Search/Identify blocked file types in SharePoint

In SharePoint 2016 On-Prem, Microsoft has reduced the number of blocked file types from previous versions of SharePoint. It is totally different than the SharePoint 2010 / 2013. In SharePoint 2013, there are 105 default file types that are blocked by default but in SharePoint 2016, this number goes all the way down to 6. Interestingly, there is no blocked file type in SharePoint Online.

Self-Note:

Block type references:

Small Script to find all blocked file types:

$path = "C:\DRIVERS";
$extensitons = @("*.ade","*.adp","*.asa","*.ashx","*.asmx","*.asp","*.bas","*.bat","*.cdx","*.cer",`
                "*.chm","*.class","*.cmd","*.cnt","*.com","*.config","*.cpl","*.crt","*.csh","*.der",`
                "*.dll","*.exe","*.fxp","*.gadget","*.grp","*.hlp","*.hpj","*.hta","*.htr","*.htw","*.ida",`
                "*.idc","*.idq","*.ins","*.isp","*.its","*.jse","*.json","*.ksh","*.lnk","*.mad","*.maf","*.mag",`
                "*.mam","*.maq","*.mar","*.mas","*.mat","*.mau","*.mav","*.maw","*.mcf","*.mda","*.mdb",`
                "*.mde","*.mdt","*.mdw","*.mdz","*.ms-one-stub","*.msc","*.msh","*.msh1","*.msh1xml",`
                "*.msh2","*.msh2xml","*.mshxml","*.msi","*.msp","*.mst","*.ops","*.pcd","*.pif","*.pl",`
                "*.prf","*.prg","*.printer","*.ps1","*.ps1xml","*.ps2","*.ps2xml","*.psc1","*.psc2","*.pst",`
                "*.reg","*.rem","*.scf","*.scr","*.sct","*.shb","*.shs","*.shtm","*.shtml","*.soap",`
                "*.stm","*.svc","*.url","*.vb","*.vbe","*.vbs","*.vsix","*.ws","*.wsc","*.wsf","*.wsh","*.xamlx");

Get-Childitem -r -path $path\* -include $extensitons | %{$_.fullname}

#Optionally push results to a text file
#Get-Childitem -r -path $path\* -include $extensions | %{$_.fullname} > C:\File_Extensions.txt

image

Add/Update SP (SharePoint) Site Quota Template using PowerShell

Please see the reusable script:

