NOTE: Please do not run this on a production environment without careful thought and planning. Always test it on a backup and verify everything is okay before doing anything
Hi, Phil Smail here again. Again some more code I wrote for the MOPC that I wanted to put up onto the blog.
This code originally came about because a internal Microsoft group had got to the stage where their security permissions were out of control. This was mainly due to an initial lack of understanding of the security model and they wanted to get to a state where all the users, other than Admins have their permissions wiped so a proper security model can be put in place.
The tool looks like the following when run:
First thing is to enter the URL of the site you want to connect to then click on the ‘Connect to Server’ button.
This then populates the ‘Admin Group’ dropdown with the list of Groups on the server. When you click ‘Reset Perms’ then it will run through every user and remove them from all Groups and Categories they belong to as well as removing all Global Permissions set on users directly. This is the case except for the group that you select as the Admin group. All users that belong to that group will continue to belong to that group. Once the tool is run then the Admins, who should still belong to the chosen ‘Admin Group’ can go about giving users the permissions following security best practice.
A Dry Run checkbox is checked by default and this will run the test to see how much will be removed and display it in the textbox below. You should definitely run it in Dry Run mode before removing any permissions for real.
In this case the output would look something like the following: