Hello,
I am looking for a way to prevent certain admin user's from being able to use either the gui or the shell to run certain cmdlet's with certain parameters. So far in my testing, I have only seen a way to prevent the whole cmdlet from being able to them.
Example:
I want to prevent something like this from being run (ie I don't want to allow a specific user or group of user's from being able to override the default mailbox quotas).
Set-Mailbox -UseDatabaseQuotaDefaults $false -Identity test@test.com
With the RBAC system, I am able to turn off and on the "Set-Mailbox" cmdlet but this is an all or nothing solution and I don't want to prevent these user's from using other parameter available to this cmdlet. I thought about using the Scripting Agent environment and parsing the parameters off then throwing an error but I have not been able to get the scripting agent to fire on validate mode for this cmdlet.
Any ideas ?
Exchange 2010 SP2 RU 6