Topic Last Modified: 2009-10-05
By default, all new user accounts are allowed to use Windows Remote Management (WinRM) to access the Outlook Live organization with Windows PowerShell. However, you can prevent new and existing users from using Windows PowerShell to access your Outlook Live organization.
Here's how:
- Prevent access for a new user
- Prevent access for an existing user
- Prevent access for many existing users
- Grant access
- Find out who has access already
Before you begin
To learn how to install and configure Windows PowerShell and connect to Outlook Live, see Use Windows PowerShell.
Prevent access for a new user
Run the following command after you have connected to the Outlook Live server-side session:
New-Mailbox -Name <Name> -WindowsLiveID <Windows Live ID> -Password (ConvertTo-SecureString -String '<Password>' -AsPlainText -Force) -RemotePowerShellEnabled $false
For example, to prevent access for a new user named "Kim Akers" with the Windows Live ID kakers@contoso.edu and the password Pa$$word1, run the following command:
Prevent access for an existing user
Prevent access for many existing users
There are two ways to prevent access for a specific group of existing users:
- Filter the users based on an existing attribute This method assumes that the target user accounts all share a unique filterable attribute. For example, the Title, Department, or one of the CustomAttribute1-15 attributes are the same for and unique to all the affected users.
- Use a list of specific accounts After you generate the list of specific accounts, you can use that list to assign a mailbox plan.
Filter the users based on an existing attribute
Run the following command after you have connected to the Outlook Live server-side session:
For example, let's assume you want to prevent access for students in the primary grades and you've stored students' grade level in the Title attribute. To prevent access for all mailboxes where the Title property contains "Primary", run the following command:
Use a list of specific accounts
Run the following command after you have connected to the Outlook Live server-side session:
For example, the following procedure uses the text file C:\My Documents\NoPowerShell.txt to identify the users by their Windows Live IDs. The text file must contain one Windows Live ID on each line like this:
After you populate the text file with the user accounts you want to update, run the following command:
Grant access
To grant access to existing users who have been denied access in the past, simply use the value $true with the RemotePowerShellEnabled parameter as described in the previous examples.
To grant access to new users you create using Windows PowerShell, you don't have to use the RemotePowerShellEnabled parameter at all, because all new users are granted access automatically.
Find out who has access already
As mentioned earlier, all new users that you create are automatically granted access for your Outlook live organization, but what if your Outlook Live organization was upgraded from a previous version of Outlook Live when users weren't granted access by default? Here's how it works:
If an existing user was explicitly granted or denied access before your Outlook Live organization was upgraded, their access status before the upgrade is preserved. All other existing users are automatically granted access as part of the upgrade to the current version of Outlook Live.
To find out who has access and view all users' access status, you can use Windows PowerShell.
View the access status for a specific user
Run the following command after you have connected to the Outlook Live server-side session:
For example, to determine the access status of a user named "Tamara Johnston", run the following command:
View the access status for all users
Run the following command:
To display only those users who don't have access, run the following command:
To display only those users who have access, run the following command:
