[GH-ISSUE #2916] Disable site creation by standard users - Does not correctly prevent site creation #1444

Closed
opened 2026-03-02 13:44:14 +03:00 by kerem · 4 comments
Owner

Originally created by @BPT-CIPP on GitHub (Oct 3, 2024).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2916

Description

Appologies in advance as i am not truly a dev and may not follow usual GitHub etiquette.

The standard currently only changes the "isSiteCreationEnabled" flag, but does not change the "isSiteCreationUIEnabled" flag.
the isSiteCreationUIEnabled flag appears to control if the site creation is allowed through the UI (web).

I am assuming the "isSiteCreationEnabled" flag changes behavior through api/powershell.

I have updated the powershell and tested on my installation and the changes below appear to work

"isSiteCreationUIEnabled": true

image

"isSiteCreationUIEnabled": false

image

Invoke-CIPPStandardDisableUserSiteCreate.ps1
updated code:

function Invoke-CIPPStandardDisableUserSiteCreate {
    <#
    .FUNCTIONALITY
        Internal
    .COMPONENT
        (APIName) DisableUserSiteCreate
    .SYNOPSIS
        (Label) Disable site creation by standard users
    .DESCRIPTION
        (Helptext) Disables users from creating new SharePoint sites
        (DocsDescription) Disables standard users from creating SharePoint sites, also disables the ability to fully create teams
    .NOTES
        CAT
            SharePoint Standards
        TAG
            "highimpact"
        ADDEDCOMPONENT
        IMPACT
            High Impact
        POWERSHELLEQUIVALENT
            Update-MgAdminSharepointSetting
        RECOMMENDEDBY
        UPDATECOMMENTBLOCK
            Run the Tools\Update-StandardsComments.ps1 script to update this comment block
    .LINK
        https://docs.cipp.app/user-documentation/tenant/standards/edit-standards
    #>

    param($Tenant, $Settings)
    ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'DisableUserSiteCreate'

    $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true

    If ($Settings.remediate -eq $true) {

        if ($CurrentInfo.isSiteCreationEnabled -or $CurrentInfo.isSiteCreationUIEnabled) {
            try {
                $body = '{"isSiteCreationEnabled": false, "isSiteCreationUIEnabled": false}'
                $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json'
                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled standard users from creating sites and adjusted UI setting' -sev Info
            } catch {
                $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable standard users from creating sites: $ErrorMessage" -sev Error
            }
        } else {
            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are already disabled from creating sites and UI setting is adjusted' -sev Info
        }

    }

    if ($Settings.alert -eq $true) {

        if ($CurrentInfo.isSiteCreationEnabled -eq $false -and $CurrentInfo.isSiteCreationUIEnabled -eq $false) {
            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are not allowed to create sites and UI setting is disabled' -sev Info
        } else {
            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are allowed to create sites or UI setting is enabled' -sev Alert
        }
    }

    if ($Settings.report -eq $true) {
        Add-CIPPBPAField -FieldName 'DisableUserSiteCreate' -FieldValue $CurrentInfo.isSiteCreationEnabled -StoreAs bool -Tenant $tenant
        Add-CIPPBPAField -FieldName 'DisableUserSiteCreateUI' -FieldValue $CurrentInfo.isSiteCreationUIEnabled -StoreAs bool -Tenant $tenant
    }
}

Environment data

Non-sponsored
Front End Version Number:
Back End Version Number:

