PowerShell Script to Follow a SharePoint Site for a User
Good morning! I've been struggling with this for a while now. I've tried multiple scripts that are supposed to do this and run into many errors. I have a new script I found, which seems to mostly work, but it gives me this one error: Write-Error: Response status code does not indicate success: Forbidden (Forbidden). It looks like a permissions issue. I'm executing this in VSC, running under my user account, but when it connects to Graph, I'm authenticating it as my admin account, which has the following roles: I do realize how easy it is for users to follow a site, but this is one of those messed-up political situations, so I need a way to do this. After the error, it just hangs here: Add users to follow site(. [Adding user 'Ken Ce.] Here is the script I'm using: # Example: .\Add-FollowUserSite.ps1 -UsersMail "user1@[domain].com","user2@[domain].com","user3@[domain].com" -SitesUrl "https://[domain].sharepoint.com" [CmdletBinding()] param( [Parameter(Mandatory=$true,HelpMessage="List of Users Mails")] [String[]]$UsersMail=@("user1@[domain].com","user2@[domain].com","user3@[domain].com"), [Parameter(Mandatory=$true,HelpMessage="List of SharePoint Url to follow")] [String[]]$SitesUrl=@("https://[domain].sharepoint.com") ) Begin{ # Validate Modules ffor Microsoft graph users exist if (Get-Module -ListAvailable -Name microsoft.graph.users) { Write-Host "Microsoft Graph Users Module Already Installed" } else { try { Install-Module -Name microsoft.graph.users -Scope CurrentUser -Repository PSGallery -Force -AllowClobber } catch [Exception] { $_.message } } # Validate Modules ffor Microsoft graph users exist if (Get-Module -ListAvailable -Name microsoft.graph.sites) { Write-Host "Microsoft Graph Sites Module Already Installed" } else { try { Install-Module -Name microsoft.graph.sites -Scope CurrentUser -Repository PSGallery -Force -AllowClobber } catch [Exception] { $_.message } } # Import Modules Microsoft.Graph.users and Microsoft.Graph.sites to be used Import-Module Microsoft.Graph.users Import-Module Microsoft.Graph.sites Write-Host "Connecting to Tenant" -f Yellow Connect-MgGraph -Scopes "Sites.ReadWrite.All", "User.Read.All" Write-Host "Connection Successful!" -f Green } Process{ $count = 0 $UsersMail | foreach { #Get user Graph properties $mail = $_ $user = Get-MgUser -ConsistencyLevel eventual -Count 1 -Search ([string]::Format('"Mail:{0}"',$mail)) $SitesUrl | foreach { #Get Site Graph properties $domain = ([System.Uri]$_).Host $AbsolutePath = ([System.Uri]$_).AbsolutePath $uriSite = [string]::Format('https://graph.microsoft.com/v1.0/sites/{0}:{1}',$domain,$AbsolutePath) $site = Invoke-MgGraphRequest -Method GET $uriSite #Create Body for Post request $body = @' { "value": [ { "id": "{$SiteID}" } ] } '@.Replace('{$SiteID}',$site.id) #Graph call that include user to follow site $uriFollow = [string]::Format('https://graph.microsoft.com/v1.0/users/{0}/followedSites/add',$user.Id) #Include follow option from user to SharePoint Site try{ $response = Invoke-MgGraphRequest -Method POST $uriFollow -Body $body -ContentType "application/json" Write-Host "User '$($user.DisplayName)' is following site '$($AbsolutePath)'" -f Green } catch { Write-Error $_.Exception } } $count += 1 #progress bar Write-Progress -Activity 'Add users to follow site(s)' -Status "Adding user '$($user.DisplayName)' to follow sites... ($($count)/$($UsersMail.Count))" -PercentComplete (($count / $UsersMail.Count) * 100) } } End { Disconnect-MgGraph Write-Host "Finished" -ForegroundColor Green } Any help would be greatly appreciated.
