users have access to the site collection as follows:
  • A "0" disables anonymous access. In other words, anonymous users have no access to a Web site.
  • A "1" allows default anonymous access. This specifies that anonymous users can access lists and libraries if the lists and libraries allow anonymous access.
  • A "2" specifies that anonymous users can access the entire Web site.
AnonymousPermMask allows you to control granular permissions. The values of the mask (taken directly from the source code) are:
  • ViewListItems = View items in lists, documents in document libraries, and view Web discussion
  • AddListItems = items to lists, add documents to document libraries, and add Web discussion
  • EditListItems = Edit items in lists, edit documents in document libraries, edit Web discussion comments in documents, and customize Web Part Pages in document libraries.
  • DeleteListItems = Delete items from a list, documents from a document library, and Web discussion comments in documents.
  • ApproveItems = Approve a minor version of a list item or document.
  • OpenItems = View the source of documents with server-side file handlers.
  • ViewVersions = View past versions of a list item or document.
  • DeleteVersions = Delete past versions of a list item or document.
  • CancelCheckout = Discard or check in a document which is checked out to another user.
  • ManagePersonalViews = Create, change, and delete personal views of lists.
  • ManageLists = Create and delete lists, add or remove columns in a list, and add or remove public views of a list.
  • ViewFormPages = View forms, views, and application pages, and enumerate lists.
  • Open = Allow users to open a Web site, list, or folder to access items inside that container.
  • ViewPages = View pages in a Web site.
  • AddAndCustomizePages = Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Windows SharePoint Services–compatible editor.
  • ApplyThemeAndBorder = Apply a theme or borders to the entire Web site.
  • ApplyStyleSheets = Apply a style sheet (.css file) to the Web site.
  • ViewUsageData = View reports on Web site usage.
  • CreateSSCSite = Create a Web site using Self-Service Site Creation.
  • ManageSubwebs = Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.
  • CreateGroups = Create a group of users that can be used anywhere within the site collection.
  • ManagePermissions = Create and change permission levels on the Web site and assign permissions to users and groups.
  • BrowseDirectories = Enumerate files and folders in a Web site using Microsoft Office SharePoint Designer 2007 and WebDAV interfaces.
  • BrowseUserInfo = View information about users of the Web site.
  • AddDelPrivateWebParts = Add or remove personal Web Parts on a Web Part Page.
  • UpdatePersonalWebParts = Update Web Parts to display personalized information.
  • ManageWeb = Grant the ability to perform all administration tasks for the Web site as well as manage content. Activate, deactivate, or edit properties of Web site features through the object model or through the user interface (UI). When granted on the root Web site of a site collection, activate, deactivate or edit properties of site collection scoped Features through the object model. To browse to the Site Collection Features page and activate or deactivate site collection scoped Features through the UI, you must be a site collection administrator.
  • UseClientIntegration = Use features that launch client applications; otherwise, users must work
  • UseRemoteAPIs = Use SOAP, WebDAV, or Microsoft Office SharePoint Designer 2007 interfaces to access the Web site.
  • ManageAlerts = Manage alerts for all users of the Web site.
  • CreateAlerts = Create e-mail alerts.
  • EditMyUserInfo = Allows a user to change his or her user information, such as adding a picture.
  • EnumeratePermissions = Enumerate permissions on the Web site, list, folder, document, or list item.
In the next post we will enable SSL.

Saturday, October 30, 2010

SharePoint 2010 & PowerShell: Site Collections

This is the third in a series of posts on scripting administrative functions in SharePoint. I assume you have already created a farm and web application. In this post we will add three site collections to our web application.
First, let’s create a collaboration site for the HR group. This script is almost identical to the script we used to create the root site collection in the prior post. Once again, you will need to provide a name for the site, the email address and username of the site owner, and a URL. Notice that I have simply added “/sites/hr” to the end of the web application URL. By default, site collections are created beneath the managed path “/sites/”. You can create new managed paths using the New-SPManagedPath command. Also, notice that we are using the STS#0 site template. This template will create a team site. Here is a list of common templates that you can pick from:
  • STS#0 - Team Site
  • STS#1 - Blank Site
  • STS#2 - Document Workspace
  • MPS#0 - Basic Meeting Workspace
  • MPS#1 - Blank Meeting Workspace
  • MPS#2 - Decision Meeting Workspace
  • MPS#3 - Social Meeting Workspace
  • MPS#4 - Multipage Meeting Workspace
  • WIKI#0 - Wiki
  • BLOG#0 – Blog
$SiteName = "Human Resources Site"
$OwnerEmail = "USER_NAME@DOMAIN.com"
$OwnerAlias = "DOMAIN\USER_NAME"
$SiteURL = "http://intranet.DOMAIN.com/sites/hr"
$SiteTemplate = "STS#0"

