SharePoint Gen

The official blog of Chandrasekar, Microsoft SharePoint PFE

Managing User Profile Service Application permissions using PowerShell

Managing User Profile Service Application permissions using PowerShell

Rate This
  • Comments 2

 

When User Profile Service application is configured in SP 2010, by default NT Authority\Authenticated Users and all authenticated users are granted permissions to create My Sites and use other features (personal and social) provided by user profile service.  To disable users to create mysite and use other features, use Revoke-SPObjectSecurity and Set-SPProfileServiceApplicationSecurity powershell cmdlets.

image 

$upaproxyname= "User Profile Service Application"
$upaproxy = Get-SPServiceApplicationProxy | Where-Object {$_.DisplayName -eq $upaproxyname} 
$upasecurity = Get-SPProfileServiceApplicationSecurity -ProfileServiceApplicationProxy $upaproxy

#All Authenticated Users
$allauthusers = New-SPClaimsPrincipal -Identity 'c:0(.s|true' -IdentityType EncodedClaim
#To revoke Use Personal Features permission
Revoke-SPObjectSecurity -Identity $upasecurity -Principal $allauthusers -Rights "Use Personal Features"
# To revoke Create Personal Site permission
Revoke-SPObjectSecurity -Identity $upasecurity -Principal $allauthusers -Rights "Create Personal Site"
#To revoke Use Social Features permission
Revoke-SPObjectSecurity -Identity $upasecurity -Principal $allauthusers -Rights "Use Social Features"
Set-SPProfileServiceApplicationSecurity -Identity $allauthusers -ProfileServiceApplicationProxy $upaproxy

#NT AUTHORITY\authenticated users
$ntauthusers = New-SPClaimsPrincipal -Identity 'c:0!.s|windows' -IdentityType EncodedClaim
#To revoke Use Personal Features permission
Revoke-SPObjectSecurity -Identity $upasecurity -Principal $ntauthusers -Rights "Use Personal Features"
# To revoke Create Personal Site permission
Revoke-SPObjectSecurity -Identity $upasecurity -Principal $ntauthusers -Rights "Create Personal Site"
#To revoke Use Social Features permission
Revoke-SPObjectSecurity -Identity $upasecurity -Principal $ntauthusers -Rights "Use Social Features"
Set-SPProfileServiceApplicationSecurity -Identity $ntauthusers -ProfileServiceApplicationProxy $upaproxy
 
Leave a Comment
  • Please add 5 and 6 and type the answer here:
  • Post
  • Thanks for the very straightforward application of the Set-ProfileServiceApplicationSecurity cmdlet.  The help files are of no use in this situation.  Your explanation is perfect!

  • Thanks for the script saved my life.

    However, just a small typo, the parameter "Identity" on the last lines should be "$upasecurity" and not the principals.

Page 1 of 1 (2 items)