Posted on

Change the email address used for Access Requests on all SharePoint sites and subsites in a web app using PowerShell

Photo by Karolina Grabowska from Pexels

Perhaps you’ve changed SharePoint administrators or a site owner or two recently. Where are the SharePoint site Access Requests they were receiving now going?

This post covers two PowerShell methods of updating the email address used across all sites in bulk:

  • Replace the email address used on ALL sites, no exceptions (reset all requests throughout the web app to be sent to one address)
  • Change all instances of a specific address to a replacement across ALL sites (i.e. replace the former site owner’s address used in 12 sites’ Access Request Settings with the new site owner’s address)

The second method is particularly nice because it eliminates any guesswork involved in wondering where the former admin/owner may have been listed as the recipient.

Replace the email address used on ALL sites

To modify the email address used for all SharePoint sites and subsites in a web app, run the PowerShell script below from a SharePoint server. You’ll need to replace the $webapp and $requestemail values at the top.

Caution: This action cannot be undone. It replaces the Access Request email on all sites and subsites.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue 
  
$webapp = Get-SPWebApplication https://sharepoint.contoso.com  
$requestemail = "new-request-recipient@demo.com"   
  
foreach($site in $webapp.Sites)  
{  
   foreach($web in $site.AllWebs)  
   {  
     $url = $web.url  
     Write-host "Checking "$url  
     if (!$web.HasUniquePerm)  
     {  
            Write-Host "Site inherits Access Request settings from parent." -ForegroundColor Yellow  
     }  
     else  
     {  
       if($web.RequestAccessEnabled)  
       {  
            Write-Host "Site utilizes Access Requests."   
            $web.RequestAccessEmail = $requestemail  
            $web.Update()  
            Write-Host "Email changed to " $requestemail -ForegroundColor Green
        }  
            else  
      {  
            Write-Host "Site is not utilizing Access Requests." -ForegroundColor Yellow  
      }  
   }  }
}

Replace all instances of a specific user across all sites in the web app

Perhaps a particular individual left their site owner/admin role and you just want to replace any instance of THAT user in Access Request settings throughout the web app. In that case use the following script instead (updating the three parameters at the top, $webapp, $oldrequestemail, and $newrequestemail):

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue 

$webapp = Get-SPWebApplication https://sharepoint.contoso.com
$oldrequestemail = "old-request-email@contoso.com"  
$newrequestemail = "new-request-email@contoso.com"   

foreach($site in $webapp.Sites)  
{  
   foreach($web in $site.AllWebs)  
   {  
        $url = $web.url  
          Write-host "Checking "$url  
          if (!$web.HasUniquePerm)  
          {  
                 Write-Host "Site inherits Access Request settings from parent." -ForegroundColor Yellow  
     }  
          else  
     {  
            if($web.RequestAccessEnabled)  
                   {  
                   if($web.RequestAccessEmail -eq $oldrequestemail)
            {
            Write-Host "Site utilizes Access Requests sent to old email ("$web.RequestAccessEmail")." -ForegroundColor Red
            $web.RequestAccessEmail = $newrequestemail  
            $web.Update()  
            Write-Host "Email changed to" $newrequestemail -ForegroundColor Green
        }  
                    else 
               {            
                    Write-Host "Email ("$web.RequestAccessEmail") does not match old email address. No change made." -ForegroundColor Yellow
               }}
            else  
      {  
            Write-Host "Site is not utilizing Access Requests." -ForegroundColor Yellow  
      }  

   }  
   }  
   }

Note: If you’ve changed the Access Request recipient and the new person is receiving a “Sorry, this site hasn’t been shared with you” error when attempting to approve requests, check out this post for help.

Credit and gratitude to Ketak Bhalsing and his post on bulk-updating for pointing me in the right direction on this one.

Posted on

Solution: SharePoint site owner with full control unable to approve access requests; site is missing a default members group

In this post I’ll cover two symptoms commonly seen when subsites evolve from inheriting permissions (using existing groups) to being given unique permissions (having their own groups at the site’s level).