Write-Host "Creating a relative site collection in the intranet web application"
New-SPSite -Url $SiteURL -owneralias $OwnerAlias -ownerEmail $OwnerEmail -Template $SiteTemplate
$Web = Get-SPWeb $SiteURL
$Web.title = $SiteName
$Web.update()
Let’s also create a blog where employees can share knowledge. Once again, we create a new site collection. We are concerned that we cannot predict how much content our employees will create. Therefore, we have decided to create another content database to keep the blog data separate from the formally sanctioned content on our intranet. There are a few additional steps required to do this. We will need to provide a name for the new content database and provide the URL of the web application that will own the new database. Remember that multiple site collections be assigned to a content database, but each database can only belong to one web application. The remainder of the script is identical to the one above, except that the New-SPSite command takes, as an additional parameter, the name of the content database.
$WebAppURL = "http://intranet.DOMAIN.com"
$ContentDatabase = "Content_Intranet_BLOG"

Write-Host "Creating a new content database in the intranet web application"
New-SPContentDatabase $ContentDatabase -WebApplication $WebAppURL

$SiteName = "Intranet Blog"
$OwnerEmail = "USER_NAME@DOMAIN.com"
$OwnerAlias = "DOMAIN\USER_NAME"
$SiteURL = "http://intranet.DOMAIN.com/sites/blog"
$SiteTemplate = "BLOG#0"

Write-Host "Creating a relative site collection in the intranet web application with a separate content database"
New-SPSite -Url $SiteURL -owneralias $OwnerAlias -ownerEmail $OwnerEmail -ContentDatabase $ContentDatabase -Template $SiteTemplate
$Web = Get-SPWeb $SiteURL
$Web.title = $SiteName
$Web.update()
Finally, let’s assume that the blog has been an overwhelming success (after all, social media projects within an enterprise are always successful, right?) In response, the boss has asked us to launch a WIKI. This is a high profile project and he wants the site to have its own URL. If we were using central administration, we would need to create a new web application for this. Using PowerShell, we can assign a custom URL to a Site Collection. This is called a host header site collection and requires significantly fewer resources than a web application. Microsoft uses this to host hundreds of different URL’s on SharePoint Online. This script is similar to the ones we have created already with a few small changes. Because the URL is not related to the web application URL, we need to tell SharePoint which web application to create our site collection in. This is done by passing an additional parameter to the New-SPSite command.
In addition, there seems to be a bug in the API and the binding is not created for our new site in IIS. Therefore, I have added a few additional lines to create the binding. Note that you need to pass the name of the web application we created in the previous post.
$SiteName = "Intranet WIKI"
$OwnerEmail = "USER_NAME@DOMAIN.com"
$OwnerAlias = "DOMAIN\USER_NAME"
$WebAppURL = "http://intranet.DOMAIN.com"
$SiteURL = "http://wiki.DOMAIN.com"
$SiteTemplate = "WIKI#0"

Write-Host "Creating a hostheader site collection in the intranet web application"
$WebApp = Get-SPWebApplication $WebAppURL
New-SPSite -url $SiteURL -HostHeaderWebApplication $WebApp -owneralias $OwnerAlias -ownerEmail $OwnerEmail -Template $SiteTemplate
$Web = Get-SPWeb $SiteURL
$Web.title = $SiteName
$Web.update()

$WebAppName = "Intranet Web Application"
$HostHeader = "wiki.DOMAIN.com"

Import-Module WebAdministration
New-WebBinding -Name $WebAppName -Port 80 -Protocol "http" -HostHeader $HostHeader
In the next post we will create an anonymous web application.

