.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Restrict remote PowerShell to a set of cmdlets
Learn how to create an alternate PowerShell endpoint with a restricted set of cmdlets.
John Savill
March 24, 2017
1 Min Read
Q. How can I configure a remote PowerShell session configuration to only allow a set of cmdlets or modules?
A. To restrict a custom session configuration to a list of cmdlets create a custom session configuration file specifying the list of allowed modules and cmdlets, for example:
New-PSSessionConfigurationFile –ModulesToImport CustomMod –VisibleCmdLets ('*CustomMod*') –LanguageMode ‘NoLanguage’ –SessionType ‘RestrictedRemoteServer’ –Path ‘c:CustomModonly.pssc’
This would then be used when creating a new session configuration, for example:
Register-PSSessionConfiguration -Name "DCMs" -SecurityDescriptorSddl $psscSd.GetSddlForm("All") -Path C:CustomModonly.pssc
Now when connecting when you look at commands only the cmdlets specified will be available along with a few core cmdlets such as Exit-PSSession, Get-Help etc. If you needed to remove the session configuration use Unregister-PSSessionConfiguration.
[localhost]: PS> get-commandCommandType Name ModuleName ----------- ---- ---------- Function Add-CustomModBulkUser CustomMod Function Enable-CustomModVLANUser CustomMod Function Exit-PSSession Function Get-Command Function Get-FormatData Function Get-Help Function Measure-Object Function New-CustomModGroup CustomMod Function New-CustomModRegUser CustomMod Function New-CustomModSpecUser CustomMod Function New-CustomModVLANUser CustomMod Function Out-Default Function Select-Object Function Update-CustomModUserPass CustomMod
About the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