Purview -> Powershell
i need to export some users their data before their licenses are removed. It is about 60 users, so i would rather user powershell instead of the purview portal to automate the job. So i have been playing around with the commandlets, to get an idea to build the script. The strange thing is what i see in Powershell is not represented in the Purview portal. We had an older compliance case which was no longer used. I tried to remove the compliance case by the Purview portal, but nothing happens when clicking "delete case" or "close case". i then reverted back to PowerShell by using the Remove-ComplianceCase "$CaseName", where the compliance case was successfully removed. When running the Get-ComplianceCase, i can see that the old compliance case is indeed removed, however the removed compliance case is still present in the Purview portal even several hours after deleting the case with PowerShell. Then started to play around with a new compliance search New-ComplianceSearch -Name "$($TargetMailbox.displayName) License Cleanup" -ExchangeLocation "$($TargetMailbox.PrimarySmtpAddress)" -Case "License Cleanup" -SharePointlocation "$($PNPPersonalSite.url)" after refreshing a couple of times i could see the compliance search in the purview portal. Then started the compliance search by using the Start-ComplianceSeacrh commandlet and verified that the search status was completed: Get-compliancesearch "$($TargetMailbox.displayName) License Cleanup" | select status However in the Purview portal no statistics were shown (not available yet). Didn't spend to much attention as i already saw discrepancies between the purview portal and what i saw in Powershell, so continued exporting compliance search with a compliance search action to export the data in the process manager New-ComplianceSearchAction -SearchName ""$($TargetMailbox.displayName)" -Export Can successfully retrieve the compliancesearch action in Powershell and can see that the status is completed, but fail to retrieve the export in the purview portal. Get-ComplianceSearchAction -case "License CleanUp" -includecredential | fl Did not achieve a way in downloading the export results via PowerShell, but would already be pretty pleased if i could achieve the first two steps via PowerShell. But as i am unable to retrieve the export in the Purview portal, i am afraid that i am still stuck. I can create an export in the Purview portal from the compliance search i created in Powershell. Can anyone please explain me the issue with the discrepancies between what i see in PowerShell and the Purview Portal and is it possible to see the exports created in powershell in the purview portal? And is it feasible to download the export from Powershell as well (Start-Process)?List SharePoint Sites, their Libraries, their folders, and their Permissions for Given User
I need to run an audit on the permissions without our SharePoint instance. I'm trying to mix a bunch of code together to achieve this and I'm failing. I would like an output like this: Site 1 Title Permission ---------------------------------------- Library 1 Read Library 2 Full Control Library 3 Contribute Library 4 Read Library 5 Contribute Site 2 Title Permission ---------------------------------------- Library 1 Read Library 2 Full Control Library 3 Contribute Library 4 Read Library 5 Contribute The closest I've gotten is permissions looping through the Sites, but it keeps outputting the same libraries for each site, and it's not even accurate. #Set Parameter $TenantSiteURL="https://contoso.sharepoint.com" #Connect to the Tenant site Connect-PnPOnline -Url $TenantSiteURL -Credentials (Get-Credential) #Get All Site collections - Exclude: Seach Center, Redirect site, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bot Sites $SiteCollections = Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1") #Loop through each site collection ForEach($Site in $SiteCollections) { Write-Host "" $Site.Title #Get all document libraries $DocLibs = Get-PnPList #Get ID and Title of the document library $DocLibs.Title }
I want to create Sharepoint Verisoning Report on my Tenant
