For Exchange Server 2013,Exchange Server 2016
Most of the admins/consultants wants to turn off the Exchange admin center on the internet facing exchange servers. Due to the scare of Security Breach , Where guys who have potential access to exchange can do severe damage to the organization.
Lets see how to disable it.
Note after disabling , Exchange Admin Center wont be accessible. And only Exchange management shell will be active to manage the exchange server. Most of the organizations what they do is . They disable EAC on the internet facing servers and install a dummy Exchange Server with Exchange admin tools and manage using that. It makes sense in terms of security.
Get-EcpVirtualDirectory "EXCH01\ECP (Default Web Site)"
Set-ECPVirtualDirectory -Identity "EXCH01\ECP (Default Web Site)" -AdminEnabled $false
hi, is it possible to this for exchange 2010,
There is no straight forward option on that. You got to dig on the RBAC.
thanks for sharing this article i was planning since long time but the think is we want to keep active for internally where as we want to restrict ECP url from external site , would you kindly advise best options ?
Disabling only for external – Is not an recommended option. Its just to disable on the server completely. and use a spare server if you really need EAC to manage the server. Some people try to restrict on the virtual directory. which screws the environment at times.