SharePoint 2007 - Remove all permissions to site collection

Question

I need to remove all permissions to a SharePoint 2007 site collection. It is a huge site with hundreds of sub-sites, lists and libraries that all have broken inheritance.

Is there a quick way to delete all permissions to the site?

Answer 1

I have altered the code to work in MOSS 2007, kindly try the below code.

    #region Variables 

[string]$WebUrl = "http://moss2007/" 
[string]$GroupNametoKeep = "Root Owners" 

#endregion 
#region Functions 

Function CleanUpAcl 
{ 
    param($SPObject, $GroupName) 

    $Title = $SPObject.Title 
    Write-Host "Removing permissions from $Title" 
    $RoleAssignmentsCount = $SPObject.RoleAssignments.Count 

    For($i = $RoleAssignmentsCount - 1; $i -ge 0; $i--) 
    { 
        if($SPObject.RoleAssignments[$i].Member.Name -ne $GroupName) 
        { 
            $DeletedGroupName = $SPObject.RoleAssignments[$i].Member.Name 
            Write-Host "`t Removing Group/User $DeletedGroupName..." 
            $SPObject.RoleAssignments.RemoveByID($SPObject.RoleAssignments[$i].Member.ID) 
        } 
    } 
} 

#endregion 
#region Main 

[void][System.reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") 
$Site = New-Object Microsoft.SharePoint.SPSite($WebUrl) 
$Web = $Site.OpenWeb() 
#$web.url 
$Lists = $Web.Lists
ForEach ($List in $Lists)
{ 
    if($List.HasUniqueRoleAssignments) 
    { 
        CleanUpAcl $List $GroupNametoKeep  
    }Else 
    { 
        $Response = Read-Host "List permissions are not unique, would you like to go to parent object with broken inheritance? (y/n)" 
        if(($Response -eq "y") -or ($Response -eq "yes")) 
        { 
            $BrokenSPObject = $List.FirstUniqueAncestor 
            CleanUpAcl $BrokenSPObject $GroupNametoKeep 
        } 
    } 
}

#Get All Users of the site collection 
$UserAccounts = @() 
foreach ($user in $web.SiteUsers) {
    $UserAccounts = $UserAccounts + $user.loginname 
}
  #Remove all users one by one. 
  foreach ($user in $UserAccounts) 
  { 
      try
       {
            #Set the Error Action 
            $ErrorActionPreference = "Stop" 
            #Remove User if not site admin 
            if(!$web.SiteUsers[$User].isSiteAdmin) 
            { 
                $web.SiteUsers.Remove($user) 
                Write-host "User Removed :" $user -ForegroundColor Green 
            } 
        } 
        catch {
                Write-host "Failed to remove the user:" + $user -ForegroundColor Red 
            } 
            Finally 
            { 
                #Reset the Error Action to Default 
                $ErrorActionPreference = "Continue" 
            } 
    }

#endregion 

Answer 2

PowerShell is going to be your best bet. Here is a script to remove users from a security group. You can modify this to loop through all of your security groups in your site collection and clean them all out.:

$site = new-object Microsoft.SharePoint.SPSite("Site URL") 
$web = $site.OpenWeb() 
$oSiteGroup = $web.SiteGroups["Group Name"];
$oUsers = $oSiteGroup.Users
  foreach ($oUser in $oUsers) 
  { 
    "Removing user : " + $oUser.Name 
    $oSiteGroup.RemoveUser($oUser) 
  }

This site has some basic widely used PS scripts you can use to add to this script to help you get the users and get rid of them like you want. Use this script as a base, and you should be able to get it done.