Symptoms

  • A site owner with full control gets “Sorry, this site hasn’t been shared with you” when trying to approve access requests.
  • When reviewing Access Request Settings, a user or owner sees the message “Members cannot share this site because this site is missing a default members group.”

Cause

Chances are the site was never set up with default, unique permissions groups. Perhaps the creator of the site chose to inherit permissions from the parent (using existing groups from a hierarchical level higher than the new site), then later decided to manually build out groups that resemble the traditional visitors, members, and owners groups at the new site’s level. Or perhaps the default groups were deleted. Either way, the following solution should set it straight:

Solution

We need to either officially designate or build new default groups for the site, using the same dialog you see when creating a new site. Since we can’t “reconfigure” the site with a wizard, we need to manipulate the site’s URL a bit to get to the configuration screen we’re looking for.

Add “_layouts/15/permsetup.aspx” to the end of the site URL. For example, it may resemble sharepoint.contoso.com/sites/ABC/EA/_layouts/15/permsetup.aspx. This takes you to the permissions setup page.

IF YOU HAVE GROUPS YOU WANT TO SET AS THE DEFAULTS

Perhaps after site creation, you created groups intended to be used like the visitors, members, and owners groups. Go to your site’s _layouts/15/permsetup.aspx page and simply:

Leave “Use an existing group” selected, and change the dropdown for each to the groups that were created and intended to be the new defaults. Click OK when finished. This will make them “official.”

IF YOU DON’T HAVE GROUPS YOU WANT TO SET AS DEFAULT

Change “Use an existing group” to “Create a new group” for at least the Members and Owners options. Here you can add the appropriate persons to each group, or add them at a later time via Site Settings > Site Permissions. Be sure to add your owners (approvers/permissions managers) to the new owner group.

Posted on

Disable modern page comments globally for all sites in SharePoint 2019 and SharePoint Online

Photo by Lukas from Pexels

Those of you with Office 365/SharePoint Online have a simple path to disabling modern page commenting via the admin center. But for those of you, like myself, who also work in SharePoint 2019, your method involves PowerShell and is a bit more laborious. In this post, I’ll cover both methods: Disabling comments via PowerShell for SharePoint 2019 (server) and then via the admin center for SharePoint Online (O365).

Firstly, why disallow commenting altogether instead of giving site owners and page editors the choice? Some organizations have compliance regulations that require any sort of conversational transaction to meet certain criteria. Perhaps you only need to disable commenting temporarily while you build a case to prove compliance. Or perhaps you’ve determined it’s not compliant or have some other reason for wishing to globally disable page comments.

No matter your reasoning, here’s the how:

Disable modern page/news comments globally in SharePoint 2019 via PowerShell

The script below will iterate through all site collections in a web application, and all of the subsites within each site collection, and turn off page comments for sites that haven’t already had them disabled. This does not delete page comments. If you re-enable the feature later, the comments that were there previously will be restored.

Log onto a SharePoint server and run the following PowerShell script, replacing the site URL with your own web app’s URL:

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
Get-SPWebApplication "https://sharepoint.contoso.com" | Get-SPSite –Limit All | Get-SPWeb -Limit All | ForEach-Object {
    if($_.CommentsOnSitePagesDisabled = "False")
    {
        $_.CommentsOnSitePagesDisabled = $True
        $_.Update()
        Write-Host "Disabled page comments on " $_.URL -ForegroundColor Green
    }
    else
    {
        Write-Host "Page comments already disabled on " $_.URL -ForegroundColor Yellow
    }
}

If you want a read-out to validate current status (False = not disabled, True = disabled), you can run the following script (again, replacing the URL with the web app of your own):

Get-SPWebApplication "https://sharepoint.contoso.com" | Get-SPSite –Limit All | Get-SPWeb -Limit All | ForEach-Object {
Write-Host $_.CommentsOnSitePagesDisabled $_.URL
}

Disable modern page/news comments globally in SharePoint Online/O365

1. Go to the SharePoint admin center at yourdomain-admin.sharepoint.com and select Settings from the left navigation menu.

