Set Anonymous Access – SharePoint Automation

If you’re trying to configure a site for anonymous access via stsadm you can get most of the way using the out of the box "extendvs" (or my createwebapp) and "authentication" commands. The problem is that this only enables the web application for anonymous access but it doesn’t "turn it on" at the site collection or web level. To complete the process I created a new command: gl-setanonymousaccess. There are three levels that you can set: Entire Web, Lists and Libraries, and Nothing. If you set the access to Entire Web anonymous users will be able to view all pages in your site and view all lists and items which inherit permissions from the site. If you select Lists and Libraries anonymous users will be able to view and change items only for those lists and libraries that have enabled permissions for anonymous users. And of course, if you set the access to Nothing anonymous users will have no access. To make this change programmatically is really simple – it’s just a matter of setting a single property on the web site of interest. I also added some additional code to enable breaking of the permissions inheritance if necessary:

   1:  public override int Run(string command, StringDictionary keyValues, out string output)

   2:  {

   3:      output = string.Empty;

4:

   5:      InitParameters(keyValues);

6:

   7:      string url = Params["url"].Value.TrimEnd('/');

   8:      WebAnonymousState state = (WebAnonymousState)Enum.Parse(typeof (WebAnonymousState), Params["anonstate"].Value, true);

9:

  10:      using (SPSite site = new SPSite(url))

  11:      using (SPWeb web = site.OpenWeb(Utilities.GetServerRelUrlFromFullUrl(url)))

  12:      {

  13:          if (!web.HasUniqueRoleAssignments && Params["enableuniquepermissions"].UserTypedIn)

  14:          {

  15:              web.BreakRoleInheritance(true);

  16:              web.Update();

  17:          }

18:

  19:          if (state == WebAnonymousState.EntireWeb)

  20:              web.AnonymousState = SPWeb.WebAnonymousState.On;

  21:          else if (state == WebAnonymousState.ListsAndLibraries)

  22:              web.AnonymousState = SPWeb.WebAnonymousState.Enabled;

  23:          else

  24:              web.AnonymousState = SPWeb.WebAnonymousState.Disabled;

25:

  26:          web.Update();

  27:      }

28:

  29:      return 1;

  30:  }

The syntax of the command can be seen below:

C:\>stsadm -help gl-setanonymousaccess

stsadm -o gl-setanonymousaccess

Sets the anonymous access settings for a given site collection.

Parameters:
        -url <url containing the content types>
        -anonstate <entireweb | listsandlibraries | none>
        [-enableuniquepermissions (breaks permissions inheritance for the web if not already broken)]

Here’s an example of how to enable anonymous access for the entire web:

stsadm -o gl-setanonymousaccess -url "http://intranet" -anonstate entireweb

9 thoughts on “Set Anonymous Access”

Jerry Rasmussen says:

July 21, 2008 at 1:02 pm

Does this work at the site collection level or just the web application level?
Gary Lapointe says:

July 21, 2008 at 6:36 pm

Actually it’s at the web level.
Anonymous says:

December 3, 2008 at 12:11 pm

This worked perfectly for me! I needed a way to set anon access on 500 individual sites being deployed with unique permissions via script. Thanks!
Amreesh Sharma says:

February 23, 2009 at 4:14 am

Hi Gary,
I deployed the custom WSP solution for MOSS gievn by you.
Lapointe.SharePoint.STSADM.Commands.wsp. it was successful. I created a Survey list under my site collection. but i am not able to respond to my survey anonymously. i gave anonymous access for Survey list also. Can you please assist me regarding this. i found a lot but not able to get the answer.
Thanks and Regards
Amreesh Sharma
India.
Anonymous says:

July 22, 2009 at 11:43 am

Yahoo!!
This command does what I have been looking for. By using the following parameters:
-anonstate none -enableuniquepermissions
I can finally break inheritance from the parent site.

I can add unique group permissions with the stsadm.exe -o creategroup command.

Now all I need to do is remove the group permissions I do not want. Do you have any ideas on how to do this using stsadm commands?
lobchis says:

January 27, 2010 at 12:06 pm

Hi Gary, i deployed the custom WSP solution for MOSS, and excecuted gl-setanonymousaccess for the site http://www.ciat.cgiar.org but the search results won´t show anonymously, might i be missing something? Cheers
Gary Lapointe says:

February 25, 2010 at 9:18 am

Make sure you’ve enabled anonymous access for the web application.
Jeff Martin says:

February 28, 2012 at 8:37 am

I added the folowing solution to my Sharepoint 2010 farm by using this command:
Add-SPSolution “D:\Temp\Jeff\Lapointe.SharePoint2010.Automation.wsp”

I deployed the solution and can perform stsadm -o gl-copylist with out a problem, but when I try to execute stsadm -o gl-setanonymousaccess using the same command prompt I get Missing operation name or the operation name is invalid.

Is gl-setanonymousaccess not available in Lapointe.SharePoint2010.Automation.wsp for SharePoint 2010? If not, how can I use that command in SharePoint 2010?

Thanks,

Jeff
1. Gary Lapointe says:
  
  March 9, 2012 at 7:55 am
  
  Yeah, I haven’t migrated that one – you can actually try deploying the 2007 commands – in theory it should work as that code doesn’t really change.

Comments are closed.