Locking Down SharePoint 2019 Sites: A Maintenance Guide with PowerShell

Locking Down SharePoint 2019 Sites: A Maintenance Guide with PowerShell

If you manage SharePoint 2019 on-premises environments, there might come a time when you need to restrict access to your site collections for maintenance or administrative tasks. Here's a comprehensive guide on how to lock down all site collections within a SharePoint web application using PowerShell.
Prerequisites

  • Environment: Run the script in the SharePoint Management Shell.
  • Permissions: You need administrative rights to manage site collections.

Script Configuration
Before you run the script, ensure you configure the following variables:

  • $webAppUrl: Set this to the URL of your SharePoint web application (e.g., http://your-webapp-url).
  • $outputFile: Define the path where the CSV report will be saved (e.g., C:\LockedSitesReport.csv).

How the Script Works

  1. Load SharePoint Snap-In: The script checks if the SharePoint PowerShell snap-in is loaded, and if not, it adds it.
  2. Define Variables: The script initializes variables for the web application URL and the output file path.
  3. Initialize Report Array: An array $siteStatusList is created to hold information about each site's lock status.
  4. Loop Through Site Collections:
    • For each site within the specified web application, the script:
      • Checks if the site is already locked (both ReadOnly and WriteLocked properties are true).
      • If not locked, it sets these properties to true, effectively locking the site.
      • Records the site's URL, whether it was "Already No Access" or "Set to No Access", and the timestamp.
  5. Export to CSV: The collected data is exported to a CSV file, providing a report on which sites were locked.

CSV Report Content

  • URL: The site collection's URL.
  • LockStatus: Indicates if the site was already locked or newly locked.
  • TimeLocked: The exact time when the lock was applied or noted.

The Script

# Load SharePoint PowerShell snap-in if not loaded
if ((Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null) {
    Add-PSSnapin Microsoft.SharePoint.PowerShell
}

# Define the URL of your web application
$webAppUrl = "http://your-webapp-url"
# Define the output CSV file path
$outputFile = "C:\LockedSitesReport.csv"

# Initialize an array to store site information
$siteStatusList = @()

# Get the Web Application object
$webApp = Get-SPWebApplication $webAppUrl

# Iterate through each site collection in the web application
foreach ($site in $webApp.Sites) {
    try {
        # Check if the site is already set to No Access
        $isAlreadyNoAccess = $site.ReadOnly -and $site.WriteLocked
        $lockStatus = if ($isAlreadyNoAccess) { "Already No Access" } else { "Set to No Access" }
        
        # If not already set to No Access, lock the site
        if (!$isAlreadyNoAccess) {
            $site.LockIssue = "Site is temporarily locked for maintenance"
            $site.ReadOnly = $true
            $site.WriteLocked = $true
            $site.Update()
        }

        # Collect site information for the CSV report
        $siteStatusList += [PSCustomObject]@{
            URL             = $site.Url
            LockStatus      = $lockStatus
            TimeLocked      = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
        }

        Write-Host "$lockStatus for site collection:" $site.Url -ForegroundColor Green
    }
    catch {
        Write-Host "Failed to process site collection:" $site.Url -ForegroundColor Red
    }
    finally {
        # Dispose of the site object to free up resources
        $site.Dispose()
    }
}

# Export the site status list to a CSV file
$siteStatusList | Export-Csv -Path $outputFile -NoTypeInformation -Encoding UTF8

Write-Host "All site collections in the web application have been processed. Report saved to $outputFile" -ForegroundColor Cyan

Additional Resources
For more scripts and tools related to SharePoint management, check out my GitHub repository: MuckyRat/SharePoint-Server-ReadOnly.

This script provides a straightforward way to secure your SharePoint environment during maintenance windows, ensuring that no users can access the sites until you've completed your tasks and unlocked them again.

Remember to test scripts in a non-production environment first to ensure they meet your specific requirements.