none
User within costume admin role have Admins Premission on the management shell

    Question

  • Hii there.
    I am using in my Test Area: AD, Sql(BacK End), SFB server(Front end)

    I created a Costume Admin role in the lync 2013(Skype for business) server that only have the cmdlets : get-csUser.

    The Universal group called: SearchOnlyGroup(The group is used for the admin role)

    I Create User that called Tester@domain, i added him to that group("SearchOnlyGroup")

    So when I am loggin to the SFB Server with the Tester account When i connect to the Control Panel i have only the option User(as it should be), but when I connect to the management shell I have full rights(I can do anything, Set/Get/Grant, All) even that i only at SearchOnlyGroup,

    Why is that???

    how i can change it? 

    What should i do?

    why 
    management shell not use RBAC premissions as The CP?

    Thanks in advance

    Tuesday, November 24, 2015 9:19 AM

Answers

  • yes but already got Answer From one of S4B books

    That If you sitting on the FE server and no Connection remotely the RBAC not working(not effecting) and you can perform anything.

    Thank you anyway :)

    • Marked as answer by asafgb Thursday, December 31, 2015 1:57 PM
    Thursday, December 31, 2015 1:57 PM

All replies

  • Hi

    You have visibility of the commands, but can you execute them?

    Is the test user a member of any other security group other than your test group and domain users?

    thanks


    Note: Please remember to `Mark as Answered` a post that answers your question and/or `Vote as Helpful` posts that have helped you. This will help others find answers to similar problems. For more Skype for Business help visit: http://www.skype4b.uk Please note that answers are based on my experience and opinion only and do not necessarily represent the views of my employer.

    Wednesday, November 25, 2015 1:44 PM
  • yes but already got Answer From one of S4B books

    That If you sitting on the FE server and no Connection remotely the RBAC not working(not effecting) and you can perform anything.

    Thank you anyway :)

    • Marked as answer by asafgb Thursday, December 31, 2015 1:57 PM
    Thursday, December 31, 2015 1:57 PM