0
点赞
收藏
分享

微信扫一扫

Microsoft 365 开发:如何脚本获取和移除Everyone except external users组

51CTO Blog地址:https://blog.51cto.com/u_13969817

为了方便方便企业内部员工可以快速的获取资料,Microsoft支持了Everyone except external users组,该组包括组织中的所有用户,但不包括外部用户或来宾,它是一个广泛的群体,用于与广泛的内部受众共享内容,而无需手动添加个人用户。

默认的情况下,用户在新建Public类型的Teams时,该组会存在member group里,有访问权限,但当Teams从Public转换为Private Teams时,该Everyone except external users组将会被删除。

当然了,有些人为了方便授权,直接针对teams或者某个library授权给该组,使其teams中的资料过度分享给组织内成员,所以作为管理员我们需要:

·       生成Tenant里所有网站包含Everyone except external users组的报告进行分析

·       敏感的网站,移除Everyone except external users组授权

Sample Code:通过脚本生成 tenant里所有网站包含Everyone except external users组的报告

$AdminCenterURL = "https://ruihengliu-admin.sharepoint.com/"
$CSVPath = "C:\Temp\EveryoneExceptGrp.csv"
Connect-PnPOnline -URL $AdminCenterURL 
$TenantID = Get-PnPTenantId
$SearchGroupID = "spo-grid-all-users/$TenantID" #Everyone except external users
$AllSites =  Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")
$Result = @()
ForEach($Site in $AllSites)
{
    Write-host -f Yellow "Processing site:" $Site.URL
    Connect-PnPOnline -URL $Site.URL -Interactive
    $Groups = Get-PnPSiteGroup -Site $Site.Url | Where-Object { $_.Users -contains $SearchGroupID }
    If($Groups)
    {
        Write-host -f Green "`tFound the Group under:" ($Groups.Title -join "; ")
        $Result += [PSCustomObject][ordered]@{
            SiteName         = $Site.Title
            URL              = $Site.URL
            Permissions      = "Group(s): $($Groups.Title -join "; ")"
        }
    }
    Else
    {
        $EEEUsers = Get-PnPUser  | Where {$_.Title -eq "Everyone except external users"}
 
        If($EEEUsers)
        {
            Write-host -f Green "`tFound the 'Everyone except external users' group with direct permissions!"
            $Result += [PSCustomObject][ordered]@{
                SiteName         = $Site.Title
                URL              = $Site.URL
                Permissions      = "Direct Permissions"
            }       
        }
    }
}
$Result | Format-Table
$Result | Export-Csv -Path $CSVPath

Sample Code:从特定的SharePoint 网站组中删除Everyone except external users

$SiteURL = "https://ruihengliu.sharepoint.com/sites/Sales"
Connect-PnPOnline -URL $SiteURL -Interactive
$TenantID = Get-PnPTenantId
$SearchGroupID = "spo-grid-all-users/$TenantID" 
$EEEUsersID = "c:0-.f|rolemanager|$SearchGroupID"
$Groups = Get-PnPSiteGroup -Site $SiteUrl | Where-Object { $_.Users -contains $SearchGroupID }
If($Groups)
{
    Write-host -f Yellow -NoNewline "Found the Group under:" ($Groups.Title -join "; ")   
    $Groups | ForEach-Object { Remove-PnPGroupMember -LoginName $EEEUsersID -Identity $_.Title }
    Write-host -f Green "`tRemoved from the Group(s)!"
}

Sample Code:从所有SharePoint网站中删除Everyone except external users组

$AdminCenterURL = "https://ruihengliu-admin.sharepoint.com/"
Connect-PnPOnline -URL $AdminCenterURL -Interactive
$AllSites =  Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")
ForEach($Site in $AllSites)
{
    Write-host -f Magenta "Processing site:" $Site.URL       
    Connect-PnPOnline -URL $Site.URL -Interactive
    $EEEUsers = Get-PnPUser  | Where {$_.Title -eq "Everyone except external users"}
    If($EEEUsers)
    {
        Write-host -f Yellow -NoNewline "`tFound the 'Everyone except external users' group on the site! " 
        Remove-PnPUser -Identity "Everyone except external users" -Force
        Write-host -f Green "Removed!"
    }
}

谢谢大家的阅读,希望能帮助大家日后的管理

举报

相关推荐

0 条评论