I recall seeing a link from many years ago that suggested remoting allowed you to lock down a given set of IP's (http://mshforfun.blogspot.com/2006/05/powershell-remoting-lock-down.html). I know this is now a WinRM remoting feature. What I was wondering is whether there is a way to lock down a given user's shell to only run specific cmdlets, functions, modules, etc. Here's the hypothetical scenario. We have a set of support technicians who are only allowed to run a given set of scripts/cmdlets. When they log into Windows (or start a remote session) I want them to only be able to run specific scripts, functions, cmdlets and/or modules. I am not sure if this really possible with all of these features.
Yes, there is. Start by getting "Secrets of PowerShell Remoting" from powershellbooks.com – explains the process. In short, look at New-PSSessionConfiguration, which defines a new endpoint, and the companion command which registers the new session. Between them, you can define what gets loaded by default, what of that is visible, and who may connect. It's designed specifically for that scenario and will do exactly what you're after.
by willsteele at 2012-10-21 13:21:19
Perfect. I'll go grab it.
The topic ‘Is it possible to lock down which cmdlet/modules a user runs’ is closed to new replies.