Link to home
Start Free TrialLog in
Avatar of trinity2007
trinity2007

asked on

Exchange 2010 SP3 Enterprise - Remote Powershell

Greetings,
How do I view users that enabled for Remote Powershell for Exchange?  I know you can Enable/disable remote shell, but how do you just view this or pull a list to see who's enabled?
Thank you,
Avatar of Ganesh Anand
Ganesh Anand
Flag of Bahrain image

On the source server where you want to allow the Powershell remote session, use the following command to allow.

Set-ExecutionPolicy RemoteSigned

Accessing from the remote computer :
Open powershell
//ensure you can reach the source server
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<FQDN of Exchange 2016 Mailbox server>/PowerShell/ -Authentication Kerberos -Credential $UserCredential

Import-PSSession $Session

After completing the session run the following command to stop or close the powershell window.

Remove-PSSession $Session

Note: If you want only to allow specific user for the remote powershell session run the following command on the source server.
Set-User Yourusername -RemotePowerShellEnabled $True
Avatar of trinity2007
trinity2007

ASKER

Perfect.  I spot checked a few users and see the RemotePowershellEnabled option for the users is enabled.  Is this enabled by default for all Exchange 2010 users?  If so, isn't this a 'little' bit of a security issue if users know they can run powershell commands against the exchange server?  And another question, are all commands available for a user once they load them, or can we limit what commands a user can run?
Thank you,
ASKER CERTIFIED SOLUTION
Avatar of Ganesh Anand
Ganesh Anand
Flag of Bahrain image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you very much for the information provided.  All our users are set to True, is this the default setting within Exchange?
The RemotePowerShellEnabled parameter specifies whether the user has access to remote PowerShell. Remote PowerShell access is required to open the Exchange Management Shell or the Exchange admin center (EAC), even if you're trying to open the Exchange Management Shell or the EAC on the local Mailbox server. Valid values are:
$true   The user has access to remote PowerShell.
$false   The user doesn't have access to remote PowerShell.

The default value depends on the management roles that are assigned to the user.
Perfect, thanks for information.!!    I'm not sure which one to mark as 'Best Solution' as all your answers have been most helpful!!
Thank you for the information, most helpful!