Instantiate SharePoint Client Context using current user credentials in PowerShell

In C# managed code, SharePoint Client Context can be created using System.Net.CredentialCache to pass logged in user credentials.

ICredentials credentials = CredentialCache.DefaultCredentials;
clientContext.Credentials = credentials;

I could not find anywhere how to achieve it in PowerShell.

If using PnP PowerShell module, the switch parameter CurrentCredentials can be used with the cmdlet Connect-Online.

Connect-SPOnline -Url “http://dev-sp-001a:1214/Teams/Legal” -CurrentCredentials 
$ctx= Get-SPOContext

In most of my CSOM code without use of PnP I used to get current user name using [Environment]::UserName

[Environment]::UserName

I used to prompt the current user to enter password

$AdminPassword = Read-Host "Enter password: " -AsSecureString

Lately I discovered I could use  system.net.credentialcache in PowerShell  to pass current user credentials when instantiating the ClientContext object.

 $ctx=New-Object Microsoft.SharePoint.Client.ClientContext($siteUrl) 
 $Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
 $ctx.Credentials = $Credentials;
 $web = $ctx.Web
 $ctx.Load($web);
 $ctx.ExecuteQuery();

This means you can start Windows PowerShell as the user having appropriate permissions to the SharePoint Environment and run CSOM code without prompting credentials.

Create default groups using CSOM and PowerShell after creating site collections via script

Whenever a site collection is created using PowerShell, the default security groups (visitors, owners and members) are not provisioned.

When site collection is created via browser an additional method call is made to create the security groups which is not called while using PowerShell.

The following scripts will help create the default groups.

Call method CreateWebDefaultGroup  passing the parameters context(clientcontext) and  UniquePermissions(bool)

CreateWebDefaultGroup -Context $ctx -UniquePermissions $false

 

 

CSOM in PowerShell Query All Unique Permissions

I was looking for a script to export all unique permissions/broken permissions for sites, lists or document libraries and Pages items.From a quick Google search, I stumbled upon SharePoint 2010: Export All Unique Permissions from Site Collection using PowerShell.  The script would have worked on SharePoint 2013 given it was run directly from the SharePoint server using Server Side Code.

I was site collection administrator without access to any SharePoint Servers. The only way was to use CSOM from PowerShell since I was not allowed to run any .exe/consoles files due to company policies on Live environment. The solution would work on both SharePoint 2013 On Premises and SharePoint Online.

The script can be downloaded from tech net gallery.

I amended the PowerShell code to the following. I have used script Load-CSOMProperties.ps1 from blog post Loading Specific Values Using Lambda Expressions and the SharePoint CSOM API with Windows PowerShell to help with querying object properties like Lambda expressions in C#.

PowerShell break inheritance on SharePoint Library and change permissions of Group

I had a requirement to change group members security group which has contribute permissions at the site collection to have read permissions to one document library.

The trick is to break inheritance on the document library and amend the role of the security group to Read.

$web =Get-SPWeb -Identity $webUrl
$docLibrary=$web.Lists.TryGetList($LibraryName)
$docLibrary.BreakRoleInheritance($False)
#get role definition from web: Full Control or Contribute or Read
$roleDefinitions = "Read"
#get site group
$siteGroup = $web.SiteGroups[$groupName]
#get the role assignment for the group
$roleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($siteGroup)
$roleAssignment.RoleDefinitionBindings.RemoveAll();
$roleDefinition=$web.RoleDefinitions[$roleDefinitions];
$roleAssignment.RoleDefinitionBindings.Add($roleDefinition);
$docLibrary.RoleAssignments.Add($roleAssignment)
$docLibrary.Update();

The end result is to maintain contribute permissions at site collection

ContributePermissionAtSiteCollection

and read permissions at document library

ReadPermissionAtLibrary