Avatar of sara2000
sara2000 asked on

Exchange management shell in PS.

I want to give a permission to user to execute Exchange Management Shell from his PC. without installing Exchange managemnet tools.
I think he has to import Exchange management  modules to his PS session.
What king of permission that users has to have on Exchange to execute the permission ?
ExchangeActive Directory

Avatar of undefined
Last Comment
timgreen7077

8/22/2022 - Mon
Jeremy Weisinger

Jeff Glover

As long as the user is in a Management Group for Exchange, he or she should be able to connect. Otherwise, you can enable the user by running the powershell command  Set-User "<name>" -RemotePowerShellEnabled $true.   I connect remotely 90% of  the time. I have a script I run to connect. I just saved it as a .ps1 file

$s = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri http://<fqdn of exchange server>/powershell -Authentication Kerberos
Import-PSSession $s
ASKER
sara2000

Where do we issue the below command at Exchange server?
Set-User "<name>" -RemotePowerShellEnabled $true
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Jeff Glover

In the Exchange management shell. But if the user is not part of any management group, why give them access? By default, all user accounts have access to remote PowerShell. However, to actually use remote PowerShell to connect to an Exchange server, the user needs to be a member of a management role group, or be directly assigned a management role that enables the user to run Exchange cmdlets.
ASKER
sara2000

Jeff Thank you for the info. I just want that user to run all Ge- permission just to monitor.
Which role group to be that user?
ASKER CERTIFIED SOLUTION
Jeff Glover

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
timgreen7077

Add the user to the "View-Only Organization Management" group, and this will allow accomplish what you are after. They will only be able to run "get" cmdlets for viewing info and not setting and making changes.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.