Saturday, October 23, 2010

SharePoint 2010 & Powershell: Creating a Web Application

This is the second in a series of posts on scripting administrative functions in SharePoint. I assume you have already created the farm as describer here. Let’s start by creating a simple web application for our corporate intranet.
First, we will need to set up a few variables.
  1. First, pick a URL, for example http://intranet.brianbeach.com. Of course you will need a DNS entry created for this or you will need to add an entry to your hosts file for testing.
  2. Next, we will need a host header. This will likely be the same as the URL, but without the protocol. There are a few scenarios were the URL and host header could be different (e.g. we are using a web application firewall to terminate SSL) but this is beyond the scope of this post.
  3. Each web application has one or more content databases, so let’s create a new default database for the intranet application.
  4. Finally, each web application will have an associated web site and application pool in IIS. We need to pick a name for both and choose a service account. I assume that you have already created the service account. Also, this does not have to be the same service account that the far is configured to run as.
When you run the script, it should ask you to enter the password for the service account and then create the web application.
$WebAppURL = "http://intranet.DOMAIN.com"
$HostHeader = "intranet.DOMAIN.com"
$ContentDatabase = "Content_Intranet_Default"
$WebAppName = "Intranet Web Application"
$AppPoolName = "Intranet Content"
$AppPoolUserName = "DOMAIN\SERVICE_ACCOUNT"

Write-Host "Creating the intranet web application"
$AppPoolCred = Get-Credential $AppPoolUserName
$AppPoolAccount = New-SPManagedAccount -Credential $AppPoolCred
$AuthProvider = New-SPAuthenticationProvider
$WebApp = New-SPWebApplication -ApplicationPool $AppPoolName -ApplicationPoolAccount $AppPoolAccount -Name $WebAppName -URL $WebAppURL -HostHeader $HostHeader -Port 80 -AuthenticationProvider $AuthProvider -DatabaseName $ContentDatabase
At this point the web application has been created, but there is no content added yet. Let’s add a new site collection. This script will create a new blank site and assign an owner. Note that the URL is the same as the web application. That is because this is the root site collection. In the next post, we add additional site collections. You will also need to supply a name for the site, and the username and email address of the site owner.
$SiteName = "Intranet Root Site"
$OwnerEmail = "USER_NAME@DOMAIN.com"
$OwnerAlias = "DOMAIN\USER_NAME"
$SiteURL = "http://intranet.DOMAIN.com"
$SiteTemplate = "STS#1"

Write-Host "Creating a default site collection in the intranet web application"
New-SPSite -Url $SiteURL -owneralias $OwnerAlias -ownerEmail $OwnerEmail -Template $SiteTemplate
$Web = Get-SPWeb $SiteURL
$Web.title = $SiteName
$Web.update()
That’s it! We have created a web application and added a new site collection. In the next post we will add a few additional site collections to our intranet.

Saturday, October 9, 2010

SharePoint 2010 & PowerShell: Creating the Farm

I'm excited about PowerShell scripting in SharePoint 2010. We employ strict separation of duties, and the ability to script tasks for the administrator is high on my list of anticipated features. This is the first in a series of posts on scripting administrative functions in SharePoint.
Let’s start by creating a new Farm. I assume you are running these scripts on a single server with all SharePoint 2010 components installed. If you need help creating the environment, I started with SharePoint Server 2010 RTM Virtual Machine Setup Guide (v1.6) (you have to register).
First, you need to add the SharePoint snap-in.
Add-PSSnapin Microsoft.SharePoint.Powershell -EA 0
Clear-Host
Then, you will need to create a service account in the domain that the farm will run as. I didn’t script this, just use Active Directory Domains and Computers. Note that there is no service called “the farm”. The service account that you specify here will have access to the configuration and content databases and be used to run the IIS application pool that hosts central administration and a few other services.
Next, let’s set up a few variables. You need the service account name and password you just created, and the name of the SQL Server. In addition, you need to pick a name the configuration database and a content database that will hold the configuration for central administration. You can name these anything you want, but they have to be unique.
$FarmAccountName = "DOMAIN\SERVICE_ACCOUNT" 
$Passphrase = "PASSWORD"
$DatabaseServer = "DATABASE_SERVER_NAME"
$ConfigDatabase = "Config"
$ContentDatabase = "Content_Admin"
Now, we can create the database. This script will ask you to enter the password for the service account and configure the required databases.
$FarmAccount = Get-Credential $FarmAccountName
$Passphrase = (ConvertTo-SecureString $Passphrase -AsPlainText -force)
New-SPConfigurationDatabase -DatabaseServer $DatabaseServer -DatabaseName $ConfigDatabase -AdministrationContentDatabaseName $ContentDatabase -Passphrase $Passphrase -FarmCredentials $FarmAccount
Next, we can configure the farm. This script will install services and features.
Initialize-SPResourceSecurity
Install-SPService  
Install-SPFeature -AllExistingFeatures
Finally, we can configure the central administration site. This script will create a new IIS web site and application pool. It is configured to listen to all http traffic on port 8080. Note that you should probably use https here. I will explore this in a later post.
New-SPCentralAdministration -Port 8080 -WindowsAuthProvider NTLM
Install-SPHelpCollection -All
Install-SPApplicationContent
At this point you should be able to test the site. http://locahost:8080
Here is the full script.
Add-PSSnapin Microsoft.SharePoint.Powershell -EA 0
Clear-Host

