Exchange management shell in PS.

sara2000
sara2000 used Ask the Experts™
on
I want to give a permission to user to execute Exchange Management Shell from his PC. without installing Exchange managemnet tools.
I think he has to import Exchange management  modules to his PS session.
What king of permission that users has to have on Exchange to execute the permission ?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Jeff GloverSr. Systems Administrator

Commented:
As long as the user is in a Management Group for Exchange, he or she should be able to connect. Otherwise, you can enable the user by running the powershell command  Set-User "<name>" -RemotePowerShellEnabled $true.   I connect remotely 90% of  the time. I have a script I run to connect. I just saved it as a .ps1 file

$s = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri http://<fqdn of exchange server>/powershell -Authentication Kerberos
Import-PSSession $s

Author

Commented:
Where do we issue the below command at Exchange server?
Set-User "<name>" -RemotePowerShellEnabled $true
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Jeff GloverSr. Systems Administrator

Commented:
In the Exchange management shell. But if the user is not part of any management group, why give them access? By default, all user accounts have access to remote PowerShell. However, to actually use remote PowerShell to connect to an Exchange server, the user needs to be a member of a management role group, or be directly assigned a management role that enables the user to run Exchange cmdlets.

Author

Commented:
Jeff Thank you for the info. I just want that user to run all Ge- permission just to monitor.
Which role group to be that user?
Sr. Systems Administrator
Commented:
View only Organizational Management. It gives users the rights to view recipient and configuration objects but not to change or add anything. Basically the Get commands.
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
Add the user to the "View-Only Organization Management" group, and this will allow accomplish what you are after. They will only be able to run "get" cmdlets for viewing info and not setting and making changes.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial