如何使用 PowerShell 将 SharePoint 中的子网站设为只读？

---

要求：将 SharePoint 子网站设置为只读。

此方法将子网站上应用的所有其他权限替换为“读取”，并且无法恢复！确保仅在不需要恢复只读的情况下继续（例如迁移后）！不过，您可以备份现有权限。如果您想将网站集设置为只读，请参阅：如何将SharePoint Online网站集设置为只读模式？

如何通过重置权限将子网站设为只读？

有时，您可能需要将 SharePoint 子网站设置为只读，以便用户无法修改其内容。在本文中，我将向您展示如何在 SharePoint 中将子网站设置为只读。

我们可以通过将所有用户和组权限替换为“读取”权限级别，将 SharePoint 子网站设置为只读。

1. 导航至子网站 >> 单击“网站设置”>>“网站权限”。
2. 在站点权限页面中，为所有用户和组保留“读取”、“仅查看”或“受限访问”权限，然后选择其余用户和组。

3. 单击功能区中的“编辑用户权限”按钮可批量编辑所选用户和组的权限级别。

   

4. 选择“读取”权限级别，然后点击“确定”保存！

   

这会将子站点设置为只读。

这些方法不能控制场管理员、网站集管理员！

PowerShell 将子网站权限重置为只读：

以下是使子网站只读的 SharePoint PowerShell：

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Parameters
$SubsiteURL = "https://intranet.crescent.com/legal"

#Get the Subsite
$Web = Get-SPWeb $SubsiteURL

#Break Permission Inheritance, if not already
If(!$Web.HasUniqueRoleAssignments)
{
    $Web.BreakRoleInheritance($true)
}

#Get Required Permission Levels
$ReadPermission = $web.RoleDefinitions["Read"]
$ViewOnlyPermission = $web.RoleDefinitions["View Only"]
$LimitedAccessPermission = $web.RoleDefinitions["Limited Access"]

#Add Read Permission to Role Assignment, if not added already
ForEach ($RoleAssignment in $Web.RoleAssignments) 
{
    $RoleDefinitionBindings = $RoleAssignment.RoleDefinitionBindings
    If(!($RoleDefinitionBindings.Contains($ReadPermission) -or $RoleDefinitionBindings.Contains($ViewOnlyPermission) -or $RoleDefinitionBindings.Contains($LimitedAccessPermission)))
    {
        $RoleAssignment.RoleDefinitionBindings.Add($ReadPermission)
        $RoleAssignment.Update()
        Write-host "Added Read Permissions to '$($RoleAssignment.Member.Name)'" -ForegroundColor Green
    }
}

#Remove All permissions other than Read or Similar
ForEach ($RoleAssignment in $Web.RoleAssignments) 
{ 
    $RoleDefinitionBindings = $RoleAssignment.RoleDefinitionBindings
    For($i=$RoleAssignment.RoleDefinitionBindings.Count-1; $i -ge 0; $i--)
    {
        $RoleDefBinding = $RoleAssignment.RoleDefinitionBindings[$i] 
        If( ($RoleDefBinding.Name -eq "Read") -or ($RoleDefBinding.Name -eq "View Only") -or ($RoleDefBinding.Name -eq "Limited Access") )
        {
            Continue;
        }
        Else
        {
            $RoleAssignment.RoleDefinitionBindings.Remove($RoleAssignment.RoleDefinitionBindings[$i])
            $RoleAssignment.Update()
            Write-host "Removed '$($RoleDefBinding.Name)' Permissions from '$($RoleAssignment.Member.Name)'" -ForegroundColor Yellow
        }
    }
}

