Another powershell script, Information management policy via script to content types

This was hard to trackdown so I thought I would put it here for others to use.  Post the script below into a file e.g. SetPolicy.ps1
Export a policy from Site collection to an xml file, from say, your dev server, put the xml file and the script into the same folder on say, your production server

Fire up a powershell window as admin and run the script.

# SET THESE
#
$PortalUrl="http://server/webapp"
$manifestXml = get-content "Next_Update_Due_Policy.Xml"
# The manifest contains an ID
 
$policyFeatureId="af5f1adb-dca9-490a-9bae-b5f6238699c7"
# This is the ID from the manifest
 
#
# #####################################################
 
$wa = Get-SPWebApplication $Portalurl
$site = Get-SPSite -Identity $portalUrl
 
$contentTypes = @()
$contentTypes += "Content type 1"
$contentTypes += "Content type 2"
$contentTypes += "Content type 3"
 
# Create site collection policy
# Import XML into it
#
try {
[Microsoft.Office.RecordsManagement.InformationPolicy.PolicyCollection]::Add($site, $manifestXml)
write-host "Created site collection policy"
}
catch {
write-host $_.Exception.Message
}
$policyCatalog = new-object Microsoft.Office.RecordsManagement.InformationPolicy.PolicyCatalog($site)
$SiteCollpolicy = $policyCatalog.PolicyList[$policyFeatureId]
 
# Bind each content type to the policy we just created
#
$contentTypes % {
$thisContentType = $_
Write-host "Bind policy to" $thisContentType
$ctype = $site.RootWeb.ContentTypes[$thisCOntentType]
try {
[Microsoft.Office.RecordsManagement.InformationPolicy.Policy]::CreatePolicy($ctype, $SiteCollpolicy);
}
catch {
write-host $_.Exception.Message
}
}
$site.Dispose()
Write-host "Run timer jobs"
Get-SPTimerJob ?{$_.Name -match "PolicyUpdateProcessing"} ?{$_.Parent -eq $wa} Start-SPTimerJob
Get-SPTimerJob ?{$_.Name -match "DocIdEnable"} ?{$_.Parent -eq $wa} Start-SPTimerJob
Get-SPTimerJob ?{$_.Name -match "DocIdAssignment"} ?{$_.Parent -eq $wa} Start-SPTimerJob

So whats happening then;

  • Read the exported policy xml into a variable
  • Add the previously exported policy xml to a new SiteCollection policy
  • Get the site collection policy catalog
  • From there get the policy we just Added
  • Now for each content type in the earlier created array of content type names
  • Bind the policy to the content type
  • Finally run a few chosen timer jobs to make it all hang together

Enjoy.

Script the DCOM fix in SharePoint

I got fed up with fixing this so I put together a powershell script to sort
it all out for me.

You will need to install SetAcl and DcomPerm.

Paste the script below into a file e.g. FixDcom.ps1
Fire up a powershell window (As Administrator) and execute the script

As ever, all at your own risk.

$PortalSiteOwner="domain\username"
$PortalAccount="domain\username"
$SPFarmAccount="domain\username"
 
$SetAcl="WhereYouInstalledSetAcl.exe"
$backupFileName="$here\RegPerms-Dconfig.bak"
$RegKeyOwner="$PortalSiteOwner"
 
# SETACL
#
 
# Backup the existing perms
#
$args = "-on", "HKCR\AppID\{61738644-F196-11D0-9953-00C04FD919C1}",
 "-ot", "reg", "-actn", "list", "-lst", "f:sddl;w:d,s,o,g;i:y;s:b",
 "-bckp", "$backupFileName"
& $SetAcl $args
 
 
 
 
# Take ownership
#
$args = "-on", "HKCR\AppID\{61738644-F196-11D0-9953-00C04FD919C1}", "-ot",
 "reg", "-actn", "setowner", "-ownr", "n:$RegKeyOwner;s:n"
& $SetAcl $args
 
# Assign full control
#
$args = "-on", "HKCR\AppID\{61738644-F196-11D0-9953-00C04FD919C1}", "-ot",
 "reg", "-actn", "ace", "-ace", "n:$RegKeyOwner;p:full"
& $SetAcl $args
 
# DCOMFIG
#
 
Write-Host "THIS WILL FAIL IF YOU DO NOT HAVE REGISTRY ACCESS TO"
Write-Host "HKCR:\AppID\{61738644-F196-11D0-9953-00C04FD919C1} REGISTRY KEY" 
 
$argz = @( "-al", "{61738644-F196-11D0-9953-00C04FD919C1}", "set" ,
 "__USER__HERE__" ,"permit", "level:l")
 
$argz[3] = "$SpfarmAccount"
& "$AssetsPath\dcomperm.exe" $argz
 
$argz[3] = "$PortalAccount"
& "$AssetsPath\dcomperm.exe" $argz
 
# Restore original permissions
#
$args = "-on", "HKCR\AppID\{61738644-F196-11D0-9953-00C04FD919C1}", "-ot",
 "reg", "-actn", "restore", "-bckp", "$backupFileName"
& $SetAcl $args

So this is what it is doing;

  • Use SetAcl to make a backup of the registry permissions on the …919C1 registry key
  • Use SetAcl to take ownership of the …919C1 registry key
  • Use SetAcl to assign full control of the …919C1 registry key
  • Use Dcomperm to Grant local activation to SP Farm account
  • Use Dcomperm to grant loccal activation to Portal app pool account
  • Use SetAcl to restore the originla permissions to the … 919C1 registry key

Enjoy.