If you’re trying to configure a site for anonymous access via stsadm you can get most of the way using the out of the box "extendvs" (or my createwebapp) and "authentication" commands. The problem is that this only enables the web application for anonymous access but it doesn’t "turn it on" at the site collection or web level. To complete the process I created a new command: gl-setanonymousaccess. There are three levels that you can set: Entire Web, Lists and Libraries, and Nothing. If you set the access to Entire Web anonymous users will be able to view all pages in your site and view all lists and items which inherit permissions from the site. If you select Lists and Libraries anonymous users will be able to view and change items only for those lists and libraries that have enabled permissions for anonymous users. And of course, if you set the access to Nothing anonymous users will have no access. To make this change programmatically is really simple – it’s just a matter of setting a single property on the web site of interest. I also added some additional code to enable breaking of the permissions inheritance if necessary:
1: public override int Run(string command, StringDictionary keyValues, out string output)
2: {
3: output = string.Empty;
4:
5: InitParameters(keyValues);
6:
7: string url = Params["url"].Value.TrimEnd('/');
8: WebAnonymousState state = (WebAnonymousState)Enum.Parse(typeof (WebAnonymousState), Params["anonstate"].Value, true);
9:
10: using (SPSite site = new SPSite(url))
11: using (SPWeb web = site.OpenWeb(Utilities.GetServerRelUrlFromFullUrl(url)))
12: {
13: if (!web.HasUniqueRoleAssignments && Params["enableuniquepermissions"].UserTypedIn)
14: {
15: web.BreakRoleInheritance(true);
16: web.Update();
17: }
18:
19: if (state == WebAnonymousState.EntireWeb)
20: web.AnonymousState = SPWeb.WebAnonymousState.On;
21: else if (state == WebAnonymousState.ListsAndLibraries)
22: web.AnonymousState = SPWeb.WebAnonymousState.Enabled;
23: else
24: web.AnonymousState = SPWeb.WebAnonymousState.Disabled;
25:
26: web.Update();
27: }
28:
29: return 1;
30: }
The syntax of the command can be seen below:
C:\>stsadm -help gl-setanonymousaccess
stsadm -o gl-setanonymousaccess
Sets the anonymous access settings for a given site collection.
Parameters:
-url <url containing the content types>
-anonstate <entireweb | listsandlibraries | none>
[-enableuniquepermissions (breaks permissions inheritance for the web if not already broken)]
Here’s an example of how to enable anonymous access for the entire web:
9 thoughts on “Set Anonymous Access”
Does this work at the site collection level or just the web application level?
Actually it’s at the web level.
This worked perfectly for me! I needed a way to set anon access on 500 individual sites being deployed with unique permissions via script. Thanks!
Hi Gary,
I deployed the custom WSP solution for MOSS gievn by you.
Lapointe.SharePoint.STSADM.Commands.wsp. it was successful. I created a Survey list under my site collection. but i am not able to respond to my survey anonymously. i gave anonymous access for Survey list also. Can you please assist me regarding this. i found a lot but not able to get the answer.
Thanks and Regards
Amreesh Sharma
India.
Yahoo!!
This command does what I have been looking for. By using the following parameters:
-anonstate none -enableuniquepermissions
I can finally break inheritance from the parent site.
I can add unique group permissions with the stsadm.exe -o creategroup command.
Now all I need to do is remove the group permissions I do not want. Do you have any ideas on how to do this using stsadm commands?
Hi Gary, i deployed the custom WSP solution for MOSS, and excecuted gl-setanonymousaccess for the site http://www.ciat.cgiar.org but the search results won´t show anonymously, might i be missing something? Cheers
Make sure you’ve enabled anonymous access for the web application.
I added the folowing solution to my Sharepoint 2010 farm by using this command:
Add-SPSolution “D:\Temp\Jeff\Lapointe.SharePoint2010.Automation.wsp”
I deployed the solution and can perform stsadm -o gl-copylist with out a problem, but when I try to execute stsadm -o gl-setanonymousaccess using the same command prompt I get Missing operation name or the operation name is invalid.
Is gl-setanonymousaccess not available in Lapointe.SharePoint2010.Automation.wsp for SharePoint 2010? If not, how can I use that command in SharePoint 2010?
Thanks,
Jeff
Yeah, I haven’t migrated that one – you can actually try deploying the 2007 commands – in theory it should work as that code doesn’t really change.