I have created a script, but dont seem to be able to find out how many file versions there are , Config Variables $TenantAdminURL = "https://admin.sharepoint.com" $CSVFilePath = "C:\Temp\RESTART.csv" #Get the Root Web #$Web = Get-PnpWeb #$versions = Get-SPOListItemVersion -ListItem $listItem #Get the Site Title Write-host -f Green $Web.Title #Connect to Admin Center using PnP Online Connect-PnPOnline -Url $TenantAdminURL -ClientId “cabf4-cc9b-4dcf-807b-8af94c3c4333" -Interactive -ForceAuthentication #Delete the Output Report, if exists if (Test-Path $CSVFilePath) { Remove-Item $CSVFilePath } #Get All Site collections - Exclude: Seach Center, Redirect site, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bot Sites $SiteCollections = Get-PnPTenantSite | Where { $.URL -like '/sites' -and $.Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")} #Get All Large Lists from the Web - Exclude Hidden and certain lists $ExcludedLists = @("Form Templates","Site Assets", "Pages", "Site Pages", "Images", "Site Collection Documents", "Site Collection Images","Style Library") $SiteCounter = 1 #Loop through each site collection ForEach($Site in $SiteCollections) { #Display a Progress bar Write-Progress -id 1 -Activity "Processing Site Collections" -Status "Processing Site: $($Site.URL)' ($SiteCounter of $($SiteCollections.Count))" -PercentComplete (($SiteCounter / $SiteCollections.Count) * 100) #Connect to the site Connect-PnPOnline -Url $Site.URL -Interactive #Get all document libraries $DocumentLibraries = Get-PnPList | Where-Object {$_.BaseType -eq "DocumentLibrary" -and $_.Hidden -eq $False -and $_.Title -notin $ExcludedLists -and $_.ItemCount -gt 0} $ListCounter = 1 $ItemsColl = $List2.Items #Iterate through document libraries ForEach ($List in $DocumentLibraries) { $global:counter = 0 $FileData = @() Write-Progress -id 2 -ParentId 1 -Activity "Processing Document Libraries" -Status "Processing Document Library: $($List.Title)' ($ListCounter of $($DocumentLibraries.Count))" -PercentComplete (($ListCounter / $DocumentLibraries.Count) * 10) #Get All Files of the library with size > 100MB $Files = Get-PnPListItem -List $List -Fields FileLeafRef,FileRef,SMTotalFileStreamSize -PageSize 500 -ScriptBlock { Param($items) $global:counter += $items.Count; Write-Progress -Id 3 -parentId 2 -PercentComplete ($global:Counter / ($List.ItemCount) * 10) -Activity "Getting List Items of '$($List.Title)'" -Status "Processing Items $global:Counter to $($List.ItemCount)";} | Where {($_.FileSystemObjectType -eq "File") -and ($_.FieldValues.SMTotalFileStreamSize/1MB -gt 100)} #Collect data from each files ForEach ($File in $Files) { $FileData += [PSCustomObject][ordered]@{ Site = $Web.url Library = $List.Title FileName = $File.FieldValues.FileLeafRef URL = $File.FieldValues.FileRef Size = [math]::Round(($File.FieldValues.SMTotalFileStreamSize/1MB),2) } } #Export Files data to CSV File $FileData | Sort-object Size -Descending $FileData | Export-Csv -Path $CSVFilePath -NoTypeInformation -Append $ListCounter++ #Write-Progress -Activity "Completed Processing List $($List.Title)" -Completed -id 2 } $SiteCounter++ }
Best way to remove UseClientIntegration from each role definition (SharePoint Online)
I've created a PS script that removes Use Client integration from each permission level (role definition). This works, but as a side effect it gives the custom role definitions a new id. This can cause issues further down the line. Here is the part of the script which replaces the existing permission levels (role defs): #Install App to the Site Install-PnPApp -Identity $App.Id # Get all existing role definitions $roleDefinitions = Get-PnPRoleDefinition foreach ($role in $roleDefinitions) { # Create a new custom role definition by copying the existing one $newRoleName = "Custom_" + $role.Name # Clone the existing permission levels excluding Client Int.: Add-PnPRoleDefinition -RoleName $newRoleName -Clone $role -Exclude UseClientIntegration # Remove the original role definition Remove-PnPRoleDefinition -Identity $role.Name -Force } # Get the new role definitions: $newRoleDefinitions = Get-PnPRoleDefinition # Rename each permission to remove the "Custom_" foreach ($newRole in $newRoleDefinitions) { Set-PnPRoleDefinition -Identity $newRole.Name -NewRoleName $newRole.Name.TrimStart("Custom_") } # Remove the erroneously created permission levels: if($role.Name -eq "Custom_Limited Access" -or "Custom_Web-Only Limited Access" -or "Custom_Full Control") { Remove-PnPRoleDefinition -Identity "Custom_Limited Access" -Force Remove-PnPRoleDefinition -Identity "Custom_Web-Only Limited Access" -Force Remove-PnPRoleDefinition -Identity "Custom_Full Control" -Force Set-PnPRoleDefinition -Identity "ntribute" -NewRoleName "Contribute" #Not sure why earlier in the script it changes Contribute to "ntribute" but i'm having to rename it here. } I need a better way to do this, as you can see it's an amateur effort. I need someway to remove UserClientIntegration from each permission level but keep the original permission level role def id.Threat Hunting with PowerShell - Security even with a small budget - there is no excuse!
