Post SharePoint 2013 Configuration PowerShell Script
$urls = "http://intranet.honggyem.com","http://mysite.honggyem.com"
$superuser = "honggyem\spsuperuser"
$superreader = "honggyem\spsuperreader"
$intranetapppoolid = "honggyem\spwebapp1"
$mysiteapppoolid = "honggyem\spwebapp2"
$performancepointaccount = "honggyem\spppoint"
$accessserviceaccount = "honggyem\spaccess"
$excelserviceaccount = "honggyem\spexcel"
$visioserviceaccount = "honggyem\spvisio"
$bcsserviceaccount = "honggyem\spbcs"
$appmgmtserviceaccount = "honggyem\spappmgmt"
$workmgmtserviceaccount = "honggyem\spworkmgmt"
$count = 1
(Measure-Command {
foreach ($url in $urls) {
$w = Get-SPWebApplication -Identity $url
$w.Properties["portalsuperuseraccount"] = $superuser
$w.Properties["portalsuperreaderaccount"] = $superreader
$w.Update()
write-host $count "- SP Web Application Name:" $w.Name
write-host "......Superuser account:" $w.Properties["portalsuperuseraccount"]
write-host "......Superreader account:" $w.Properties["portalsuperreaderaccount"]
$w.GrantAccessToProcessIdentity($intranetapppoolid)
write-host "......Intranet Application Pool Identity account:" $intranetapppoolid
$w.GrantAccessToProcessIdentity($mysiteapppoolid)
write-host "......My Site Application Pool Identity account:" $mysiteapppoolid
$w.GrantAccessToProcessIdentity($performancepointaccount)
write-host "......PerformancePoint Service account:" $performancepointaccount
$w.GrantAccessToProcessIdentity($accessserviceaccount)
write-host "......Access Service account:" $accessserviceaccount
$w.GrantAccessToProcessIdentity($excelserviceaccount)
write-host "......Excel Service account:" $excelserviceaccount
$w.GrantAccessToProcessIdentity($visioserviceaccount)
write-host "......Visio Service account:" $visioserviceaccount
$w.GrantAccessToProcessIdentity($bcsserviceaccount)
write-host "......Business Connectivity Service account:" $bcsserviceaccount
$w.GrantAccessToProcessIdentity($appmgmtserviceaccount)
write-host "......App Management Service account:" $appmgmtserviceaccount
$w.GrantAccessToProcessIdentity($workmgmtserviceaccount)
write-host "......Work Management Service account:" $workmgmtserviceaccount
$count++
}
}
)
Save the above as a .ps1 file such as GrantAccessToProcessIdentityForServiceAppsForSP2013.ps1 for your convenience. When you execute, make sure you are:
- a farm administrator
- a sysadmin in SharePoint DB server
- logged into a SharePoint server and open the SharePoint PowerShell with "Run As Administrator"
How do you revoke access that has been granted? I need to have a backout plan if thngs do not complete 100% which would require me to revoke the access granted up to that point.
ReplyDeleteRunning the above PowerShell script will add all listed managed accounts to the "SPDataAccess" database role in SharePoint content databases. One thing you can do is to document all managed accounts you are including in the above script and as a part of your backout plan, you can simply remove these managed accounts from the "SPDataAccess" database role for all SharePoint content databases in SQL Management Studio. Or, you can un-map these managed accounts from all content databases. In addition, if you would like to automate this, you can create a SQL query script that automatically takes care of this membership update.
DeleteThis is a really helpful script! Thanks for share!
ReplyDelete