This article contains requirements and configuration instructions for setting up an on premises PowerShell Execution Module for Cloud Commander.
Exchange On-Prem service requirements
Requirements are below.
- Ports 443 and 5671 need to be open to the core environment.
- Service Account for local module server
- The Service Account needs to have the ability to login
- Service Accounts needs full access to C:\Users\<username>\AppData\Roaming
- Service account needs to have “logon as a service” rights
- Note: Multi-Factor Authentication is not supported for this service account.
- This Service Account, or another account, needs to have the ability to install software.
- Authentication Certificate
- .NET framework 4.7.1 must be installed on the machine.
- Windows Management Framework (current latest version is 5.1) has to be installed
- The user account used to run the service must be added to the “Log on as a service” list using group policy (this account must be a local administrator). Here’s how it looks:
Plus, you’ll want to have the following information available during the installation:
- User name and password for the service account
- Either the Office 365 Service Account, or AppID for the Application Registration providing EWS authentication
- Thumbprint for the registered application
Step 1: Import the certificate
Import the certificate used for authentication. This certificate can be provided by Quadrotech or generated by you.
To import the certificate:
- Log in to the server as the Service Account running the service.
- Copy the certificate to the local server.
- Open Certificate Management.
- Right-click on Personal. Choose other tasks > import.
- Go to the certificate location.
- Follow the wizard to import the certificate and enter the password, if required.
Step 2: Deploy and run the installer
Please follow the steps provided by Quadrotech.
Step 3: Enter credentials
Enter credentials in the Credentials Editor. Although the editor has 3 options, for most OnPrem installs, you’ll only need to enter credentials on these 2 tabs:
Enter the credentials for a service account listed in the requirements section of this article.
Select the Basic Authentication method and then enter the credentials.
After entering credentials and clicking Save, restart the On-prem module.
Step 4: Credentials Editor
Cloud Commander needs to store the on-prem Exchange credentials in order to extract the messages to the server. You will also need the AppID of the target Application Registration that is granting mailbox access.
To configure the credentials, you need an account with Application Impersonation rights. Then:
- Log in to the server running the modules using the service account that was used to install the modules.
- Locate the Quadrotech Credentials Editor on the start menu and launch it.
- Expand the Exchange section.
- Enter the UPN for the account with Application Impersonation rights. Example: email@example.com
- Enter the password for the account and click OK.
- Expand the Office365 section.
- Enter the AppID of the target Application Registration that is granting mailbox access.
- Click Ok.
- Click the Save button and close the Credentials Editor.
- From the services area, restart the Quadrotech Cloud Commander service.