0

I've been building a Powershell Module for our helpdesk team, and ran into an issue at some point: They don't seem to have the proper access rights to add the Exchange 2013 Powershell SnapIn, and I don't know where to look for this specific thing.

The command used is as follows: invoke-command -ScriptBlock {Add-PSSnapin Microsoft.Exchange.Management.Powershell.SnapIn} -ComputerName ExchangeServerFQDN, and they get thrown the following error:

The type initializer for 'Microsoft.Exchange.Management.PowerShell.CmdletConfigurationEntries' threw an exception. + CategoryInfo : NotSpecified: (:) [Add-PSSnapin], TypeInitializationException + FullyQualifiedErrorId : System.TypeInitializationException,Microsoft.PowerShell.Commands.AddPSSnapinCommand

I've given the users Read and Execute rights using Set-PSSessionConfiguration to the Microsoft.Powershell configuration, but it doesn't work. They can login to the server using a remote PS Session, but they still can't add the SnapIn.

Could someone help me out here ? The users can't have Exchange or Domain Admin privileges, for obvious reasons. They already have limited Admin rights in Exchange, I just want them to be able to do the same commands but using Powershell.

Thanks in advance!

Alex Pilon
  • 1
  • Just out of the blue: Did they installed the Exchange management tools on the server they need to use? – BastianW Nov 17 '17 at 10:37
  • @BastianW : Yes it is, it's our only Exchange Server. And I know it's an access rights issue because I can add the Snapin using my Domain/Exchange Admin credentials, but someone who doesn't have those creds gets the above error. – Alex Pilon Nov 17 '17 at 15:08
  • Hm so the helpdesk people can do a rdp on your exchange server and should run the commands there? I do not think that this is a good idea, if something happen here e.g. the rdp session is crashing it might kill your whole server. I would advise to rethink that setup. – BastianW Nov 17 '17 at 19:39

1 Answers1

0

Based on your comment i wouldn´t grant the helpdesk persons RDP access to your server. The best way I think would be to use remote powershell from there computer. Via that way they can use powershell on there PC and connect from there PC to the Exchange server in order to trigger the needed actions. Here are some examples how to perform that:

BastianW
  • 2,868
  • 4
  • 20
  • 34
  • I don'T know where you got RDP from, but I never mentioned it in my original post. I mentioned they could connect to the server using a remote PS session, but they don't have RDP access, for obvious security reasons. – Alex Pilon Nov 20 '17 at 21:00
  • Also, the reason they need to add the SnapIn is because they have no Powershell knowledge whatsoever, so they're using a PS Module I created for them, that asks basic questions (what they want to do, to which user, etc.), and then this triggers specific functions that will run. And importing a PS-Session doesn't work most of the times, again because access rights issue, that we can't seem to figure out either. – Alex Pilon Nov 20 '17 at 21:02