2. Select Pages.

3. Uncheck Allow commenting on modern pages and click Save.

Posted on

How to save a SharePoint site as a template

Photo by Andre Mouton from Pexels

What does a site template do?

Saving a SharePoint site as a template saves you a time by making it so you don’t have to recreate similar apps (lists and libraries) and views for multiple sites that are mostly the same in structure and function. You can even save a site as template including its content (documents/items) so that you don’t need to re-upload the same content to each (such as blank worksheets, forms, guides, etc. you’ll complete/utilize on each site).

Examples of what to use site templates for

Frequently people might use site templates for project sites, where each project is going to have the same needs for communication and collaboration, and sometimes the same content such as project and budget worksheets or documents. You may also wish to use site templates for regular committee or group work such as annual event or semi-annual review processes and projects where you want a separate site to archive for each regular iteration of the group’s function.

How to create site templates

There are two methods I use to create templates of SharePoint sites. Either via Site Settings, or by simply modifying the URL of the site. Once created using one of the these methods, the template is saved to your site’s solution gallery and available to users creating new sites on the “Custom” tab of site template selection:

Save SharePoint site as template URL modification

To save a site as template, add _layouts/15/savetmpl.aspx to the end of the specific site or subsite’s URL. For example if you wanted Subsite C to be a reusable site template, you’d modify:

WebApp/sites/SiteCollection/SubsiteA/SubsiteB/SubsiteC

to this:

WebApp/sites/SiteCollection/SubsiteA/SubsiteB/SubsiteC/_layouts/15/savetmpl.aspx

Then complete the fields (file name, template name, description, etc.) and choose whether or not the template should include the site’s existing content (documents and items) or if the lists/libraries should be empty on sites created using the template.

If you get the error The “Save site as template” action is not supported on this site, follow these steps then try again.

Save SharePoint site as template via settings

This requires the site to have never had SharePoint Server Publishing (site feature) activated on the site. See next section if it already has.

To save a site as a template via site settings:

1. Click on the settings wheel (upper right corner)

2. Click site settings (if classic) or site information > view all site settings (if modern).

3. Choose Save site as template from under Site Actions

Save site as template option missing from Site settings?

The option is removed when users activate SharePoint Server Publishing Infrastructure (site collection feature) or SharePoint Server Publishing (site feature). You can still activate the “save site as template” ability separately via PowerShell for the site then follow the steps for URL modification above to get to the “Save as template” form.

Posted on

Where to find a SharePoint site’s solution gallery

A SharePoint site’s solution gallery is where you’ll find custom apps or lists and sites saved as templates to be used throughout the site collection by those with appropriate permissions. The SharePoint solution gallery exists at site collection root/top levels only (so you won’t find a separate solution gallery for subsites, just their shared top-level parent site).

There are three common ways you might get to the SharePoint solution gallery for a particular site collection. In this post, I’ll cover these three methods:

  • via URL modification
  • via modern experience settings wheel
  • via classic experience settings wheel

Navigate to SharePoint solution gallery via URL modification

I prefer this method as it remains the same regardless of whether you’re currently on a modern or classic experience page. To get to the solution gallery for a site collection, simply modify the URL of the site you’re on to replace everything after the site collection’s URL with the following:

/_catalogs/solutions

Append this to your site’s URL to access its solution gallery.

For example, to get to the solution gallery associated with Subsite C, we’d modify this URL:

WebApp/sites/SiteCollection/SubsiteA/SubsiteB/SubsiteC

to this:

WebApp/sites/SiteCollection/_catalogs/solutions

When not working with a site collection (or its subsites), you might be working with your root/home site (http://WebApp/). Just add the same suffix to the URL like http://WebApp/_catalogs/solutions.

You can also find a link to your site collection’s solutions in your site collection settings. In the following two sections, we’ll cover where to find that from a modern or classic experience suite bar.

Navigate to SharePoint solution gallery via modern experience (O365/2019) settings wheel

You’re likely using this modern experience if you’re in SharePoint Online (O365) or SharePoint 2019 which gained the modern experience. Even in O365 or 2019, though, you may find yourself on a classic experience page instead in which case you should check the next section on navigating to the solution gallery via classic experience suite bars.

