Search Server 2010 and Claims Based Authentication
0/5 (0 vote)
How to get around access denied error with Search Server 2010 and claims based authenticated web application
Problem
If you install Search Server Express 2010 on a SharePoint farm that has a web application using claims based authentication, you will get access denied in Central Administration when trying to manage the search service application.Solution
To work around this issue, the user logged in to Central Administration must be added with permissions directly on the claims based authenticated web application. This cannot be done in the central administration UI even if ntlm authentication is enabled on the web application. The claims based user is not perceived by SharePoint as the user logged on to the windows authenticated Central Administration, i.e. 'i: 0#.w|domain\user' is not the same as 'domain\user'. Use the following powershell script to add the windows authenticated user to the web application:[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")
$site = new-Object Microsoft.SharePoint.SPSite("http://SitesCBA.domain.no")
$wa = $site.WebApplication
$user = "domain\user"
$policy = $wa.Policies.Add($user, $user)
$policy.PolicyRoleBindings.Add($wa.PolicyRoles.GetSpecialRole(
[Microsoft.SharePoint.Administration.SPPolicyRoleType]::FullControl))
$wa.Update()
$site.Dispose()