Para gerar relatório de links compartilhados dos sites SharePoint de um determinado tenant do Microsoft 365, é recomendável rodar o script através do Windows PowerShell ISE.
Esses scripts estão em desenvolvimento, por enquanto, cada script precisa ser executado por SharePoint site e você precisa ser dono ou membro dele.
Edite a variável $SiteUrl para o site que deseja. Caso o repositório esteja em uma biblioteca diferente de Documents, edite também a variável $ListName.
O report CSV será salvo na pasta Downloads do usuário. Note que no final do arquivo ele irá exibir o hast MD5 e a data e hora atual para fins de auditoria. Note que o CertUtil retornará um erro caso o arquivo não retorne qualquer link.
Script #1: Gera relatório de permissões de links
# Parameters
$SiteUrl = "https://contoso.sharepoint.com/sites/nameofthesite"
$ReportOutput = "$env:USERPROFILE\Downloads\sharedlinkspermission.csv"
$ListName = "Documents"
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive
$Ctx = Get-PnPContext
$Results = @()
$global:counter = 0
#Get all list items in batches
$ListItems = Get-PnPListItem -List $ListName -PageSize 2000
$ItemCount = $ListItems.Count
#Iterate through each list item
ForEach($Item in $ListItems)
{
Write-Progress -PercentComplete ($global:Counter / ($ItemCount) * 100) -Activity "Getting Shared Links from '$($Item.FieldValues["FileRef"])'" -Status "Processing Items $global:Counter to $($ItemCount)";
#Check if the Item has unique permissions
$HasUniquePermissions = Get-PnPProperty -ClientObject $Item -Property "HasUniqueRoleAssignments"
If($HasUniquePermissions)
{
#Get Users and Assigned permissions
$RoleAssignments = Get-PnPProperty -ClientObject $Item -Property RoleAssignments
ForEach($RoleAssignment in $RoleAssignments)
{
$Members = Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
#Get list of users
$Users = Get-PnPProperty -ClientObject ($RoleAssignment.Member) -Property Users -ErrorAction SilentlyContinue
#Get Access type
$AccessType = $RoleAssignment.RoleDefinitionBindings.Name
If ($RoleAssignment.Member.Title -like "SharingLinks*")
{
If ($Users -ne $null)
{
ForEach ($User in $Users)
{
#Collect the data
$Results += New-Object PSObject -property $([ordered]@{
Name = $Item.FieldValues["FileLeafRef"]
RelativeURL = $Item.FieldValues["FileRef"]
FileType = $Item.FieldValues["File_x0020_Type"]
UserName = $user.Title
UserAccount = $User.LoginName
Email = $User.Email
Access = $AccessType
})}}} }}
$global:counter++}
Write-Host
Write-Host -ForegroundColor Green "Creating and exporting CSV file"
$Results | Export-CSV $ReportOutput -NoTypeInformation
Write-Host
Write-Host -ForegroundColor Green "Hash MD5 of file result"
certutil -hashfile $ReportOutput MD5
Write-Host
Write-Host -ForegroundColor Green "Date and time"
Get-Date
Script #2: Lista todos os links compartilhados
#Parameters
$SiteURL = "https://contoso.sharepoint.com/sites/nameofthesite"
$ReportOutput = "$env:USERPROFILE\Downloads\allsharedlinks.csv"
$ListName = "Documents"
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive
$Ctx = Get-PnPContext
$Results = @()
$global:counter = 0
#Get all list items in batches
$ListItems = Get-PnPListItem -List $ListName -PageSize 2000
$ItemCount = $ListItems.Count
#Iterate through each list item
ForEach($Item in $ListItems){
Write-Progress -PercentComplete ($global:Counter / ($ItemCount) * 100) -Activity "Getting Shared Links from '$($Item.FieldValues["FileRef"])'" -Status "Processing Items $global:Counter to $($ItemCount)";
#Check if the Item has unique permissions
$HasUniquePermissions = Get-PnPProperty -ClientObject $Item -Property "HasUniqueRoleAssignments"
If($HasUniquePermissions){
#Get Shared Links
$SharingInfo = [Microsoft.SharePoint.Client.ObjectSharingInformation]::GetObjectSharingInformation($Ctx, $Item, $false, $false, $false, $true, $true, $true, $true)
$ctx.Load($SharingInfo)
$ctx.ExecuteQuery()
ForEach($ShareLink in $SharingInfo.SharingLinks){
If($ShareLink.Url){
If($ShareLink.IsEditLink){
$AccessType="Edit"}
ElseIf($shareLink.IsReviewLink){
$AccessType="Review"}
Else{
$AccessType="ViewOnly"}
#Collect the data
$Results += New-Object PSObject -property $([ordered]@{
Name = $Item.FieldValues["FileLeafRef"]
RelativeURL = $Item.FieldValues["FileRef"]
FileType = $Item.FieldValues["File_x0020_Type"]
ShareLink = $ShareLink.Url
ShareLinkAccess = $AccessType
ShareLinkType = $ShareLink.LinkKind
AllowsAnonymousAccess = $ShareLink.AllowsAnonymousAccess
IsActive = $ShareLink.IsActive
Expiration = $ShareLink.Expiration
})}}}
$global:counter++}
Write-Host
Write-Host -ForegroundColor Green "Creating and exporting CSV file"
$Results | Export-CSV $ReportOutput -NoTypeInformation
Write-Host
Write-Host -ForegroundColor Green "Hash MD5 of file result"
certutil -hashfile $ReportOutput MD5
Write-Host
Write-Host -ForegroundColor Green "Date and time"
Get-Date
Script #3: Remove permissões únicas de todos os itens (pode não ser efetivo para todos os links)
#Set Variables
$SiteURL = "https://contoso.sharepoint.com/sites/nameofthesite"
$ListName = "Documents"
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive
#Get all list items in batches
$ListItems = Get-PnPListItem -List $ListName -PageSize 500
#Iterate through each list item
ForEach($ListItem in $ListItems)
{
#Check if the Item has unique permissions
$HasUniquePermissions = Get-PnPProperty -ClientObject $ListItem -Property "HasUniqueRoleAssignments"
If($HasUniquePermissions)
{
$Msg = "Deleting Unique Permissions on {0} '{1}' at {2} " -f $ListItem.FileSystemObjectType,$ListItem.FieldValues["FileLeafRef"],$ListItem.FieldValues["FileRef"]
Write-host $Msg
#Delete unique permissions on the list item
Set-PnPListItemPermission -List $ListName -Identity $ListItem.ID -InheritPermissions
}}
Fonte:
Comentários
0 comentário
Por favor, entre para comentar.