ShieldsDown.config for Sitecore PowerShell developers

Reading time ~1 minute

Save your keystrokes! Don’t waste your time on entering password every five minutes when working with Powershell Extensions for Sitecore

Introduction

Important!

You are using configuration presented below at your own risk. Do not weaken security on ANY production server.

After SPE team introduced security improvements, by default you have to provide password when you want to use

  • Console,
  • ISE
  • Save script

Security hardening is a great thing but on my local dev instance I don’t care about security so much and I want more freedom.

ShieldsDown.config

In order to switch off some security features follow steps below:

Create new Sitecore config file with the following content and store it in App_Config/Include.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
  <sitecore>
    <powershell>
      <services>
        <remoting>
          <patch:attribute name="enabled">true</patch:attribute>
          <authorization>
            <add Permission="Allow" IdentityType="User" Identity="sitecore\admin" />
          </authorization>
        </remoting>
        <restfulv2>
          <patch:attribute name="enabled">true</patch:attribute>
        </restfulv2>
      </services>
      <userAccountControl>
        <gates>
          <gate name="ISE">
              <patch:delete/>
          </gate>
          <gate name="Console">
              <patch:delete/>
          </gate>
          <gate name="ItemSave">
              <patch:delete/>
          </gate>
          <gate name="ISE" token="Permissive"/>
          <gate name="Console" token="Permissive"/>
          <gate name="ItemSave" token="Permissive"/>
        </gates>
        <tokens>
          <token name="Permissive" expiration="00:00:00" elevationAction="Allow"/>
        </tokens>
      </userAccountControl>
    </powershell>
  </sitecore>
</configuration>

Make sure it is loaded after SPE config file (put it into Include/zzz/ folder or select proper name, like zzzz_spe.config)

Features

  • disable User Account Control for all “gates”
    • ISE
    • Console
    • ItemSave
  • enable remoting (by default it is disabled) and add default sitecore\admin account
  • enable WebAPI (by default it is disabled)

Summary

Remember that security changes were introduced for a reason. You mustn’t disable security on any production environment.

The configuration I shared with you is addressed to developers who are working on isolated environments and they can afford less security and more convenience.

Read More

Asset Optimizer configuration

Explanation of different configuration options of SXA Asset Optimizer Continue reading

Items as resources and Unicorn

Published on November 21, 2021

Sitecore Extensions version 3.4 released

Published on November 07, 2020