$ver = $host | select version if ($ver.Version.Major -gt 1) {$host.Runspace.ThreadOptions = "ReuseThread"} if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) { Add-PSSnapin "Microsoft.SharePoint.PowerShell" } function AddUpdate-SPQuotaTemplate{ <# .Synopsis This advanced function add/update Site Quota Template. .Description This function uses .NET code to instantiate an instance of an SPQuotaTemplate class. An instance of the SPWebService class is instantiated and the Quota Template is added/updated to the Quota Templates Collection. .Example C:\PS>AddUpdate-SPQuotaTemplate -AddTemplateName "Custom" -UpdateTemplateName "" -StorageMaximumLevel 2GB -StorageWarningLevel 1GB -UserCodeMaximiumLevel 100 -UserCodeWarningLevel 75 This example creates an SP Quota Template called Custom with a maximum size of 2GB and a warning size of 1GB. Sandboxed solutions are limited to 100, with a warning level of 75. .Example C:\PS>AddUpdate-SPQuotaTemplate -AddTemplateName "Custom" -UpdateTemplateName "" -StorageMaximumLevel 4GB -StorageWarningLevel 3GB This example creates an SP Quota Template called Custom with a maximum size of 4GB and a warning size of 3GB .Notes Name: AddUpdate-SPQuotaTemplate Author: Riyaz Sheriff Last Edit: 2/09/2015 Keywords: Quota Template, Quotas and Locks .Link http://consultantpoint.wordpress.com #Requires -Version 2.0 #> [CmdletBinding()] Param( [Parameter(Mandatory=$true)][String]$AddTemplateName, [Parameter(Mandatory=$false)][String]$UpdateTemplateName, [Parameter(Mandatory=$true)][Int64]$StorageMaximumLevel, [Parameter(Mandatory=$true)][Int64]$StorageWarningLevel, [Parameter(Mandatory=$false)][System.Double]$UserCodeMaximumLevel, [Parameter(Mandatory=$false)][System.Double]$UserCodeWarningLevel ) # Instantiate an instance of an SPQuotaTemplate class # Write-Verbose "Instantiating an instance of an SPQuotaTemplate class" $contentService =[Microsoft.SharePoint.Administration.SPWebService]::ContentService $quotaTemplate = $contentService.QuotaTemplates[$AddTemplateName]; # Got an Instance of the SPWebService Class # Write-Verbose "Got an instance of an SPWebService class" if($quotaTemplate -ne $null){ # Ensure before renaming $expectedNewTemplate = $contentService.QuotaTemplates[$UpdateTemplateName]; if($expectedNewTemplate -eq $null -and $UpdateTemplateName -ne ""){ # New name quota template is already found # Write-Verbose "A Quota template with the name $UpdateTemplateName does not exisit...." $quotaTemplate.Name = $UpdateTemplateName $quotaTemplate.StorageMaximumLevel = $StorageMaximumLevel $quotaTemplate.StorageWarningLevel = $StorageWarningLevel $quotaTemplate.UserCodeMaximumLevel = $UserCodeMaximumLevel $quotaTemplate.UserCodeWarningLevel = $UserCodeWarningLevel $contentService.Update() Write-Host "Quota Template $AddTemplateName was updated successfully" -foreground Green } else{ Write-Host "Template $UpdateTemplateName already exists, cannot rename...." -ForegroundColor Yellow } } else{ # Set the Properties # Write-Verbose "Setting properties on the Quota object" $newQuotaTemplate = New-Object Microsoft.SharePoint.Administration.SPQuotaTemplate $newQuotaTemplate.Name = $AddTemplateName $newQuotaTemplate.StorageMaximumLevel = $StorageMaximumLevel $newQuotaTemplate.StorageWarningLevel = $StorageWarningLevel $newQuotaTemplate.UserCodeMaximumLevel = $UserCodeMaximumLevel $newQuotaTemplate.UserCodeWarningLevel = $UserCodeWarningLevel # Get an Instance of the SPWebService Class # Write-Verbose "Getting an instance of an SPWebService class" $contentService =[Microsoft.SharePoint.Administration.SPWebService]::ContentService $contentService.QuotaTemplates.Add($newQuotaTemplate) $contentService.Update() Write-Host "Quota Template $AddTemplateName added successfully" -foreground Green } } # Reconfigure if found, if not add a new one. AddUpdate-SPQuotaTemplate -AddTemplateName "Small Team Site (2GB)" ` -UpdateTemplateName "" ` -StorageMaximumLevel 2GB ` -StorageWarningLevel 1740MB ` -UserCodeMaximumLevel 300 ` -UserCodeWarningLevel 300 AddUpdate-SPQuotaTemplate -AddTemplateName "Medium Team Site (5GB)" ` -UpdateTemplateName "" ` -StorageMaximumLevel 5GB ` -StorageWarningLevel 4352MB ` -UserCodeMaximumLevel 300 ` -UserCodeWarningLevel 300 AddUpdate-SPQuotaTemplate -AddTemplateName "Large Team Site (10G)" ` -UpdateTemplateName "" ` -StorageMaximumLevel 10GB ` -StorageWarningLevel 8704MB ` -UserCodeMaximumLevel 300 ` -UserCodeWarningLevel 300

Simple way to set "Replicate Directory Changes" permission (via PowerShell)

$Identity = "domain\account" $RootDSE = [ADSI]"LDAP://RootDSE" $DefaultNamingContext = $RootDse.defaultNamingContext $ConfigurationNamingContext = $RootDse.configurationNamingContext $UserPrincipal = New-Object Security.Principal.NTAccount("$Identity") DSACLS "$DefaultNamingContext" /G "$($UserPrincipal):CA;Replicating Directory Changes" DSACLS "$ConfigurationNamingContext" /G "$($UserPrincipal):CA;Replicating Directory Changes"

Checking/Ensure Replication Directory Changes for account by PowerShell

 

Following script is not mine and it was copied from – http://blog.bugrapostaci.com/2011/04/27/checking-replication-directory-changes-for-account-by-powershell/

This script was really so useful to check whether a user profile synchronization account is correctly configured.

