Post
Ask Question

Get WebApplication policies using PowerShell Script

WebApplication policy

A web application is composed of an Internet Information Services (IIS) web site that acts as a logical container for the site collections that you create. Before you can create a site collection, you must create a web application.

A web application can contain multiple site collections. Managing permissions for multiple collections can be difficult, especially if some users or groups need permissions other than those that apply for the whole web application.

Permission policies provide a centralized way to configure and manage a set of permissions that applies to only a subset of users or groups in a web application.

Below piece of code gets the webapplication user policy details for all the webapplications in SharePoint farm.

  1. Function GetAllWebAppPolicy()   
  2. {  
  3.     $Output = $scriptBase + "\" + "FarmWebAppPolicyDetails.csv";  
  4.     "WebAppURL" + "," + "UserName" + "," + "Permissions" | Out-File -Encoding Default -FilePath $Output;  
  5.     $empty = ""  
  6.     $webapplications = get-spwebapplication  
  7.     foreach($webapplication in $webapplications)  
  8.     {  
  9.         $webapplication.url + "," + $empty + "," + $empty | Out-File -Encoding Default -Append -FilePath $Output;  
  10.         write-host "Generating web policy report for the web aplication" $webapplication.url -fore magenta  
  11.     foreach($policy in $webapplication.policies)  
  12.     {  
  13.         write-host $policy.username -fore cyan  
  14.         $empty + "," + $policy.username + "," + $empty | Out-File -Encoding Default -Append -FilePath $Output;  
  15.     foreach($role in $policy.PolicyRoleBindings)  
  16.     {  
  17.         write-host $role.name -fore yellow  
  18.         $empty + "," + $empty + "," + $role.name | Out-File -Encoding Default -Append -FilePath $Output;  
  19.     }  
  20.     }  
  21.     }  
  22.     write-host "Web policy report generated" -fore green  
  23. }
Complete Code
  1. $LogTime = Get-Date -Format yyyy-MM-dd_hh-mm  
  2. $LogFile = ".\GetAddRemoveUsersToSPFarmAdminGroupPatch-$LogTime.rtf"  
  3. # Add SharePoint PowerShell Snapin  
  4. if ( (Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null ) {  
  5.   Add-PSSnapin Microsoft.SharePoint.Powershell;  
  6. }  
  7. import-module WebAdministration  
  8. $scriptBase = split-path $SCRIPT:MyInvocation.MyCommand.Path -parent  
  9. Set-Location $scriptBase  
  10. write-host "TESTING FOR LOG FOLDER EXISTENCE" -fore yellow  
  11. $TestLogFolder = test-path -path $scriptbase\Logs  
  12. if($TestLogFolder)   
  13. {  
  14. write-host "The log folder already exist in the script location" -fore yellow  
  15. $clearlogfolder = read-host "Do you want to clear the log folder (y/n)"  
  16. if($clearlogfolder -eq 'y')  
  17. {  
  18. write-host "The user choosen to clear the log folder" -fore yellow  
  19. write-host "Clearing the log folder" -fore yellow  
  20. remove-item $scriptbase\Logs\* -recurse -confirm: $false  
  21. write-host "Log folder cleared" -fore yellow;  
  22. }  
  23. else {  
  24.   write-host "The user choosen not to clear the log files" -fore yellow;  
  25. }  
  26. }  
  27. else {  
  28.   write-host "Log folder does not exist" -fore yellow  
  29. write-host "Creating a log folder" -fore yellow  
  30. New-Item $Scriptbase\Logs -type directory  
  31. write-host "Log folder created" -fore yellow;  
  32. }  
  33. #moving any .rtf files in the scriptbase location  
  34. $FindRTFFile = Get-ChildItem $scriptBase\*.* -include *.rtf  
  35. if($FindRTFFile) {  
  36.   write-host "Some old log files are found in the script location" -fore yellow  
  37. write-host "Moving old log files into the Logs folder" -fore yellow  
  38. foreach($file in $FindRTFFile)  
  39. {  
  40. move-item -path $file -destination $scriptbase\logs;  
  41. }  
  42. write-host "Old log files moved successfully" -fore yellow;  
  43. }  
  44. $TestPath = test-path -path $scriptbase\SitesinFarm.txt  
  45. if($TestPath) {  
  46. remove-item $scriptbase\SitesinFarm.txt;  
  47. }  
  48. start-transcript $logfile  
  49. Function GetAllWebAppPolicy() {  
  50. $Output = $scriptBase + "\" + "FarmWebAppPolicyDetails.csv";  
  51. "WebAppURL" + "," + "UserName" + "," + "Permissions" | Out-File -Encoding Default -FilePath $Output;  
  52. $empty = ""  
  53. $webapplications = get-spwebapplication  
  54. foreach($webapplication in $webapplications)  
  55. {  
  56. $webapplication.url + "," + $empty + "," + $empty | Out-File -Encoding Default -Append -FilePath $Output;  
  57. write-host "Generating web policy report for the web aplication" $webapplication.url -fore magenta  
  58. foreach($policy in $webapplication.policies)  
  59. {  
  60. write-host $policy.username -fore cyan  
  61. $empty + "," + $policy.username + "," + $empty | Out-File -Encoding Default -Append -FilePath $Output;  
  62. foreach($role in $policy.PolicyRoleBindings)  
  63. {  
  64. write-host $role.name -fore yellow  
  65. $empty + "," + $empty + "," + $role.name | Out-File -Encoding Default -Append -FilePath $Output;  
  66. }  
  67. }  
  68. }  
  69. write-host "Web policy report generated" -fore green  
  70. }  
  71. write-host ""  
  72. GetAllWebAppPolicy  
  73. write-host "SCRIPT COMPLETED" -fore green  
  74. stop-transcript  
Conclusion

Thus this article outlines on how to get webapplication user policy details using powershell script.
Next Recommended Reading Get all Sites and Subsites of a webapplication using powershell