Restrict remote PowerShell to a set of cmdlets
Learn how to create an alternate PowerShell endpoint with a restricted set of cmdlets.
March 24, 2017
![Restrict remote PowerShell to a set of cmdlets Restrict remote PowerShell to a set of cmdlets](https://eu-images.contentstack.com/v3/assets/blt07f68461ccd75245/bltc65b14c6f15dd082/661cf6ad8be786bc270a1d5d/powershell_2_0_4.png?width=850&auto=webp&quality=95&format=jpg&disable=upscale)
Q. How can I configure a remote PowerShell session configuration to only allow a set of cmdlets or modules?
A. To restrict a custom session configuration to a list of cmdlets create a custom session configuration file specifying the list of allowed modules and cmdlets, for example:
New-PSSessionConfigurationFile –ModulesToImport CustomMod –VisibleCmdLets ('*CustomMod*') –LanguageMode ‘NoLanguage’ –SessionType ‘RestrictedRemoteServer’ –Path ‘c:CustomModonly.pssc’
This would then be used when creating a new session configuration, for example:
Register-PSSessionConfiguration -Name "DCMs" -SecurityDescriptorSddl $psscSd.GetSddlForm("All") -Path C:CustomModonly.pssc
Now when connecting when you look at commands only the cmdlets specified will be available along with a few core cmdlets such as Exit-PSSession, Get-Help etc. If you needed to remove the session configuration use Unregister-PSSessionConfiguration.
[localhost]: PS> get-commandCommandType Name ModuleName ----------- ---- ---------- Function Add-CustomModBulkUser CustomMod Function Enable-CustomModVLANUser CustomMod Function Exit-PSSession Function Get-Command Function Get-FormatData Function Get-Help Function Measure-Object Function New-CustomModGroup CustomMod Function New-CustomModRegUser CustomMod Function New-CustomModSpecUser CustomMod Function New-CustomModVLANUser CustomMod Function Out-Default Function Select-Object Function Update-CustomModUserPass CustomMod
About the Author(s)
You May Also Like