$FarmAccountName = "DOMAIN\SERVICE_ACCOUNT" 
$Passphrase = "PASSWORD"
$DatabaseServer = "DATABASE_SERVER_NAME"
$ConfigDatabase = "Config"
$ContentDatabase = "Content_Admin"

Write-Host "Creating Configuration Database"
$FarmAccount = Get-Credential $FarmAccountName
$Passphrase = (ConvertTo-SecureString $Passphrase -AsPlainText -force)
New-SPConfigurationDatabase -DatabaseServer $DatabaseServer -DatabaseName $ConfigDatabase -AdministrationContentDatabaseName $ContentDatabase -Passphrase $Passphrase -FarmCredentials $FarmAccount

Write-Host "Configuring Farm"
Initialize-SPResourceSecurity
Install-SPService  
Install-SPFeature -AllExistingFeatures

Write-Host "Configuring Central Administration"
New-SPCentralAdministration -Port 8080 -WindowsAuthProvider NTLM
Install-SPHelpCollection -All
Install-SPApplicationContent

Saturday, September 25, 2010

Binding not Created for Host Header Site Collections

I noticed what I think is a bug (or maybe a limitation) in SharePoint 2010. When I use PowerShell to create a Host Header Site Collection, SharePoint does not create a binding in IIS. If I add the binding manually, everything works great, but I would expect SharePoint to do this for. Am I missing something?
The following PowerShell script will create a new web application. Note that I have the option to add a host header.
Add-PSSnapin Microsoft.SharePoint.Powershell -EA 0
Clear-Host

$WebAppURL = "http://intranet.brianbeach.com"
$HostHeader = "intranet.brianbeach.com"
$WebAppName = "Intranet Web Application"
$ContentDatabase = "Content_Intranet_Default"
$AppPoolName = "Intranet Content"
$AppPoolUserName = "DOMAIN\SERVICE_ACCOUNT"
$AppPoolCred = Get-Credential $AppPoolUserName
$AppPoolAccount = New-SPManagedAccount -Credential $AppPoolCred
$AuthProvider = New-SPAuthenticationProvider
$WebApp = New-SPWebApplication -ApplicationPool $AppPoolName -ApplicationPoolAccount $AppPoolAccount -Name $WebAppName -URL $WebAppURL -HostHeader $HostHeader -Port 80 -AuthenticationProvider $AuthProvider -DatabaseName $ContentDatabase
When I run it, a new site is created in IIS and the appropriate binding is created with the host header I supplied.

This next script will add a host header site collection to the web application. According to the documentation for New-SPSite, there is no way to pass the host header.
Add-PSSnapin Microsoft.SharePoint.Powershell -EA 0
Clear-Host

$OwnerEmail = "administrator@brianbeach.com"
$OwnerAlias = "DOMAIN\administrator"
$WebAppURL = "http://intranet.brianbeach.com"
$SiteURL = "http://wiki.brianbeach.com"
$WebApp = Get-SPWebApplication $WebAppURL
New-SPSite -url $SiteURL -HostHeaderWebApplication $WebApp -owneralias $OwnerAlias -ownerEmail $OwnerEmail -Template "WIKI#0"
When I run this script, the site collection is created, but the binding is not created in IIS.
If I create the binding manually everything works great.

NOTE: I was able to script the creation of the binding.
Import-Module WebAdministration
$WebAppName = "Intranet Web Application"
$HostHeader = "wiki.brianbeach.com"
New-WebBinding -Name $WebAppName -Port 80 -Protocol "http" -HostHeader $HostHeader
Am I missing something? Is there another parameter I need to pass?