Security trimmed top navigation links

I was asked to review a client environment yesterday to find out why the links in their top navigation bar were displaying for users that did not have permission to the particular sites.

Creating sites

It turns out that when sites were being created by the client on SharePoint Foundation 2010 they were being created without the ‘include on the top navigation bar’ check box ticked. As a result, the link was then not automatically added to the top navigation bar but instead later manually added and so was not security trimmed link.

Display this site on the top link bar of the parent site
Display this site on the top link bar of the parent site

It was then after removing permissions to the various sites that it became clear that users were able to see the top navigation bar link to the sites even though they did not have access.

Obviously, there are situations when users don’t have permissions to a site and you don’t want them to see that the site even exists. An example of this might be in an extranet scenario when you have third parties accessing project sites and you don’t want those third parties seeing the names of other project sites that may exist let alone the content…so how do we prevent this?

Identifying security trimmed links

By reviewing the URLs of the links in the top navigation bar I was able to identify whether the links were security trimmed or not. If the field for the URL is disabled then the link is security trimmed and most probably created when as the site was created.

Custom top navigation link that is not security trimmed
Custom top navigation link that is not security trimmed
Security trimmed top navigation link
Security trimmed top navigation link

Adding new security trimmed links

After identifying the problem, I then had to make the existing links security trimmed. I did this in two stages. The first was to make a note of the position of the link that needed to be replaced. I then deleted it from the top navigation bar using the ‘Top Link Bar’ site settings page (_layouts/topnav.aspx). The second stage was then to create the new security trimmed link by using the PowerShell code below.

Modify the $SPWeb and @(“Site Name”, “/sitename/default.aspx”) arguments as required and run the code for each of the top navigation bar links that need to be security trimmed. Remember the old link will need to be removed and the new one ordered as required.

Conclusion

It appears SharePoint, specifically SharePoint Foundation 2010 only honours security trimmed links in the top navigation when the links are created automatically as opposed to being created manually.

Note: this post specifically targets SharePoint 2010 Foundation which does not include the extended navigation that is included as part of the Publishing feature.

Adding a Yes, No, Cancel prompt to a PowerShell script

When I write PowerShell scripts, I often want to step through sections. This allows me to decided whether to proceed with parts of my script or not. I achieve this by using the ChoiceDescription class as demonstrated below.

More information about using prompts in PowerShell can be found in the following article and tip on Microsoft TechNet.

Clear the SharePoint Quick Launch using PowerShell

Today I had a requirement to remove all the headings and links from the quick launch navigation of hundreds of SharePoint sites. The sites were being provisioned as part of a PowerShell deployment script that was deleting the default list and libraries. Going through each of these sites manually was not an option – so I edited the deployment script to include a function to remove the headings for me.

SharePoint Quick Launch with Headings
SharePoint Quick Launch with Headings

I remembered doing something similar to this back on SharePoint 2007 but I didn’t have access to the previous script or project and instead had to research the subject for a while to find what I needed.

Solution

A post from Get-SPScripts supplied me with what I was after, although it was part of a much larger script. So I picked away at their code and made it into the following PowerShell function to re-use in other projects.

The above Remove-SPQuickLaunchLinks function will remove all headings and links from the SharePoint quick launch for a particular site.

Empty SharePoint Quick Launch
Empty SharePoint Quick Launch

Remember to review, rename and test this script before using it in a production environment.

Backup and download solutions in SharePoint from the configuration database

The need to backup or download SharePoint solutions or WSPs from SharePoint come’s up from time to time. This usually crops up for me when upgrading client environments, and they have forgotten where they put their original solutions, or there is a discrepancy as to which version they installed.

To download the solutions from the config database run the following PowerShell script. This will save all of the solutions stored in SharePoint’s config database to a directory (“C:\Solutions”) on the local machine.

Remember to review, rename and test this script before using it in a production environment.