Dear Threat Hunter, Lack of IT security is often excused by little or no available money. In my view, this is a very poor excuse. In this article I will try to give you a jump start on how to investigate threats with PowerShell. Is this a comprehensive and conclusive list of how you can find or detect threats/threats? NO, absolutely not. But it is meant to provide you with the support that you need to move forward on your own. Let's talk about the "general conditions": 1. If you use the PowerShell scripts I show/explain in this article, this is entirely your responsibility. I use the scripts in different situations, they are not dangerous, but you should already know what you are doing. 2. Written permission! If you are not sure if you are allowed to do an investigation, organize a written permission from your supervisor. 3. In the different scripts I sometimes (for this article deliberately) use standard search words like "malware", "malicious", "hacker" etc. Such search patterns/search words need to be customized, of course. These simply serve as an example. 4. The last part of the article examines some Microsoft cloud services. I am absolutely aware that there are a huge number of tools for hunting in the Microsoft cloud services. It starts with Azure Sentinel and continues with Cloud App Security. Since the focus is on a small budget, I'll leave those tools on the side. Introduction: So first, why should you use PowerShell for threat hunting? PowerShell is a useful threat hunting tool because it is a powerful scripting language and a platform for automating tools and accessing data across any Windows environment. It allows you to quickly gather information from various sources such as event logs, registries, files, and processes. Additionally, it can also be easily integrated with other tools and technologies making it a flexible and efficient tool for threat hunting. Some common use cases for PowerShell in the threat hunting environment include automated collection of log data, identification of unusual behavior anomalies in the system, the discovery of malware or malicious activity by known signatures or patterns or behaviors. These are just a few examples of how PowerShell can be used in a threat hunting capacity. Its versatility and ability to access and manipulate data from across the Windows environment make it a very valuable tool for any security professional. Threat Hunting in PowerShell - Use Cases: All right. So now that we understand where PowerShell can benefit an organization from a threat hunting perspective. Let's take a deeper look at some of the actual use cases you might encounter on a day to day basis, first being identify malicious processor files. So specifically, you can conduct raw file analysis to sift through different data shares to look for particular files in question whether that be a signature or even an extension of a certain file being able to quickly search and triage through files is an extreme benefit of using PowerShell for threat hunting. But how exactly do we start, what can we use as a guide? For example, the MITRE ATT&CK Framework. Here are a few examples: Indicator Removal: Clear Windows Event Logs https://attack.mitre.org/techniques/T1070/001/ Event Triggered Execution: Installer Packages https://attack.mitre.org/techniques/T1546/016/ Hide Artifacts: NTFS File Attributes https://attack.mitre.org/techniques/T1564/004/ Command and Scripting Interpreter: PowerShell https://attack.mitre.org/techniques/T1059/001/ Command and Scripting Interpreter: Windows Command Shell https://attack.mitre.org/techniques/T1059/003/ Event Triggered Execution: Windows Management Instrumentation Event Subscription https://attack.mitre.org/techniques/T1546/003/ Credentials from Password Stores: Windows Credential Manager https://attack.mitre.org/techniques/T1555/004/ Abuse Elevation Control Mechanism: Bypass User Account Control https://attack.mitre.org/techniques/T1548/002/ The MITRE ATT@CK framework provides a comprehensive and regularly updated overview of tactics, techniques, and procedures (TTPs) used by various threat actors. We can locate these TTPs using PowerShell, here are a few examples: Indicator Removal: Clear Windows Event Logs https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Active_Directory/06_Account_Events.ps1 Event Triggered Execution: Installer Packages https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/08_Get-ItemProperty_Software.ps1 Hide Artifacts: NTFS File Attributes https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/08_Get-ItemProperty_Software.ps1 