This was tested at Structural Projects Group after DirSync their on prem AD accounts with Office 365 hosted AD.

Note:  A trust need to be created between two ADs as Bi-Directional.

#Save to script a file named CheckRDC.ps1
usage syntax:
open Sharepoint PowerShell Console
PS> .\CheckRDC.ps1 “DOMAIN\username”

image

The above ensures that SP_UPS has replication permission enabled on both side of the AD. Smile

param( [string] $userName="") function Check-ADUserPermission( [System.DirectoryServices.DirectoryEntry]$entry, [string]$user, [string]$permission) { $dse = [ADSI]"LDAP://Rootdse" $ext = [ADSI]("LDAP://CN=Extended-Rights," + $dse.ConfigurationNamingContext) $right = $ext.psbase.Children | ? { $_.DisplayName -eq $permission } if($right -ne $null) { $perms = $entry.psbase.ObjectSecurity.Access | ? { $_.IdentityReference -eq $user } | ? { $_.ObjectType -eq [GUID]$right.RightsGuid.Value } return ($perms -ne $null) } else { Write-Warning "Permission '$permission' not found." return $false } } # Globals $replicationPermissionName = "Replicating Directory Changes" # Main() $dse = [ADSI]"LDAP://Rootdse" $entries = @( [ADSI]("LDAP://" + $dse.defaultNamingContext), [ADSI]("LDAP://" + $dse.configurationNamingContext)); Write-Host "User '$userName': " foreach($entry in $entries) { $result = Check-ADUserPermission $entry $userName $replicationPermissionName if($result) { Write-Host "`thas a '$replicationPermissionName' permission on '$($entry.distinguishedName)'" ` -ForegroundColor Green } else { Write-Host "`thas no a '$replicationPermissionName' permission on '$($entry.distinguishedName)'" ` -ForegroundColor Red } }

 

for more on Deploy Office 365 Directory Synchronization (DirSync) in Microsoft Azure – http://technet.microsoft.com/en-us/library/dn635310%28v=office.15%29.aspx

Setting up Document Expiration and Retention Policies for Libraries in SharePoint 2010

The following could be useful for someone who is trying to setup a Document Expiration and Retention Policies for a library in SharePoint 2010:

Check List:

1. Central Administrator should have retention enabled for sites created:

Central Administration > Security > Information policy > Configure Information Management Policy > Retention [Available for use in new site and list policies]

2. “Information Management Policy” and “Expiration Policy” are the two timer jobs which are responsible for retention policy. By default both will work “Weekly”, change this to suite your need.

Note: Set the recurring schedule in such a way that “Information Management Policy” job should run before the “Expiration Policy”.

[For testing purposes, you can either execute “Run Now” or set a shorter interval like every 5 minutes]

Steps to configure an Expiration Policy as below:

1. [Designated Document Library] > Document Library Settings > Information management policy settings >

a. Library and Folders (Change source or configure library schedule) > [Select Library and Folders].

b. Add a retention stage… > “This stage is based off a date property of the item Time Period :” Created + e.g. 0 days (for immediate action) > Action [Select Move to Recycle Bin]

c. Press OK/Apply to save the changes.

2. Add a document to the [Designated Document Library] and wait for the “Expiration Policy” timer job to execute.

That’s it; you should see that the item has been moved to the recycle bin.

Setting Expiration Dates

In SharePoint 2010, you have the option to set an expiration time based on any date property available in the drop-down list shown in Figure 8-5, including when it was declared a record. You can specify values between 0 to 500 years, 0 to 6000 months, or 0 to 182,500 days from the date selected from the drop-down list. In reality, all three settings have the same maximum amount of time, so your choice of which to select is really based on how precise you want the date setting to be. Selecting days will give you a more precise setting than months, and months will be more precise than years. The precision of the retention period required by your organization should be determined by your legal team.

