For some time now I put down the SharePoint automates pen, but, seeing as 2013 is definitely out I thought, hey lets upgrade and develop all the tools and release new ones in my ‘suite’. GEPDOCPERMS is a new utility, one of my favourites, it’s a free download and it is available for both SharePoint 2010 and SharePoint 2013. GEPDOCPERMS is a utility that will list document libraries from all or a specific SharePoint site, with the ability to show the permissions set against documents, the ability to list the email enabled document libraries, the ability to list permissions against a specific individual. The output of this utility is TEXT, however, further releases will include the ability to write to XML and HTML.
What does GEPDOCPERMS do? Lets’ summarize:
Displays key information about sites, for example:
- Web App Name, URL, Storage Usage, Storage Quota, Content Database, Creator, Last updated and security last updated.
Displays key information about document libraries in each site, for example:
- Size, Validity, Folder, Parent, Author, Minor and Major Version, Modified / Created By, Modified / Created Date, Title, URL, ID, Incoming Email Address, Checked Out By, When Checked In, Comments, Checked Out, Expires, Status.
Displays permission roles against documents and can be restricted on role type, for example:
- Full Control, Contributor, Designer, Manage Hierarchy, Approve, Read, or ignore and show all.
- Can be optionally restricted to show only document library information where an incoming email address has been set
- Can be optionally restricted to show only documents which have permissions against a specific user.
This tools is extremely useful if you want a very quick way of auditing permissions against a user, library, site or entire SharePoint farm. Another benefit I have found is to run the tool as a schedule against one or more sites / document libraries / users and to store the reports to identify how changes in security has affected usage.
One point of course is that outputs from this utility can be big (and can take a while) depending on what information you wish to extract. As with all my tools, I suggest you test on a small segment in your SharePoint test environment first.
How to use GEPDOCPERMS
GEPDOCPERMS is a console application which runs on the SharePoint server. All you need do is download it, and unzip GEPDOCPERMS into a folder on your SharePoint server. You can run GEPDOCPERMS /? to see help screen. The help screen gives information on the switches that you will have to give the application to get an output. First, some points concerning some of the switches.
1: If you use -usr you should also use -o
2: If you use -e no permissions and no document library files will be listed
3: If you use -u and the site checked is a site collection all sub-sites of that site collection will be included
4: The switches can be used in any order and you can use some or more of them in the command line.
5: If you run GEPDOCPERMS without any switches it will list all document libraries across all sites – check the help first or read the below to get the right combination of switches for what you want to check.
Command Line Usage:
GEPDOCPERMS -u [URL of site to check] -d [Document Library Title] -a -[f NameOFOutPutTextFile] -o [FC / HC / CN / DE / AP / RD / XX] -ng
-a -usr [DOMAIN\LOGINNAME] -e
See the Help Screen:
Examples of use:
This will include information from all document libraries across all sites and from all web applications available.
This will include information from document libraries only where the incoming email address has been set
GEPDOCPERMS -u http://mysharepoint
This will display information concerning all document libraries from the mysharepoint site.
GEPDOCPERMS -u http://mysharepoint -d MySharedDocs
This will display information concerning MySharedDocs document library in the mysharepoint site.
GEPDOCPERMS -u http://mysharepoint -d MySharedDocs -a
This will display information INCLUDING all the files in the MySharedDocs document library in the mysharepoint site.
GEPDOCPERMS -u http://mysharepoint -e
This will display information from document libraries in site http://mysharepoint which have Incoming emails set against them.
GEPDOCPERMS -a -f FarmDocList.txt
This will display information about all files, in all document libraries and from all sites to the text file FarmDocList.txt – note this will produce a big report!
GEPDOCPERMS -o RD -a
This will display information about all document libraries including all users who have READ access to those document libraries in all sites to the text file GEPDOCPERMS.TXT
FC = FULL CONTROL / HC = MANAGE HIERACHY / CN = CONTRIBUTE / DE = DESIGN / AP = APPROVE / RD = READ / XX = ANY ROLE PERMISSIONS
GEPDOCPERMS -o RD -a -usr DOMAIN\LOGINNAME
Same as Example 7 but also restricting the list to show only READ against user DOMAIN\LOGINNAME
GEPDOCPERMS -u http://sharepoint -o RD -ng -a
This will display information about all document libraries in http://sharepoint, showing users who have READ access to all documents, but ignoring expanding SharePoint Group access membership
How do I get it?
GEPDOCPERMS is available for download from Codeplex and it is available for both SharePoint 2010 and SharePoint 2013
Further enhancements and release plans?
As with all of my tools, I aim to update them regularly. Note that these are free of charge with no other requirements other than to let me know if the tool has helped.