All User Locked out of Exchange Management Shell

Question

To get around the recent security issue with remote access to Exchange Management Shell I ran the following command.

get-user -ResultSize unlimited |
set-user -RemotePowerShellEnabled $false

This command should have removed access for all users except the logged in user. This did not happen and now everyone is locked out of EMC. I tried creating a new admin thinking this would get around the issue since it should have been given the default of having access but it did not work. We always run the EMC as administrator and this could have been what caused some of these problem.

Before the changes I had taken a snapshot so I reverted back to it but we still have not access. Is there anything I can do at this point to regain access?

jtroxel71 · Accepted Answer

AndyDavid answered • 1 minute ago ACCEPTED ANSWER EXPERT ANSWERCOMMUNITY EXPERT
Any and all Exchange Admin Accounts need to have that enabled. Your command disabled it for everyone.
Can you reset it via the Exchange SNAP in?

From the exchange server itself, open a generic powershell window then run:

Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.Admin

From there run the commands to enable for the users that need it.

set-user <user> -RemotePowerShellEnabled $true

Thank you so much. This worked with a slight tweak. We did not have the admin version of the snap-in so the syntax changed a bit:

get-pssnapin -registered

Name : Microsoft.Exchange.Management.PowerShell.SnapIn
PSVersion : 1.0
Description : Admin Tasks for the Exchange Server

We ran the command for this version

Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.Snapin

set-user <user> -RemotePowerShellEnabled $true

I was able to add our admin users and we once again gained the ability to use the EMC.

Forum Discussion

All User Locked out of Exchange Management Shell

1 Reply