Access Requests Explained for SharePoint 2013 – With a Script to Assign Default Groups

One of the features of SharePoint that has been around is the ability for users that need access to a site, and are denied access, through the “Request Access” process.

To enable or review these settings,

  • go to “Settings” > “Site Settings” > “User and Permissions” and click “Access Request Settings”. In the “Access Request Settings” dialog box, select the check box next to “Allow access requests” then provide an email address of the individual you’d like to manage this feature.
  • If a site has multiple groups with the same permission levels (Owners, Members and Viewers) but there is not an assigned default group, then you will see the problem where access requests will either not display for the impacted user or an owner will not be able to approve requests.

Here’s a Windows PowerShell script to change each of the groups for a site so that each is identified as the default group for Members, Owners and Visitors

You’ll need to a the “Microsoft.SharePoint.PowerShell” add-in at the top of the script to get the SharePoint references.

#Members Group
$web = Get-SPWeb “
$groupToMakeDefaultMembersGroup = $web.Groups | ? { $_.Name -eq “Team Site Members” }
$web.AssociatedMemberGroup = $groupToMakeDefaultMembersGroup

#Owners Group
$web = Get-SPWeb “
$groupToMakeDefaultOwnersGroup = $web.Groups | ? { $_.Name -eq “Team Site Owners” }
$web.AssociatedOwnerGroup = $groupToMakeDefaultOwnersGroup

#Visitors Group
$web = Get-SPWeb “
$groupToMakeDefaultVisitorsGroup = $web.Groups | ? { $_.Name -eq “Team Site Visitors” }
$web.AssociatedVisitorGroup = $groupToMakeDefaultMembersGroup

#Enable Access Requests after it was disabled
$web.RequestAccessEmail = “”

If you turn off the feature, you will can re-enable the feature by adding an email address to the “RequestAccessEmail” property.

Hope this helps solving the problem around assigning default groups and enabling the Request Access feature in SharePoint 2013.


Extend a Web application

  • If you want to expose the same content in a Web application to different types of users by using additional URLs or authentication methods, you can extend an existing Web application into a new zone.
  • When you extend the Web application into a new zone, you create a separate Internet Information Services (IIS) Web site to serve the same content, but with a unique URL and authentication type.

  • An extended Web application can use up to five network zones (Default, Intranet, Internet, Custom, and Extranet). For example, if you want to extend a Web application so that customers can access content from the Internet, you select the Internet zone and choose to allow anonymous access and grant anonymous users read-only permissions. Customers can then access the same Web application as internal users, but through different URLs and authentication settings.

For more information, see Logical architecture components (SharePoint Server 2010), Configure anonymous access for a claims-based Web application (SharePoint Server 2010), and Plan authentication methods (SharePoint Server 2010).

In this section:

Authentication SharePoint 2013

Content Description
Authentication overview for SharePoint 2013 Learn about how user, app, and server-to-server authentication works in SharePoint 2013.
Plan for user authentication methods in SharePoint 2013 Plan how to use various user authentication methods in SharePoint 2013 to help create a secure experience for users of web applications.
Plan for app authentication in SharePoint 2013 Plan for authentication of SharePoint 2013 SharePoint Store and App Catalog apps.
Plan for server-to-server authentication in SharePoint 2013 Plan for server-to-server authentication for SharePoint 2013 and other servers that support the server-to-server protocol.
Plan the Secure Store Service in SharePoint Server 2013 Plan for Secure Store Service and service application requirements, and for target applications and credential mappings.
Plan for Kerberos authentication in SharePoint 2013 Plan for Kerberos authentication in SharePoint 2013 for Windows and claims-based authentication.
Server-to-server authentication and user profiles in SharePoint Server 2013 Plan user profiles for server-to-server authentication in SharePoint Server 2013.