Is it possible to lock down which cmdlet/modules a user runs

This topic contains 0 replies, has 1 voice, and was last updated by  Forums Archives 5 years, 10 months ago.

  • Author
    Posts
  • #5218

    by willsteele at 2012-10-21 07:45:52

    I recall seeing a link from many years ago that suggested remoting allowed you to lock down a given set of IP's (http://mshforfun.blogspot.com/2006/05/powershell-remoting-lock-down.html). I know this is now a WinRM remoting feature. What I was wondering is whether there is a way to lock down a given user's shell to only run specific cmdlets, functions, modules, etc. Here's the hypothetical scenario. We have a set of support technicians who are only allowed to run a given set of scripts/cmdlets. When they log into Windows (or start a remote session) I want them to only be able to run specific scripts, functions, cmdlets and/or modules. I am not sure if this really possible with all of these features.

    by Jason_Yoder_MCT at 2012-10-21 12:31:22

    Willsteele,

    Here is link to another post that may help you.
    http://powershellcommunity.org/Forums/tabid/54/aft/4821/Default.aspx

    by DonJ at 2012-10-21 12:55:47

    Yes, there is. Start by getting "Secrets of PowerShell Remoting" from powershellbooks.com – explains the process. In short, look at New-PSSessionConfiguration, which defines a new endpoint, and the companion command which registers the new session. Between them, you can define what gets loaded by default, what of that is visible, and who may connect. It's designed specifically for that scenario and will do exactly what you're after.

    by willsteele at 2012-10-21 13:21:19

    Perfect. I'll go grab it.

You must be logged in to reply to this topic.