Monday, July 23, 2012

Sharepoint top link bar cross site collection security trimming

Sharepoint does not do security trimming on custom links in the link bar.
Using the Sharepoint Designer method will not work if the link you want to security trim is in a different site collection. To work around this issue I used a locked down library and a html redirect page.

Things you will need.
Notepad 
Sharepoint Designer
Site collection Admin access

1. Create a library called "Site Navigation' or something similar.
2. Change the permissions on the library, so only the Site Collection Admin has access.
3. Create the html redirect page with the new site collection page url you want to link to.

 Copy the code below and paste it in a notepad and save as a html file.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>

<meta http-equiv="REFRESH" content="0;url=http://sharepoint/sites/test/default.aspx"></HEAD>
<BODY>

</BODY>
</HTML>

4. Upload new file to the new library you created in step 2.
5. Create a new Sharepoint group or AD group and add only the users that you want to be able to access the new link tab.
6. In the file drop down select "Manage Permissions" and give the group you created read only access.
7. Okay, we are ready to dive into some SharePoint Designer? Open up Sharepoint Designer and open the top level site collection website. Always wondered what this Navigation link was?
image
You can also go in the Menu Bar to Site, and choose Navigation from the pull down menu.
You will get this nice Visio kinda’ tree view of the Demo website. This is called the Navigation Map.
image
Within SharePoint Designer, in the Navigation Map you can also build you own top link bar links and quick launch links.  Now right-click on the most right Tab ‘The SharePoint Tob Navigation Bar’ and choose ‘View subtree only’. You will see something like this:image
The Sharepoint Top Navigation Bar has 4 nodes under it. One is Home, which point to the Home page of the Top level site and the others are Subsite1, subsite2 and subsite3.
Now right-click the Sharepoint Top Navigation Bar node and click New -> Page. It will add a node under the Sharepoint Top Navigation Bar. Double click it (this is very important that you do this), it will create a untitled htm page (which you can close immediately) and then back on the untitled 1, right-click it. Choose Properties. You will see something like this:
image
It will allow you to Edit the Hyperlink and allow you to paste the url of the new html file we created in step 3 and then click OK. After this, click once on the untitled 1.html and it will change into the newly created hyperlink. The new added node will point to the Subsite3 now. BTW, the title now shows Subsite3/default.html. You can change the title into ‘Subsite 3 security trimmed’ by clicking once on this title. The end results shows something like this:
image
Save the site and then close Sharepoint Designer. Go back to the WSS site, log into this site with administrator credentials and you will find the Subsite3 security trimmed tab is listed in the Top Link Bar.
image
Just checking. Again, go to Site Actions, Site Settings, in the Look and Feel column go to the Top link bar.  Click on the edit button before ‘subsite3 security trimmed’. Notice that the url is greyed out?
image
8. The new link bar tab should now be security trimmed.

Sharepoint Designer instructions provided by Peter van den Berg.
http://petervdberg.blogspot.com/2010/06/how-to-create-security-trimmed-top-link.html




Posted by at No comments:

Friday, December 31, 2010

Windows PowerShell Active Directory Sync to Sharepoint User Profiles

Download: Set-WSS-UserInfo-From-ActiveDirectory

Synchronizes all Site Collections User information between SharePoint (WSS or MOSS) and Active Directory
  • To execute this script, you have to :
    • Open the PS1 file
    • Modify the line 198: [ Set-UserInfoDetails "http://mySharePointWebApplication" "LDAP://DC=MyControler,DC=MyDomain,DC=com" ] with your internal parameters
    • Execute the script by use the file name "Set-WSS-UserInfo-From-ActiveDirectory.ps1"

All the User data will receives the information, you can modify the script if you have extended data.

Main Page: http://sharepointpsscripts.codeplex.com/releases/view/21699 



Warning:  
If any information is left blank in AD and you already filled in the information manually in SharePoint, such as Email address's or Job Title's. They will be over written with blank information. Please make sure that all the user information is updated in AD before running this script. 


I am in no way shape or form liable if anything should go wrong. 
Use this information at your own risk.


You've been warned.



Basic Setup

Download and install Windows PowerShell 2.0
Windows Management Framework Core (WinRM 2.0 and Windows PowerShell 2.0)

To run unsigned PowerShell scripts execute: 
Powershell -STA -command "& {Set-ExecutionPolicy -Scope LocalMachine Unrestricted -Force}
(The script supplied is unsigned, it will not run until you execute this command.)

Edit script at line 198 and save.
Set-UserInfoDetails "http://mySharePointWebApplication" "LDAP://DC=MyDomain,DC=com"
(If you have more than one domain, create a new script for each one.)

Customize what is written to Sharepoint: 

Starting at line 139.

Edit
if($Verbose){Write-Host "AD Result: ", $UserNtName, $UserPreferedName, $UserJob, $UserDpt, $UserSIP, $AboutMe, $UserEmail}

Edit        (Only Applies to Email Address)
# Set the basic UserInfo Data
                $MyUser.Name = [string]$myUserAD.Properties.name
                $MyUser.Email = $UserEmail

Edit      (This may not need to be edited, I did to make it look cleaner.)
# Set the detailed UserInfo Data
      $userInfoDetails["Name"] = $UserNtName
      $userInfoDetails["Title"] = $UserPreferedName
      $userInfoDetails["JobTitle"] = $UserJob
      $userInfoDetails["SipAddress"] = $UserSIP
      $userInfoDetails["Picture"] = "" #You can load it if you have the data in your AD
      $userInfoDetails["Notes"] = $AboutMe
      $userInfoDetails["EMail"] = $UserEmail
      $userInfoDetails["Department"] = $UserDpt



Example:  To sync just there name.

Starting at line 139.

if($Verbose){Write-Host "AD Result: ", $UserNtName, $UserPreferedName}

# Set the basic UserInfo Data
                $MyUser.Name = [string]$myUserAD.Properties.name


# Set the detailed UserInfo Data
     $userInfoDetails["Name"] = $UserNtName
     $userInfoDetails["Title"] = $UserPreferedName


Windows Schedule Tasks Setup
C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe &'C:\SharePoint AD Sync Scripts\Set-WSS-UserInfo-From-ActiveDirectory-.ps1'

Set the task run as to your SharePoint service account. (Example: Domain\SharePoint)

(I set the task to run once a day at 12PM.)

If you found this post helpful, please leave comments below.
Posted by at 1 comment:
Subscribe to: Posts (Atom)