Related references:

Retention Policy for document library in SharePoint 2010

http://weblogs.asp.net/sreejukg/archive/2010/11/11/retention-policy-for-document-library-in-sharepoint-2010.aspx

Creating a retention policy to start a workflow in SharePoint 2010 using PowerShell

http://get-spscripts.com/2011/08/creating-retention-policy-to-start.html

Bulk provisioning SharePoint 2010 document retention policies using PowerShell:

http://www.sharemuch.com/2011/04/11/bulk-provisioning-sharepoint-2010-document-retention-policies-using-powershell/

Add a workflow to a SharePoint list in all sites of a site collection using PowerShell

http://get-spscripts.com/2010/08/add-workflow-to-sharepoint-list-in-all.html

Outbound e-mail has not been configured.

Severity 1 – Error 
Category Configuration 
Explanation A default SMTP server has not been configured.  One or more web applications do not have SMTP servers configured.  Because of this, features such as alerts will not function properly.
Remedy Configure an outgoing e-mail server from the central administration site or execute the following command: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\bin\stsadm.exe-o email -outsmtpserver <SMTP server> -fromaddress <someone@example.com> -replytoaddress <someone@example.com> -codepage <codepage> For more information about this rule, see http://go.microsoft.com/fwlink/?LinkID=142684.

 

Solution – PowerShell approach:

$ErrorActionPreference = "Stop"
Add-PSSnapin Microsoft.SharePoint.PowerShell -EA 0

$SMTPSvr = ‘mailserver.domainame.local’
$FromAddr = ‘noreply@domainame.local’
$ReplyAddr = ‘noreply@domainame.local’
$Charset = 65001

$CAWebApp = Get-SPWebApplication -IncludeCentralAdministration | Where { $_.IsAdministrationWebApplication }
$CAWebApp.UpdateMailSettings($SMTPSvr, $FromAddr, $ReplyAddr, $Charset)

 

Verify@:  Central Administration > System Settings > Configure outgoing e-mail settings

image

PowerShell script to file browse, change file attribute, restore SharePoint site backup

Here is a nice little utility (written using PowerShell script) which I use to restore a site backup time to time.

Some features of this script are:

1. Displays a file browse dialog to select a file (see – Invoke-FileBrowser)

2. Removes the read-only attribute on the file (see – Remove-Readonly), this is required as the backup file is stored in TFS.

3. Restore a given backup file, without asking for confirmation (see – Restore-SPBackup)

——————————————————————————————————————————

$ErrorActionPreference = "Stop"

Add-PSSnapin Microsoft.SharePoint.PowerShell -EA 0

# Example:
# $file = Invoke-FileBrowser -Title "Select a file" -Directory "D:\backups" -Filter "Powershell Scripts|(*.ps1)"
function Invoke-FileBrowser
{
      param([string]$Title,[string]$Directory,[string]$Filter="All Files (*.*)|*.*")
      [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-Null
      $FileBrowser = New-Object System.Windows.Forms.OpenFileDialog
      $FileBrowser.InitialDirectory = $Directory
      $FileBrowser.Filter = $Filter
      $FileBrowser.Title = $Title
      $Show = $FileBrowser.ShowDialog()
      If ($Show -eq "OK")
      {
            Return $FileBrowser.FileName
      }
      Else
      {
            Write-Error "Restore cancelled by user."
      }
}

# Example:
# Remove-Readonly -FilePath "D:\backups\filename.txt"
function Remove-Readonly
{
    param([string]$FilePath)
    #Remove read-only attribute, otherwise access denied error.
    Set-ItemProperty -Path $FilePath -name IsReadOnly -value $false
}

# Example:
# Restore-SPBackup -FilePath "D:\backups\backupfile.bak"
function Restore-SPBackup
{
    param([string]$BackupFilePath, [string]$WebUrl)
    #Restore the backup without asking for confirmation.
    Restore-SPSite -Identity $WebUrl -Path $BackupFilePath -Confirm:$false
}

$backupLocation = "C:\mywork\scm\JRCP.Internet\JRCP.Internet\JRCP Data Structures\Site Backups"
$SiteUrl = "http://sp2010riyaz:4040"

$file = Invoke-FileBrowser -Title "Browse" -Directory $backupLocation -Filter "All Files (*.*)|*.*"
Remove-Readonly -FilePath $file
Restore-SPBackup -BackupFilePath $file -WebUrl $SiteUrl
--------------------------------------------------------------------

Wait for more useful utilities…