cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

New-Managementrole

Deleted
Not applicable

‎May 07 2018 02:00 AM

‎May 07 2018 02:00 AM

New-Managementrole

I am in the need of creating a service account and granting only Get-MessageTrace commandlet to that account. I created a custom role from Compliance admin with below command

 

New-ManagementRole  -name 'customrole' -Parent 'compliance admin' -EnabledCmdlets 'Get-MessageTrace'

 

I have verified the same with below command

 

Get-ManagementRoleEntry "customrole\*" | ft -AutoSize

i get below output

Get-MessageTrace Customrole {EndDate, ErrorAction, ErrorVariable, Expression...}

 

I added respective service account to this role.

 

when I connect exchange PowerShell command using the service admin account and password 

 

when PowerShell connection is established I see several commands has been imported.

 

Can someone tell me how can I make sure the service account can see just only one command which is get-messagetrace command?

1,118 Views
0 Likes
2 Replies
Reply
2 Replies
best response
Vasil Michev

‎May 07 2018 09:32 AM

‎May 07 2018 09:32 AM

Solution

Re: New-Managementrole

There are many cmdlets that are available for all users, even those without any admin permissions. Those include mostly things you can do with your own mailbox or groups you manage, so nothing to worry about.

0 Likes
Reply

‎May 07 2018 07:18 PM

‎May 07 2018 07:18 PM

Re: New-Managementrole

@Vasil Michev thanks for the clarification.

0 Likes
Reply