Creating Folders/Users/Permissions Programtically

Set of code to do some cool things programatically…

 

SPSite site = new SPSite("http://sharepoint2007:100");
            site.AllowUnsafeUpdates = true;
            SPWeb web = site.RootWeb;
            web.AllowUnsafeUpdates = true;

            SPListTemplateCollection coll = web.ListTemplates;
            SPList newList = null;

            //create a list
            try
            {
                newList = web.Lists[web.Lists.Add("Assignments", "Student Assignments", coll[1])];
            }
            catch (Exception ex)
            {
                newList = web.Lists["Assignments"];
            }

            string[] users = {"training\administrator","training\student"};

            //iterate all the users (from database?)
            foreach (string s_user in users)
            {
                //add to site
                SPUser user = web.EnsureUser(s_user);                                                              
                string name = s_user;

                if ( user.LoginName.Contains("\"))
                    name = user.LoginName.Substring(user.LoginName.IndexOf("\") + 1);

                //create a folder for each user
                SPListItem folder = newList.Items.Add("", SPFileSystemObjectType.Folder,name);
                try
                {
                    folder.Update();
                    newList.Update();
                }
                catch (Exception ex)
                {                    
                }

                //set permissions            
                SPRoleDefinition RoleDefinitionRdr = web.RoleDefinitions.GetByType(SPRoleType.Administrator);
                SPRoleAssignment roleAssignment = new SPRoleAssignment((SPPrincipal)user);
                roleAssignment.RoleDefinitionBindings.Add(RoleDefinitionRdr);

                //adds permissions to site
                web.RoleAssignments.Add(roleAssignment);

                if (!folder.HasUniqueRoleAssignments)
                {
                    folder.BreakRoleInheritance(false);
                }

                while (folder.RoleAssignments.Count > 0)
                    folder.RoleAssignments.Remove(0);

                folder.RoleAssignments.Add(roleAssignment);
                folder.Update();
            }

Powershell script to create Active Directory user Profiles and MySites

This is awesome…check it out!  A powershell script that will create a profile for every AD user, then creates there My Site!

 [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server")
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Portal")

$dom = "LDAP://CN=Users;DC=training;DC=corp"
$root = new-object DirectoryServices.DirectoryEntry $dom

$selector = new-object DirectoryServices.DirectorySearcher
$selector.SearchRoot = $root

$adobj = $selector.findall() | where {$_.properties.objectcategory -match "CN=Person"}
$spsite = new-object Microsoft.SharePoint.SPSite("http://sharepoint2007:100")
$context = [Microsoft.Office.Server.ServerContext]::GetContext($spsite)
$pmanager = new-object Microsoft.Office.Server.UserProfiles.UserProfileManager($context)

ForEach ($person in $adobj)
{
$prop = $person.properties
$prop.cn

$exists = $pmanager.UserExists($prop.cn)

if ($exists -eq $false)
{
$pmanager.CreateUserProfile($prop.cn)
}

$up = $pmanager.GetUserProfile($prop.cn)
$up.CreatePersonalSite()

}

 

Powershell script to backup My Sites!

This one rocks too!

 $ssppath = "http://sharepoint2007:100/personals"

$out = stsadm -o enumsites -url $ssppath
$out = [xml] $out

ForEach ($web in $out.Sites.Site )
{
$url = $web.url

$name = "c:" + $url.SubString($url.LastIndexOf("/")+1).replace(":","") + ".bak"

write-host "stsadm -o backup -url $url -filename $name -overwrite"
stsadm -o backup -url $url -filename $name -overwrite

}

Most Commonly Missed Best Practice with Internet Sites

Wanna know what it is?  It is a disaster waiting to happen!  

Some day an IIS 6.0 vulnerability will come out that allows you to get administrator access to the _vti_bin directory of your SharePoint site.  You will then be able to execute a call to the Lists web service and delete the "Pages" document library!  

To prove it, do a search on Pages/default.aspx in google.  You will get a listing on all the sites on the internet that are running sharepoint as their internet site.  Check their _vti_bin directory access by appending /_vti_bin/lists.asmx

 If you get the web service page for the list service, that company has setup there site WRONG!

The correct way of doing things is to create an extended web application that HAS the _vti_bin and the original with the _vti_bin DELETED!  The original is the internet accessable one and the extended one is accessible only by internal staff (so you can use SharePoint Designer and such).

Anyone feel like writing a vulnerability and the code to delete all the pages  document libraries on the internet to prove my point???  Couldn't be too hard 🙂

CJG

Windows Workflow Foundation Course

Oh yeah, I'm writing it.  And I'll tell you…it's going to be awesome!  I'll post the outline later, but so far, it's looking really good! 

I'll also be posting a Powershell script to backup "My Sites" in the next couple of days!  I would have done it today, but I have had the flu!  Yuk!  Just now getting over it!

Hope everyone is doing great!
Chris