Adding Users to Web App as Full Control


One of the most common issues I face while working with different environments is full control to all web applications in a SharePoint Farms.  The best way to tackle this issue for a team would be to create a AD Group and add the group to web application level using the same script but it is an issue where this method is not used so I faces issues browsing different web applications in different farms.  You can use the script below to fix this issues.

function Add-FullControl($UserName, $WebApp) 
{
    Write-Host "Adding $UserName as Full Control." -ForegroundColor Green
    $User = New-SPClaimsPrincipal -IdentityType WindowsSamAccountName -Identity $UserName
    $Policy = $WebApp.Policies.Add($User.ToEncodedString(), $UserName)   
    $Policy.PolicyRoleBindings.Add($WebApp.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullControl))   
    $WebApp.Update()
    Write-Host "Done for $UserName." -ForegroundColor Green
} 

foreach($WebApp in Get-SPWebApplication)
{
    $UserAccount = "contoso\sphelpdesk"
    Add-FullControl -UserName $UserAccount -WebApp $WebApp
}
Write-Host "All Done..." -ForegroundColor Green

Not a huge thing to do from UI but if you have big number of farms with many web apps this script will be handy.  The same script can be used for Cache Super User and Super Reader Accounts but minor changes to GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType]:: 🙂