Preparing your system to manage Exchange with Powershell via ASP - PowerShellCommunity.org - Windows PowerShell Discussion Forums - Using PowerShell

Forums Search Members

Forums > Using PowerShell > Exchange Server

Preparing your system to manage Exchange with Powershell via ASP

Last Post 15 May 2008 09:35 PM by KarlMitschke. 1 Replies.

Sort:

	Prev Next
You are not authorized to post a reply.

Author

Messages

KarlMitschke User is Offline

Basic Member
Posts:339
Avatar

06 Dec 2007 04:07 PM
This is how I do it for Exchange 2007: (Replace CAS Server(s) with OWA Server(s), and this should work fine for 2003 and 2000 also) 1) Create a service account on your AD that has permissions in Exchange. 2) Setup a new Application Pool in IIS on your CAS servers. 3) Use the account created in #1 for the identity on the Application Pool. 4) Put your website in the new pool 5) Use NTFS permissions to provide access to the website. 6) Use Windows authentication in your web.config Then, once someone is authenticated on the website, all Exchange processes are run as the service account created in step #1 - No impersonation needed. On your CAS server(s): Put the account you created in step 1 in the IIS_WPG local group on your CAS server(s) Then, you need to add the account to the CAS server(s) local policy "Act as part of the operating system" - follow the below steps: Open a command prompt Type secpol.msc and hit enter Wait a bit, for the "Local Security Settings" window to open In the left pane double click "Local Policies" Once again, In the left pane double click "User Rights Assignment" In the right pane, double click "Act as part of the operating system" Add the service account you created. Karl

http://unlockpowershell.wordpress.com -join("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19\|%{[char][int]"0x$_"})

KarlMitschke User is Offline

Basic Member
Posts:339
Avatar

15 May 2008 09:35 PM
This is how I do it for Exchange 2007 on Server 2008: 1. Create a service account on your AD that has permissions in Exchange. 2. Setup a new Application Pool in IIS on your CAS servers – use the CLASSIC “Managed Pipeline mode”. 3. Use the account created in #1 for the identity on the Application Pool. 4. Create a new Application under “Default Web Site” 5. Right click on your new application and go to “Advanced Settings” - Add the new Application pool, and set the “Physical Path Credentials” to the account created in step 1. 6. Use NTFS permissions to provide access to the website. 7. Use Windows authentication in your web.config Then, once someone is authenticated on the website, all Exchange processes are run as the service account created in step #1 - No impersonation needed. On your CAS server(s): Put the account you created in step 1 in the IIS_IUSRS local group on your CAS server(s) Then, you need to add the account to the CAS server(s) local policy "Act as part of the operating system" - follow the below steps: Open a command prompt Type secpol.msc and hit enter Wait a bit, for the "Local Security Settings" window to open In the left pane double click "Local Policies" Once again, In the left pane double click "User Rights Assignment" In the right pane, double click "Act as part of the operating system" Add the service account you created. Karl

http://unlockpowershell.wordpress.com -join("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19\|%{[char][int]"0x$_"})

You are not authorized to post a reply.

Forums > Using PowerShell > Exchange Server

Active Forums 4.1