Check SharePoint 2010 anonymous permissions
Great PowerShell for checking the state of SharePoint anonymous permissions from Max Ruswell at Microsoft:
SharePoint PowerShell Script Series Part 6 – Is Anonymous Access Enabled?
Note: This PowerShell script is tested only on SharePoint 2010
Instructions for running the script:
1. Copy the below script and save it in notepad
2. Save it with a anyfilename.ps1 extension
3. To run, copy the file to a SharePoint Server
4. Select StartMicrosoft SharePoint 2010 ProductsSharePoint 2010 Management Shell
5. Browse to directory holding the copied script file
6. Run the script: .anyfilename.ps1 (assuming anyfilename is the name of the file)
<# ============================================================== // // Microsoft provides programming examples for illustration only, // without warranty either expressed or implied, including, but not // limited to, the implied warranties of merchantability and/or // fitness for a particular purpose. // // This sample assumes that you are familiar with the programming // language being demonstrated and the tools used to create and debug // procedures. Microsoft support professionals can help explain the // functionality of a particular procedure, but they will not modify // these examples to provide added functionality or construct // procedures to meet your specific needs. If you have limited // programming experience, you may want to contact a Microsoft // Certified Partner or the Microsoft fee-based consulting line at // (800) 936-5200. // // For more information about Microsoft Certified Partners, please // visit the following Microsoft Web site: // </span><a href="https://partner.microsoft.com/global/30000104"><span style="font-size: x-small;">https://partner.microsoft.com/global/30000104</span></a> <span style="font-size: x-small;">// // Author: Russ Maxwell (russmax@microsoft.com) // // ---------------------------------------------------------- #></span> <h3></h3> <span style="font-size: x-small;">[Void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") </span> <h3></h3> <span style="font-size: x-small;">Start-SPAssignment -Global</span> <h3></h3> <span style="font-size: x-small;">###################################### ##Creating and Returning a DataTable## ###################################### function createDT() { ###Creating a new DataTable### $tempTable = New-Object System.Data.DataTable ##Creating Columns for DataTable## $col1 = New-Object System.Data.DataColumn("Anonymous Access") $col2 = New-Object System.Data.DataColumn("Level") $col3 = New-Object System.Data.DataColumn("URL") $col4 = New-Object System.Data.DataColumn("Configured ListLib") ###Adding Columns for DataTable### $tempTable.columns.Add($col1) $tempTable.columns.Add($col2) $tempTable.columns.Add($col3) $tempTable.columns.Add($col4) return ,$tempTable }</span> <h3></h3> <span style="font-size: x-small;">##################################### ##Check WebApp for Anonymous Access## ##################################### function checkwebappAnon() { $webAnon = $site.IISAllowsAnonymous.tostring() $tempanonCheck = 0; if ($webAnon -eq "true") { #Add a row to DataTable $row = $dTable.NewRow() $row["Anonymous Access"] = "Enabled" $row["Level"] = "WebApplication" $row["URL"] = $site.WebApplication.Name $dTable.rows.Add($row) } }</span> <h3></h3> <span style="font-size: x-small;">###################################### ##Check the Site for Anonymous Access# ###################################### function checksiteAnon() { $tempanonCheck = 0 $checkWeb = $web.AllowAnonymousAccess.tostring() $checkWebState = $web.AnonymousState.tostring() $webMask = $web.AnonymousPermMask64.tostring() Write-Host Write-Host "Checking how Anonymous is set up on site: " $web.Url -ForegroundColor Magenta if(($checkWeb -eq "True") -and ($checkWebState -eq "On")) { #Add a row to DataTable# $row = $dTable.NewRow() $row["Anonymous Access"] = "Enabled" $row["Level"] = "Site Level: Entire WebSite" $row["URL"] = $web.Url.tostring() $dTable.rows.Add($row) $tempResult = 1 } elseif(($checkWeb -eq "False") -and ($checkWebState -eq "Enabled") -and ($webMask -eq "Open")) { #Add a row to DataTable# $row = $dTable.NewRow() $row["Anonymous Access"] = "Enabled" $row["Level"] = "Site Level: Lists and Libraries" $row["URL"] = $web.Url.tostring() $dTable.rows.Add($row) $tempResult = 2 } else { $tempResult = 3 } return $tempResult }</span> <h3></h3> <span style="font-size: x-small;">############################################ ##Check ListLibraries for Anonymous Access# ############################################ function checklistAnon() { ###Checking each list and library for anonymous access### $lists = $web.lists $count1 = $lists.count $hasAnon = 0 Write-Host "Checking " $lists.count " listslibaries for Anonymous Access" -ForegroundColor Magenta ###Setting String Vars### $defMask1 = "OpenWeb" $defMask2 = "EmptyMask" $defTax = "TaxonomyHiddenList" foreach($list in $lists) { $listUrl = $web.url + "/" + $list.Title $listMask = $list.AnonymousPermMask.tostring() $tax = $list.Title.ToString() ##Checking List eventhough Anonymous Access was disabled at SPWeb Level## if(($webResult -eq '3') -and ($defTax.CompareTo($tax) -ne '0')) { if($listMask.CompareTo($defMask2) -ne '0') { if($listMask.CompareTo($defMask1) -eq '0') { #Anonymous Access is Enabled but not Configured on listlibrary# $row = $dTable.NewRow() $row["Anonymous Access"] = "Enabled" $row["Level"] = "ListLibrary" $row["URL"] = $listUrl $row["Configured ListLib"] = "No" $dTable.rows.Add($row) $hasAnon++ } else { #Anonymous Access Enabled and Configured on listlibrary# $row = $dTable.NewRow() $row["Anonymous Access"] = "Enabled" $row["Level"] = "ListLibrary" $row["URL"] = $listUrl $row["Configured ListLib"] = "Yes" $dTable.rows.Add($row) $hasAnon++ } } } elseif(($webResult -eq '2') -and ($defTax.CompareTo($tax) -ne '0')) { if(($listMask.CompareTo($defMask2) -ne '0') -and ($listMask.CompareTo($defMask1) -ne '0')) { #Anonymous Access Enabled and Configured on listlibrary# $row = $dTable.NewRow() $row["Anonymous Access"] = "Enabled" $row["Level"] = "ListLibrary" $row["URL"] = $listURL $row["Configured ListLib"] = "Yes" $dTable.rows.Add($row) $hasAnon++ } } $count1-- if($count1 % '10' -eq '0') { Write-Host "Total # of listslibraries left to check: " $count1 -ForegroundColor DarkYellow } } Write-Host Write-Host "Total # of listslibraries with Anonymous Access Enabled: " $hasAnon -ForegroundColor Cyan } </span> <h3></h3> <span style="font-size: x-small;">######################## ###Script Starts Here### ######################## $output = Read-Host "Enter a location for the output file (For Example: c:logs)" $filename = Read-Host "Enter a filename" $url = Read-Host "Please enter the URL of desired site collection and press enter"</span> <h3></h3> <span style="font-size: x-small;">###Getting a new DataTable### [System.Data.DataTable]$dTable = createDT</span> <h3></h3> <span style="font-size: x-small;">###Getting Site Collection### $site = Get-SPSite $url</span> <h3></h3> <span style="font-size: x-small;">###Checking if WebApp has Anonymous set### checkwebappAnon</span> <h3></h3> <span style="font-size: x-small;">###Gathering web collection### $webs = $site.Allwebs $count = $webs.Count Write-Host "Checking for Anonymous Access on " $count " Sites" -ForegroundColor Magenta</span> <h3></h3> <span style="font-size: x-small;">foreach($web in $webs) { $webResult = 0 ###calling function to check anonymons on spweb### $webResult = checksiteAnon if(($webResult -eq '2') -or ($webResult -eq '3')) { Write-Host "Checking for Anonymous Access on List and Libraries" -ForegroundColor Magenta ###calling function to check anonymons on lists and libs### checklistAnon } $count-- if($count -ne '0') { Write-Host Write-Host "Total # of sites left to check: " $count -ForegroundColor DarkYellow } else{Write-Host "Operation Completed" -ForegroundColor DarkYellow} }</span> <h3></h3> <span style="font-size: x-small;">if($dTable -ne $null) { $name = $output + "" + $filename + ".csv" $dTable | Export-Csv $name -NoTypeInformation Write-Host "Anonymous Access was detected" -ForegroundColor Green Write-Host "Log File Created: " $name } else { Write-Host "Anonymous Access is Disabled for the entire Site Collection" -ForegroundColor Green Write-Host "No Log File Created" -ForegroundColor Green } Stop-SPAssignment -Global