Ban/Limit Access for a single user in SharePoint

Recently I had a request. Secure SharePoint from people casually looking through the list of our sites. Well, the site in question wasn't public facing and anonymous access is turned off, so by default, you had to be authenticated to even see it.

"Oh no, this user is an authenticated user, they just shouldn't see it".... which got me off on a rant about how making Active Directory insecure makes your applications that depend on it insecure as well. If you provide a generic account with a password that doesn't expire, you opened up a hole. Even worse, it was just one user out of hundreds of users.

I've seen a lot of people talk about how you can jump through hoops to remove "NT AUTHORITY\authenticated users" from sites, how you can limit exposure to people adding it to your Visitors group and so on. Yeah, it works, but it is overkill in this instance.

The easiest approach is Central Administration.Central Administration > Application Management > Policy for Web Application.
  1. Select your application.
  2. Add a user or a group
  3. Select your authentication method (All to be safe)
  4. Choose Deny All







Now they can no longer access any site or page in the Web Application 

Popular posts from this blog

How to change the owner of PowerApps

Image
I have seen many blog posts and videos about how to change the owner of a PowerApp. The problem is that all the blogs posts out there (as of 4/21/2020) don't tell you how to change the owner to someone other than the Global Administrator running these commands. Some blogs just tell you there is a command which is supremely unhelpful. So I plan to fix that. Q: Why would you change it? A: In case someone created an app that left the company you want to transfer it. Or perhaps you created the app and you want to transfer ownership of it to a Service Account that will live beyond you. Q: Why not just use the Export/Import process? A: You can, but that is not the point of this article. What you need 1) An Office 365 Global Administrator account and access to Azure Active Directory users portal 2) The App ID and Environment ID (more below) 3) PowerShell Get the details 1) In a browser, login to admin.powerapps.com as a Global Administrator 2) In the Environme
Read more

Unknown server tag 'AdminControls:MigrationToolPromotionTip'.

Image
I was applying the August 2019 CU for SharePoint 2013 in my Test environment. After installing the binaries, I tried to go to Central Administration to view the Servers in Farm page to verify the status. Instead of loading the homepage, I got the error message Unknown server tag 'AdminControls:MigrationToolPromotionTip'. I was able to get to other pages within Central Admin by typing in the URL directly. After successfully completing the Products and Configuration Wizard (which you should do after every patch), Central Administration loaded successfully. I then noticed a new advertising banner touting their SharePoint Migration tool. Not a coincidence.
Read more

SharePoint 2013 Site Owner cannot manage Access Requests (Updated)

I have been pulling my limited hair out for a week trying to figure out why a Site Owner will Full Control on the site would always get denied when they tried to respond to Access Requests. When they received the email and clicked on " Accept or decline this request " which goes to https://[siteurl]/ Access Requests/pendingreq.aspx they would get " Sorry, this site hasn't been shared with you. " Preliminary Troubleshooting Steps I went through each and every permission group on the site to make sure the Site Owner group was the owner of the group. I went through each list or library that had broken site permissions and made sure the Site Owners group had Full Control of those as well. They all did. Then I looked at the Permission Level of the Site Owner's group. It said Full Control, but it also had that awful "Limited Access" permission. This site had many owners and many times they all tried their best to limit access to certain things and
Read more