EMS is pretty powerful, and just a few cmdlets can have a tremendous effect on many objects throughout Exchange. Some questions might have crossed your mind about how to control the ability of users to execute EMS commands.

The first line of protection is provided by RBAC. As you recall, users are only permitted access to the set of cmdlets and parameters available to the roles that each user holds. Even though trusted users will be assigned the roles that they need to get their work done, you still don’t want them to execute scripts that they download from the Internet or obtain elsewhere.

A second line of defense is therefore provided by Execution Policies, which define the conditions under which PowerShell loads files for execution. ...