Managing User Profile Service Application permissions using PowerShell

 

When User Profile Service application is configured in SP 2010, by default NT Authority\Authenticated Users and all authenticated users are granted permissions to create My Sites and use other features (personal and social) provided by user profile service. To disable users to create mysite and use other features, use Revoke-SPObjectSecurity and Set-SPProfileServiceApplicationSecurity powershell cmdlets.

 

 $upaproxyname= "User Profile Service Application"
$upaproxy = Get-SPServiceApplicationProxy | Where-Object {$_.DisplayName -eq $upaproxyname} 
$upasecurity = Get-SPProfileServiceApplicationSecurity -ProfileServiceApplicationProxy $upaproxy

#All Authenticated Users
$allauthusers = New-SPClaimsPrincipal -Identity 'c:0(.s|true' -IdentityType EncodedClaim
#To revoke Use Personal Features permission
Revoke-SPObjectSecurity -Identity $upasecurity -Principal $allauthusers -Rights "Use Personal Features"
# To revoke Create Personal Site permission
Revoke-SPObjectSecurity -Identity $upasecurity -Principal $allauthusers -Rights "Create Personal Site"
#To revoke Use Social Features permission
Revoke-SPObjectSecurity -Identity $upasecurity -Principal $allauthusers -Rights "Use Social Features"
Set-SPProfileServiceApplicationSecurity -Identity $allauthusers -ProfileServiceApplicationProxy $upaproxy

#NT AUTHORITY\authenticated users
$ntauthusers = New-SPClaimsPrincipal -Identity 'c:0!.s|windows' -IdentityType EncodedClaim
#To revoke Use Personal Features permission
Revoke-SPObjectSecurity -Identity $upasecurity -Principal $ntauthusers -Rights "Use Personal Features"
# To revoke Create Personal Site permission
Revoke-SPObjectSecurity -Identity $upasecurity -Principal $ntauthusers -Rights "Create Personal Site"
#To revoke Use Social Features permission
Revoke-SPObjectSecurity -Identity $upasecurity -Principal $ntauthusers -Rights "Use Social Features"
Set-SPProfileServiceApplicationSecurity -Identity $ntauthusers -ProfileServiceApplicationProxy $upaproxy