Set Anonymous Access

Posted on Posted in SharePoint 2007, STSADM Commands

If you’re trying to configure a site for anonymous access via stsadm you can get most of the way using the out of the box "extendvs" (or my createwebapp) and "authentication" commands. The problem is that this only enables the web application for anonymous access but it doesn’t "turn it on" at the site collection or web level. To complete the process I created a new command: gl-setanonymousaccess. There are three levels that you can set: Entire Web, Lists and Libraries, and Nothing. If you set the access to Entire Web anonymous users will be able to view all pages in your site and view all lists and items which inherit permissions from the site. If you select Lists and Libraries anonymous users will be able to view and change items only for those lists and libraries that have enabled permissions for anonymous users. And of course, if you set the access to Nothing anonymous users will have no access. To make this change programmatically is really simple – it’s just a matter of setting a single property on the web site of interest. I also added some additional code to enable breaking of the permissions inheritance if necessary:

   1:  public override int Run(string command, StringDictionary keyValues, out string output)
   2:  {
   3:      output = string.Empty;
   5:      InitParameters(keyValues);
   7:      string url = Params["url"].Value.TrimEnd('/');
   8:      WebAnonymousState state = (WebAnonymousState)Enum.Parse(typeof (WebAnonymousState), Params["anonstate"].Value, true);
  10:      using (SPSite site = new SPSite(url))
  11:      using (SPWeb web = site.OpenWeb(Utilities.GetServerRelUrlFromFullUrl(url)))
  12:      {
  13:          if (!web.HasUniqueRoleAssignments && Params["enableuniquepermissions"].UserTypedIn)
  14:          {
  15:              web.BreakRoleInheritance(true);
  16:              web.Update();
  17:          }
  19:          if (state == WebAnonymousState.EntireWeb)
  20:              web.AnonymousState = SPWeb.WebAnonymousState.On;
  21:          else if (state == WebAnonymousState.ListsAndLibraries)
  22:              web.AnonymousState = SPWeb.WebAnonymousState.Enabled;
  23:          else
  24:              web.AnonymousState = SPWeb.WebAnonymousState.Disabled;
  26:          web.Update();
  27:      }
  29:      return 1;
  30:  }

The syntax of the command can be seen below:

C:\>stsadm -help gl-setanonymousaccess

stsadm -o gl-setanonymousaccess

Sets the anonymous access settings for a given site collection.

        -url <url containing the content types>
        -anonstate <entireweb | listsandlibraries | none>
        [-enableuniquepermissions (breaks permissions inheritance for the web if not already broken)]

Here’s an example of how to enable anonymous access for the entire web:

stsadm -o gl-setanonymousaccess -url "http://intranet" -anonstate entireweb

9 thoughts on “Set Anonymous Access

  1. This worked perfectly for me! I needed a way to set anon access on 500 individual sites being deployed with unique permissions via script. Thanks!

  2. Hi Gary,
    I deployed the custom WSP solution for MOSS gievn by you.
    Lapointe.SharePoint.STSADM.Commands.wsp. it was successful. I created a Survey list under my site collection. but i am not able to respond to my survey anonymously. i gave anonymous access for Survey list also. Can you please assist me regarding this. i found a lot but not able to get the answer.
    Thanks and Regards
    Amreesh Sharma

  3. Yahoo!!
    This command does what I have been looking for. By using the following parameters:
    -anonstate none -enableuniquepermissions
    I can finally break inheritance from the parent site.

    I can add unique group permissions with the stsadm.exe -o creategroup command.

    Now all I need to do is remove the group permissions I do not want. Do you have any ideas on how to do this using stsadm commands?

  4. I added the folowing solution to my Sharepoint 2010 farm by using this command:
    Add-SPSolution “D:\Temp\Jeff\Lapointe.SharePoint2010.Automation.wsp”

    I deployed the solution and can perform stsadm -o gl-copylist with out a problem, but when I try to execute stsadm -o gl-setanonymousaccess using the same command prompt I get Missing operation name or the operation name is invalid.

    Is gl-setanonymousaccess not available in Lapointe.SharePoint2010.Automation.wsp for SharePoint 2010? If not, how can I use that command in SharePoint 2010?



    1. Yeah, I haven’t migrated that one – you can actually try deploying the 2007 commands – in theory it should work as that code doesn’t really change.

Comments are closed.