cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

All User Locked out of Exchange Management Shell

jtroxel71
Copper Contributor

‎Oct 05 2022 07:16 AM

‎Oct 05 2022 07:16 AM

All User Locked out of Exchange Management Shell

To get around the recent security issue with remote access to Exchange Management Shell I ran the following command.  

 

get-user -ResultSize unlimited |
set-user -RemotePowerShellEnabled $false

 

This command should have removed access for all users except the logged in user.  This did not happen and now everyone is locked out of EMC.  I tried creating a new admin thinking this would get around the issue since it should have been given the default of having access but it did not work.  We always run the EMC as administrator and this could have been what caused some of these problem.  

 

Before the changes I had taken a snapshot so I reverted back to it but we still have not access.  Is there anything I can do at this point to regain access?

Labels:
746 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by jtroxel71 (Copper Contributor)
jtroxel71

‎Oct 05 2022 09:11 AM

‎Oct 05 2022 09:11 AM

Solution

Re: All User Locked out of Exchange Management Shell



AndyDavid answered • 1 minute ago ACCEPTED ANSWER EXPERT ANSWERCOMMUNITY EXPERT
Any and all Exchange Admin Accounts need to have that enabled. Your command disabled it for everyone.
Can you reset it via the Exchange SNAP in?

From the exchange server itself, open a generic powershell window then run:

Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.Admin

From there run the commands to enable for the users that need it.

set-user <user> -RemotePowerShellEnabled $true



Thank you so much. This worked with a slight tweak. We did not have the admin version of the snap-in so the syntax changed a bit:


get-pssnapin -registered

Name : Microsoft.Exchange.Management.PowerShell.SnapIn
PSVersion : 1.0
Description : Admin Tasks for the Exchange Server

We ran the command for this version

Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.Snapin

set-user <user> -RemotePowerShellEnabled $true

I was able to add our admin users and we once again gained the ability to use the EMC.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by jtroxel71 (Copper Contributor)
jtroxel71

‎Oct 05 2022 09:11 AM

‎Oct 05 2022 09:11 AM

Solution

Re: All User Locked out of Exchange Management Shell



AndyDavid answered • 1 minute ago ACCEPTED ANSWER EXPERT ANSWERCOMMUNITY EXPERT
Any and all Exchange Admin Accounts need to have that enabled. Your command disabled it for everyone.
Can you reset it via the Exchange SNAP in?

From the exchange server itself, open a generic powershell window then run:

Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.Admin

From there run the commands to enable for the users that need it.

set-user <user> -RemotePowerShellEnabled $true



Thank you so much. This worked with a slight tweak. We did not have the admin version of the snap-in so the syntax changed a bit:


get-pssnapin -registered

Name : Microsoft.Exchange.Management.PowerShell.SnapIn
PSVersion : 1.0
Description : Admin Tasks for the Exchange Server

We ran the command for this version

Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.Snapin

set-user <user> -RemotePowerShellEnabled $true

I was able to add our admin users and we once again gained the ability to use the EMC.

View solution in original post

0 Likes
Reply