Forum Discussion
New-Managementrole
I am in the need of creating a service account and granting only Get-MessageTrace commandlet to that account. I created a custom role from Compliance admin with below command
New-ManagementRole -name 'customrole' -Parent 'compliance admin' -EnabledCmdlets 'Get-MessageTrace'
I have verified the same with below command
Get-ManagementRoleEntry "customrole\*" | ft -AutoSize
i get below output
Get-MessageTrace Customrole {EndDate, ErrorAction, ErrorVariable, Expression...}
I added respective service account to this role.
when I connect exchange PowerShell command using the service admin account and password
when PowerShell connection is established I see several commands has been imported.
Can someone tell me how can I make sure the service account can see just only one command which is get-messagetrace command?
There are many cmdlets that are available for all users, even those without any admin permissions. Those include mostly things you can do with your own mailbox or groups you manage, so nothing to worry about.
There are many cmdlets that are available for all users, even those without any admin permissions. Those include mostly things you can do with your own mailbox or groups you manage, so nothing to worry about.
VasilMichev thanks for the clarification.