Windows Installer Service is running https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/01_WIS_is_running.ps1 Search Alternate Data Streams on NTFS File Systems https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/02_Search_ADS_on_NTFS%20_(specific%20file).ps1 https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/03_Search_ADS_on_NTFS_file_systems.ps1 Read the Contents of a File https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/06_Read_the_contents_file.ps1 Locating Data Patterns within a File https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/05_locating_data_patterns_within_file.ps1 Search for Encoding with Regex https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/07_Search_encoding_with_regex.ps1 Search for Command and Scripting Interpreter: https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Tactics_Techniques_Procedures_(TTPs)/04_Searching_for_PIDs.ps1 Threat hunting in different environments with PowerShell: Coming examples are about collecting information in very different environments. Also here a few examples as a kind => as first starting points: Hunt for Threats in Active Directory: https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Active_Directory/01_Resetting_Password_Unlocking_Accounts.ps1 https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Active_Directory/02_Search_stale_accounts.ps1 https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Active_Directory/03_Users_without_Manager.ps1 https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Active_Directory/04_Password_Expiration.ps1 https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Active_Directory/05_Group_Membership_Report.ps1 https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Active_Directory/06_Account_Events.ps1 https://github.com/tomwechsler/Active_Directory_Advanced_Threat_Hunting/blob/main/PowerShell/Tracking_the_Source_of_Account_Lock_Outs_and_Bad_Passwords.ps1 https://github.com/tomwechsler/Active_Directory_Advanced_Threat_Hunting/blob/main/PowerShell/Finding_Unused_Group_Policy_Objects.ps1 Some of the scripts are structured in such a way that they must be executed block by block/line by line. So do not execute the whole script at once. Pay attention to the different information that is collected. With some investigations in the Active Directory accounts can be indicated like "guest" or "krbtgt", there must be clear of course how this information is to be estimated. Depending on how and what information is searched. Hunt for Threats in Exchange Online: https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Exchange_Online/Exchange_Mailbox_LastLogin.ps1 Find mailboxes with the last login. Hunt for Threats in Azure: https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Azure/Collect_vms_subscription.ps1 We search Azure for all virtual machines in a subscription. https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_Azure/02_Graph_Create_Time_Last_Password.ps1 When was the last password change and when were the accounts created? Hunt for Threats in SharePoint: https://github.com/tomwechsler/Threat_Hunting_with_PowerShell/blob/main/Hunting_SharePoint_Online/SharePoint_Online_specific_files.ps1 With this script we search for files with the extension .ps1 in a SharePoint Online page. Summary: Is this the best tactic to hunt for threats? No! There are many different tactics/techniques to search for threats. First of all, there are a huge number of different tools that can be used, for example SIEM/SOAR (Security Information and Event Management/Security Orchestration, Automation and Response). These tools are really great, sometimes cost a lot and often it takes a lot of knowledge to use such tools. But what is the use of such tools if the information generated by these tools cannot be understood properly, not very much. For this reason, I have tried in this article with simple tools to generate information that hopefully can be interpreted. Is finished here at this point. NO, the journey continues. The examples in this article are neither exhaustive nor complete, but they should give you a starting point. I hope you can build on this foundation. I hope that this information is helpful to you and that you have received a good "little" foundation. But I still hope that this information is helpful for you. Thank you for taking the time to read the article. Happy Hunting, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerHow to remove shared link from subfolder in sharepoint online?