If you’re on a modern experience page, follow these steps to find the solution gallery:

1. Click on the settings wheel (upper right corner)

2. Click on Site Information > View all site settings.

3. Look for and select Solutions under Web Designer Galleries.

Navigate to SharePoint solution gallery via classic experience settings wheel

If you’re on SharePoint 2013/2016 or a classic experience page on more recent versions you’ll have a slightly different experience finding the solution gallery:

1. Click on the settings wheel

2. Click Site settings.

3. Look for and select Solutions under Web Designer Galleries.

Web Designer Galleries > Solutions option missing?

If you don’t see Web Designer Galleries > Solutions setting, you’re most likely looking at the Site settings page for a subsite and not a site collection. Just click the Go to top level site settings link under Site Collection Administration (requires appropriate permissions). Then go back to step 3.

Posted on

Read vs Restricted Read vs View Only Permission in SharePoint

I recently had a SharePoint admin assigning Restricted Read permissions to users and out of curiosity wanted to refresh my memory on what distinguishes Read from Restricted Read. While I was at it, I took a look at View Only as well.

Basically, Read and View Only are nearly identical. The only distinction is that Read can download documents, while View Only can only open them and view them in the browser.

Restricted Read is minimally permissive, and doesn’t include the ability to create alerts, view versions, download, or exercise some site abilities (see table below for specifics).

You’ll also notice in the table below that View Only can Open, but not Open Items like Read. According to documentation, the difference is this:

  • Open Items (list permission): “View the source of documents with server-side file handlers.” Requires Open permission:
  • Open (site permission): “Enables users to open a website, list, or folder to access items inside that container.”

In the table below, list permissions are blue and site permissions are red. Download Documents is not a listed permission, but added for clarity to distinguish Read and View Only.

View OnlyRestricted ReadRead
Browse User Information XX
Create Alerts XX
Download DocumentsX
OpenXXX
Open ItemsXX
Use Client Integration Features XX
Use Remote Interfaces XX
Use Self Service Site Creation XX
View Application PagesXX
View Items XXX
View Pages XXX
View Versions XX
Permissions comparison matrix for read, restricted read, and view only in SharePoint.

Source: https://docs.microsoft.com/en-us/sharepoint/sites/user-permissions-and-permission-levels

Posted on

How to clear the SharePoint Server configuration cache using PowerShell

If you have several servers in your SharePoint Server (on-premises) farm, repeating the manual steps for clearing the configuration cache on each can be time consuming. PowerShell really shines in situations like these to help us be more productive and efficient.

The following PowerShell script can be used to clear the SharePoint configuration cache on a server. I’ve recently tested this on SharePoint 2019 servers with success. Just be sure to run it on each server for which you’re clearing the cache, then remember to go back to each and press “ENTER” in each PowerShell window as the script instructs you so that it restarts the timer service after all servers have had their cache cleared.

This script follows the same steps you’d perform manually. It loads the SP snap-in if needed, stops the timer service, deletes the xml files in the Config directory, sets the cache.ini file’s value to 1 to reset the cache, then restarts the timer service (once you press Enter).

Clear SharePoint configuration cache using PowerShell

  1. Run PowerShell as administrator (right-click, run as administrator).
  2. Copy and paste the following script, making no changes to its contents. It will work as-is.
  3. Hit Enter to run the script (unless using ISE, then click “Run”).
  4. Repeat steps 1-3 for each SharePoint server on which you’re clearing the cache.
  5. When this has run on all SharePoint servers you wish, go back to each and hit Enter in PowerShell to restart the timer service on each.
Posted on

Microsoft Delve blogs to be retired; Existing Delve blogs to be deleted in 2020

Thanks to a tweet by Tim Milan of Omaha, I heard today that Microsoft Delve blogs are to be deleted in a few months.

Milan’s news came from Office 365 Premier Support in response to a ticket he’d submitted. The email is as follows:

Click to enlarge

Delve was first announced alongside the Office Graph in 2014 at SharePoint Conference. Even though it’s only been out for a little over five years, the retirement of Delve in general has been a topic of speculation for nearly two years now (and perhaps longer for others). Some have wondered whether to invest time learning and promoting the app anymore, and perhaps this news will help guide those decisions.

Important dates:

The following points are taken from the email body seen above.

  • Beginning December 18th, 2019, tenants can no longer create new Delve blogs.
  • Beginning January 18th, 2020, you can no longer create new posts in existing blogs
  • Beginning April 17th, 2020, existing Delve blogs will be deleted and removed from Delve profiles.

What now?

If you read this post and asked yourself, “What’s a Delve blog?” don’t worry about it. It was a convenient feature that allowed your average user to create and maintain a blog they could share in the organization.

If you read this post and realized you have hundreds of user and group blogs out there to manage and just a few months to figure it out, you have some choices to consider.

The email shown earlier in this post suggests creating communication sites and adding News, Yammer, and Stream web parts for engagement but this isn’t a good plan for all blogs as not all users can create sites for themselves. Even those that can create sites may find site creation and management a bit too complex or too large of a scope compared to running a simple blog.

You could consider creating WordPress or Blogger sites and migrating your posts there. Unfortunately, there is no RSS feed for Delve blogs to export. You’d be manually copying and pasting (or recreating) posts.

You might consider disabling Delve if you’d like to prevent users from beginning something that’ll be removed soon. You can do this through the SharePoint admin center for all users (see directions here). Keep in mind this disables more than just blog creation – read the description before proceeding.

Click to enlarge

No matter what you choose, there’s no easy way forward. I would suggest getting your users involved in saving (print to PDF or copy/paste) posts of importance so that they can be posted as documents elsewhere, or recreated at a later time in another space.

Ready, set, change management!

Posted on

SharePoint search results showing wrong title

I recently ran into the issue of a document appearing in search results that didn’t use the name field OR the title field. I was perplexed by this until checking the search schema for the “Title” field. In an attempt to be helpful, there’s a property called MetadataExtractorTitle that was given higher preference than the actual title field. To fix this, I simply had to bump it down the list a bit.

Scenario

The document in question is a SharePoint Governance meeting agenda named SP Governance – 2017-11-17.

It appeared correctly in its library, which is to be expected:

And a look at its properties revealed there was no Title value, meaning it would default to the document name.

However, when searching for “SP” I found the document listed as “Agenda.” This was used because the MetadataExtractorProperty found “Agenda” within the document as a potential title (as the first line of the document).

Solution

Note: You must be at least a site collection administrator.

Go to Site Settings at the top level of the site collection for the document library.

Choose “Search Schema” under Site Collection Administration (not just “Schema” under search – that’s only site level)

Search for title and edit the property

Move “MetadataExtractorTitle” down until it’s beneath ows_Title. Click OK when finished.

Click to enlarge

Checking your work

After fixing the schema, go back to the document library and re-index it to check. (Library Settings –> Advanced Settings –> Reindex Document Library)

This will have the library re-crawled during the next incremental crawl (interval depends on administrator settings). Alternatively, you could trigger it immediately or run a full crawl.

Once the crawl has run, try your search again. Your items should now have a correct title when appearing in search results.

Posted on

Run Google Chrome as a different user to test

In an on-prem environment, it’s convenient to be able to run Chrome as a test user with general permissions instead of my admin permissions. This possibility makes it so I don’t need to remote to another machine or log out and in with another account just for a simple check.

Using Internet Explorer? Here’s how to do the same with that.

If you have a shortcut to Chrome on your desktop (not your task bar), skip ahead to step two.

1. Search “Chrome” from the start menu, right click and select “Open File Location”

2. Hold “Shift” on your keyboard and right-click the Internet Explorer icon. Select “run as different user”

3. Enter the credentials for the second user (your screen/prompt may look different) and click OK/Login. In some cases, you may be prompted to enter these more than once.

Chrome will now run as if the other user is logged in.

You can also use the “Check permissions” feature in SharePoint to see which groups a user belongs to for a site or resource, and which abilities/privileges they have.