等等，如果子网站中的列表、库、文件夹或文件具有唯一权限（继承被破坏！）怎么办？让我们扩展脚本以重置所有底层对象的权限。

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Function to replace all permission levels granted with "Read"
Function Reset-Permissions([Microsoft.SharePoint.SPSecurableObject]$Object)
{
    #Add Read Permission to Role Assignment, if not added already
    ForEach ($RoleAssignment in $Object.RoleAssignments) 
    {
        $RoleDefinitionBindings = $RoleAssignment.RoleDefinitionBindings
        If(!($RoleDefinitionBindings.Contains($ReadPermission) -or $RoleDefinitionBindings.Contains($ViewOnlyPermission) -or $RoleDefinitionBindings.Contains($LimitedAccessPermission)))
        {
            $RoleAssignment.RoleDefinitionBindings.Add($ReadPermission)
            $RoleAssignment.Update()
            Write-host "`tAdded Read Permission to '$($RoleAssignment.Member.Name)'" -ForegroundColor Green
        }
    }

    #Remove All permissions other than Read or Similar
    ForEach ($RoleAssignment in $Object.RoleAssignments) 
    { 
        $RoleDefinitionBindings = $RoleAssignment.RoleDefinitionBindings
        For($i=$RoleAssignment.RoleDefinitionBindings.Count-1; $i -ge 0; $i--)
        {
            $RoleDefBinding = $RoleAssignment.RoleDefinitionBindings[$i] 
            If( ($RoleDefBinding.Name -eq "Read") -or ($RoleDefBinding.Name -eq "View Only") -or ($RoleDefBinding.Name -eq "Limited Access") )
            {
                Continue;
            }
            Else
            {
                $RoleAssignment.RoleDefinitionBindings.Remove($RoleAssignment.RoleDefinitionBindings[$i])
                $RoleAssignment.Update()
                Write-host "`tRemoved '$($RoleDefBinding.Name)' Permission from '$($RoleAssignment.Member.Name)'" -ForegroundColor Yellow
            }
        }
    }
}

#Parameters
$SubsiteURL = "https://intranet.sharepoint.com/2010"

#Get the Subsite
$Web = Get-SPWeb $SubsiteURL

#Break Permission Inheritance of the subsite, if not already
If(!$Web.HasUniqueRoleAssignments)
{
    $Web.BreakRoleInheritance($true)
}

#Get Required Permission Levels
$ReadPermission = $web.RoleDefinitions["Read"]
$ViewOnlyPermission = $web.RoleDefinitions["View Only"]
$LimitedAccessPermission = $web.RoleDefinitions["Limited Access"]

#Call the function to Reset Web permissions
Write-host "Resetting Permissions on Web..."-NoNewline
Reset-Permissions $Web
Write-host "Done!" -f Green

#Array to Skip System Lists and Libraries
$SystemLists =@("Converted Forms", "Master Page Gallery", "Customized Reports", "Form Templates", "List Template Gallery", "Theme Gallery", 
           "Reporting Templates", "Solution Gallery", "Style Library", "Web Part Gallery","Site Assets", "wfpub")
  
#Loop through each list in the web
Foreach ($List in $Web.Lists)
{
    #Get only lists with unique permissions & Exclude Hidden System libraries
    If (($List.Hidden -eq $false) -and ($SystemLists -notcontains $List.Title) -and ($List.HasUniqueRoleAssignments) )
    {
        #Call the function to Reset List permissions
        Write-host -NoNewline "Resetting Permissions on List '$($List.title)'..."
        Reset-Permissions $List
        Write-host "Done!" -f Green
    }
}

#Check List items with unique permissions
Foreach ($List in $Web.Lists)
{
    #Get only lists with unique permissions & Exclude Hidden System libraries
    If (($List.Hidden -eq $false) -and ($SystemLists -notcontains $List.Title))
    {
        #Get All list items with unique permissions
        $UniqueItems = $List.GetItemsWithUniquePermissions()
        If($UniqueItems.count -gt 0)
        {
            #Call the function to Reset List Item permissions
            Write-host "Resetting Permissions on List Items of '$($List.title)'"
            $UniqueItems | ForEach-Object {
                Reset-Permissions $List.GetItemById($_.ID)
            }            
        }
    }
}

这是关于将 SharePoint 列表设置为只读的另一篇文章：如何使用 PowerShell 将 SharePoint 列表或库设置为只读模式？