I tried out remove shared link from subfolder by powershell in sharepoint online: Remove-PnPFolderSharingLink -Folder "/sites/site/subfolder/" -Identity 52 But I get error: Remove-PnPFolderSharingLink: Exception of type 'System.Management.Automation.PSInvalidOperationException' was thrown. And "Get-PnPException" shows: Message : Exception of type 'System.Management.Automation.PSInvalidOperationException' was thrown. Stacktrace : at PnP.PowerShell.Commands.Base.PnPConnectedCmdlet.ProcessRecord() in c:\build\src\Commands\Base\PnPConnectedCmdlet.cs:line 101 at PnP.PowerShell.Commands.PnPSharePointCmdlet.ProcessRecord() in c:\build\src\Commands\Base\PnPSharePointCmdlet.cs:line 121 at System.Management.Automation.CommandProcessor.ProcessRecord() ScriptLineNumber : 1 Is there a way to remove shared link from subfolder with powershell in sharepoint online?
How to do deployment of WSP Solution using PNP Powershell in SharePoint
Looking for sample code details for below mentioned using PNP PowerShell. -Uploading WSP file to Solution gallery of Classic SharePoint site -Installing Solution -Activating the solution -Apply the custom template to SharePoint site. #Below is CSOM based Code - looking for code in PNP Based $fileBytes =[System.IO.File]::ReadAllBytes("D:\CustomTemplate.wsp") $fileCreateInfo = New-Object Microsoft.SharePoint.Client.FileCreationInformation $fileCreateInfo.Content = $fileBytes $fileCreateInfo.Url = $list.RootFolder.ServerRelativeUrl + "/CustomTemplate.wsp" $fileCreateInfo.Overwrite = $true $file = $list.RootFolder.Files.Add($fileCreateInfo) $Ctx.Load($file) $Ctx.ExecuteQuery() $designPackageInfo = New-Object Microsoft.SharePoint.Client.Publishing.DesignPackageInfo $designPackageInfo.PackageName = "CustomTemplate.wsp" $WSP = New-Object Microsoft.SharePoint.Client.Publishing.DesignPackageInfo $WSP.PackageGuid = [System.Guid]::Empty $WSP.PackageName = "CustomTemplate.wsp" $WSP.MajorVersion = 1 $WSP.MinorVersion = 0 $WSPFileURL = $list.RootFolder.ServerRelativeUrl + "/" + "CustomTemplate.wsp"; [Microsoft.SharePoint.Client.Publishing.DesignPackage]::Install($Ctx, $Ctx.Site, $WSP, $WSPFileURL) $Ctx.ExecuteQuery() Write-Host -f Green "`tInstalled the Solution Successfully!" #-------------------------------------------------------------------------------- [Microsoft.SharePoint.Client.Publishing.DesignPackage]::Install($Ctx, $site, $designPackageInfo, $fileCreateInfo.Url) $Ctx.ExecuteQuery() # Below is the main code to activate template and assign home page in site. [Microsoft.SharePoint.Client.Publishing.DesignPackage]::Apply($Ctx, $Ctx.Site, $WSP) $Ctx.ExecuteQuery() $web = $Ctx.Site.RootWeb $templateName = “{E7ED6200-07BF-42F8-94CB-F6560D080DFA}#SZ" $web.ApplyWebTemplate($templateName) $web.update() $Ctx.ExecuteQuery()
