Author Posts

February 21, 2018 at 9:25 pm

Is there a way to define the temp path that a module uses?

For example:
When I load the Exchange Management Shell, it loads the module in the following path (* is a wildcard):
c:\users\username\appdata\local\temp\tmp_tb5oo4kc.dnb\exchange_server.contoso.com.psm1

I'd like to specify that the temp module should be loaded to a defined path. Does that sound like something that can be done?

February 22, 2018 at 8:07 pm

You really cannot change what the EMS does directly, and I don't know of a workaround for what you are asking.
Since the EMS will do this each time for each individual user who logs in and uses the EMS, I am not sure that what you ask is really prudent thing to try.

I would like to ask, why this bothers you, that you feel the need to want to change it, or what benefit you feel you'd get by doing so. Just curious.

Many product 'PowerShell Hosts' do this, not just EMS. Remember the EMS is really doing nothing more than using the same PSRemoting connection string as you would do if you'd implicitly remote to Exchange from a remote host.

EMS shortcut properties specifically show it calling another script called 'RemoteExchange.ps1'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -command ". 'C:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto -ClientApplication:ManagementShell "

I've had no cause to mess with it, or any of the .ps1, .psd1 in the named folder. Personally, IMHO one would be ill-advised to do so.

February 22, 2018 at 9:16 pm

Yeah, I'm not liking the idea of doing it any more than you are.

Our security team uses an application whitelisting tool and decided to place it into high-enforcement mode. It blocks PowerShell scripts from running. So I went and started implementing code-signing to all of my scripts and had them whitelist anything signed by Microsoft or one of our CA trusted certs.

The problem is that when a module is loaded, that temp .psm1 file is not signed which causes it to be blocked.

If we were able to change the location of the temp path, then we could place a whitelist on any .psm1 files in said path. We can do it for the appdata/local/temp path, they would just rather whitelist a custom path than the default.