Tried Tenant Cache Clear: true
Tried Token Cache Clear: true

Also tested solution and verified functionality.
Originally created by @BPT-CIPP on GitHub (Oct 3, 2024). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2916 ### Description Appologies in advance as i am not truly a dev and may not follow usual GitHub etiquette. The standard currently only changes the "isSiteCreationEnabled" flag, but does not change the "isSiteCreationUIEnabled" flag. the isSiteCreationUIEnabled flag appears to control if the site creation is allowed through the UI (web). I am assuming the "isSiteCreationEnabled" flag changes behavior through api/powershell. I have updated the powershell and tested on my installation and the changes below appear to work "isSiteCreationUIEnabled": true ![image](https://github.com/user-attachments/assets/1e0a5479-4e53-41f5-bbc6-a75f9f380a62) "isSiteCreationUIEnabled": false ![image](https://github.com/user-attachments/assets/7a3ddce3-348a-4296-b194-bb313c6f23f8) [Invoke-CIPPStandardDisableUserSiteCreate.ps1](https://github.com/BPT-CIPP/CIPP-API/blob/master/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1) updated code: ``` function Invoke-CIPPStandardDisableUserSiteCreate { <# .FUNCTIONALITY Internal .COMPONENT (APIName) DisableUserSiteCreate .SYNOPSIS (Label) Disable site creation by standard users .DESCRIPTION (Helptext) Disables users from creating new SharePoint sites (DocsDescription) Disables standard users from creating SharePoint sites, also disables the ability to fully create teams .NOTES CAT SharePoint Standards TAG "highimpact" ADDEDCOMPONENT IMPACT High Impact POWERSHELLEQUIVALENT Update-MgAdminSharepointSetting RECOMMENDEDBY UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK https://docs.cipp.app/user-documentation/tenant/standards/edit-standards #> param($Tenant, $Settings) ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'DisableUserSiteCreate' $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true If ($Settings.remediate -eq $true) { if ($CurrentInfo.isSiteCreationEnabled -or $CurrentInfo.isSiteCreationUIEnabled) { try { $body = '{"isSiteCreationEnabled": false, "isSiteCreationUIEnabled": false}' $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled standard users from creating sites and adjusted UI setting' -sev Info } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable standard users from creating sites: $ErrorMessage" -sev Error } } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are already disabled from creating sites and UI setting is adjusted' -sev Info } } if ($Settings.alert -eq $true) { if ($CurrentInfo.isSiteCreationEnabled -eq $false -and $CurrentInfo.isSiteCreationUIEnabled -eq $false) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are not allowed to create sites and UI setting is disabled' -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are allowed to create sites or UI setting is enabled' -sev Alert } } if ($Settings.report -eq $true) { Add-CIPPBPAField -FieldName 'DisableUserSiteCreate' -FieldValue $CurrentInfo.isSiteCreationEnabled -StoreAs bool -Tenant $tenant Add-CIPPBPAField -FieldName 'DisableUserSiteCreateUI' -FieldValue $CurrentInfo.isSiteCreationUIEnabled -StoreAs bool -Tenant $tenant } } ``` ### Environment data ```PowerShell Non-sponsored Front End Version Number: Back End Version Number: Tried Tenant Cache Clear: true Tried Token Cache Clear: true Also tested solution and verified functionality. ```
kerem 2026-03-02 13:44:14 +03:00
Author
Owner

@github-actions[bot] commented on GitHub (Oct 3, 2024):

Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://docs.cipp.app/
If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug."

Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

<!-- gh-comment-id:2392238657 --> @github-actions[bot] commented on GitHub (Oct 3, 2024): Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://docs.cipp.app/ If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug." Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".
Author
Owner

@BPT-CIPP commented on GitHub (Oct 3, 2024):

I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.

<!-- gh-comment-id:2392241972 --> @BPT-CIPP commented on GitHub (Oct 3, 2024): I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.
Author
Owner

@KelvinTegelaar commented on GitHub (Oct 4, 2024):

That's great! thanks. Let us know if you're on discord and we'll give you a contributor tag!

<!-- gh-comment-id:2394378802 --> @KelvinTegelaar commented on GitHub (Oct 4, 2024): That's great! thanks. Let us know if you're on discord and we'll give you a contributor tag!
Author
Owner

@BPT-CIPP commented on GitHub (Oct 4, 2024):

I am on discord! - mhollierbpt_51429

Thanks!

<!-- gh-comment-id:2394383027 --> @BPT-CIPP commented on GitHub (Oct 4, 2024): I am on discord! - mhollierbpt_51429 Thanks!
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/CIPP#1444
No description provided.