CSC510243. Do not change SPPersistedObject in the content web application.

Description

SharePoint 2010+ has security feature to all objects inheriting from SPPersistedObject. This feature explicitly disallows modification of SPPersistedObject objects from content web applications (not CA).

Resolution

  1. Rescope your features so that web application related activity are performed by a web application scoped feature. Notice that you cannot use a site scoped feature - this would just throw another Access Denied error.
  2. Disable the security setting (we won't suggest this, the security setting was created with a purpose in mind), either via power shell or a console app.
function Set-RemoteAdministratorAccessDenied-False()
{
    [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") > $null
    [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Administration") > $null
    # get content web service
    $contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
    # turn off remote administration security
    $contentService.RemoteAdministratorAccessDenied = $false
   $contentService.Update()

}
Set-RemoteAdministratorAccessDenied-False

Links

SPPersistedObject class
kb 2564009
"The SPPersistedObject, XXXXXXXXXXX, could not be updated because the current user is not a Farm Administrator" craziness in Sharepoint 2010

Last edited Mar 18, 2014 at 6:38 PM by dvd73, version 4

Comments

No comments yet.