• Home
  • Consulting
  • Contact Us
    • About this site
    • Contact Wayne
    • Media Room
    • Wayne’s Bio

SBSFAQ.COM

Supporting IT Pro's & MSP's since 2000

  • Blog
  • FAQs
  • Reviews
  • Downloads

MS Exchange Zero Day and RemotePowerShell Disabling on Admin accounts

October 8, 2022 by Wayne Small 1 Comment

In the last week, Microsoft have published about a significant zero day vulnerability in Exchange Server – you can read about it here.

This attack required a valid username and password for one of the vulnerabilities to be executed. Microsoft have advised in their security guidance to disable RemotePowerShell for non-admins. In their article on Controlling remote PowerShell access to Exchange Servers, Microsoft do clearly show that you should not do this for Admin users, but they give no solution on what to do if you have done this already. I’m also told that the blue box below was not present a few days ago.

This is very valid guidance, HOWEVER, in some of the initial articles floating around have indicated that you should execute the following command to disable it for ALL USERS.

Get-User -ResultSize unlimited | Set-User -RemotePowerShellEnabled:$false

If you have done this command then you will find you now cannot use the Exchange PowerShell Management Console AT ALL. It will an error message showing you that RemotePowerShell is DISABLED for your admin user.

I was reached out to by a client who had executed this and was in a panic. He had run this command on their server, and had issues later getting into the Exchange Management Shell.

He had googled and could not find a solution. There appears to be no information on the Internet on how to resolve this issue. I started digging into it, and I even found the attribute in AD which is set when you manipulate this setting via Powershell commands.

For reference it is the protocolSettings attribute and it has RemotePowerShell set to either 1 for enabled or 0 for disabled.

Now ADSIEdit is a beast of a tool and I use it only as a last resort… THIS IS NOT THE TIME TO USE IT.

The dead simple way around this is even easier.

Given you executed the command on ALL USERS then a newly created user won’t have the issue

Create a new user, make it a member of Domain Admins, Enterprise Admins, Schema Admins and the Exchange Organization Admins group.

Login to the Exchange server as the new user and then use the command below to reset the attribute to change RemotePowerShellEnabled to True

Set-User MyAdminUser -RemotePowerShellEnabled:$true

You can now use your original admin account without a problem. You see – sometimes not everything is about using the sledgehammer to crack the nut, sometimes the solution is simple.

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to print (Opens in new window)

Filed Under: Blog, FAQs Tagged With: ADSIEdit, Exchange Server, Zero-Day

About The Author

Wayne has been working with Microsoft Server products in the SMB market for over 20 years. He has a passion for technology and been a Microsoft MVP for over 15 years. Read More…

Comments

  1. Trevor says

    October 10, 2022 at 8:17 am

    Beware of the -OR condition when *excluding* records from a result (it is more appropriate when including records in results). I believe that should be a -AND condition in order to not select the two admin accounts in this PowerShell.

    OR example: Selecting a user record needs to not meet either condition *separately*, so Admin1 is selected as it meets the condition of not being Admin2, and Admin2 is selected as it meets the condition of not being Admin1. Either condition needs to be true, but not both.

    In this case you want selected users to not meet *both* conditions so they need meet the first condition (not Admin1) AND ALSO the second condition (not Admin2) at the same time.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Connect Online With Us

  • Facebook
  • Twitter

Reviews

Splashtop – Cost Effective Remote Control Software

September 22, 2017 By Wayne Small 2 Comments

Western Digital DL4100 NAS

March 3, 2015 By Wayne Small Leave a Comment

SBS 2011 Configuring Certification Guide (70-169)

August 7, 2012 By Wayne Small 4 Comments

Site News

Exchange Bug Stops Mail Delivery in 2022

January 2, 2022

Huge bug found in Intel CPU that could permit hackers to steal your data

January 4, 2018

Recent Posts

  • MS Exchange Zero Day and RemotePowerShell Disabling on Admin accounts
  • Setup changes for Exchange 2016 and Exchange 2019
  • Bluetooth Mouse and Keyboard Randomly Stop Responding
  • Exchange Bug Stops Mail Delivery in 2022
  • How to open and search extremely large text log files

Tags

Antivirus Backup Business Focus Cloud Computing Community Conferences Disaster Recovery Exchange 2010 Exchange Server Future Products Hyper-V Installation Microsoft Migration Patches Personal Rants SBS 4.5 SBS 2000 SBS 2000 SP1 SBS 2003 SBS 2003 Premium SBS 2003 R2 SBS 2003 R2 Premium SBS 2003 R2 Standard SBS 2003 SP1 Premium SBS 2003 SP1 Standard SBS 2003 Standard SBS 2008 SBS 2008 R2 SBS 2011 SBS 2011 Essentials SBS 2011 Standard Security Service Packs ShadowProtect SMB Community Software Software I use StorageCraft Training TrendMicro Troubleshooting Virtualisation Windows Server 2012 Essentials

Terms of Use

Privacy Policy

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in