Author Posts

November 29, 2016 at 9:43 am

I created an endpoint that is restricted to one advanced funtion. This is my config:

ModulesToImport = 'myModule','SmbShare'
VisibleCmdlets =  'Get-SmbOpenFile', 'Get-SmbShare', 'Close-SmbOpenFile'
VisibleFunctions = 'myFunction'
ExecutionPolicy = 'RemoteSigned'
SessionType = 'RestrictedRemoteServer'
LanguageMode = 'NoLanguage'
RunAsVirtualAccount = $true

The problem is that choosing RestrictedRemoteServer session type makes my function unusable because it exposes a custom Select-Object (a proxy funtion).
Whenever my function is using Select-Object I get the following error:

Cannot validate argument on parameter 'Property'. The argument "myArguments" does not belong to the set
"ModuleName,Namespace,OutputType,Count,HelpUri,Name,CommandType,ResolvedCommandName,DefaultParameterSet,CmdletBinding,Parameters" specified by the
ValidateSet attribute.

Is there any way to override this proxy function usage? because, TMHO, eliminating Select-Object will make a lot of use-cases unusable.

Here is what I've tried so far:
– an 'Empty' SessionType – it causes the import of SmbFile module to fail, it errors on loading some kind of format file.

– a 'Default' SessionType with this configuration:

ModulesToImport = 'myModule','SmbShare'
VisibleCmdlets = 'Exit-PSSession', 'Get-Command', 'Get-FormatData', 'Get-Help', 'Measure-Object', 'Out-Default', 'Select-Object', 'Where-Object', 'Get-SmbOpenFile', 'Get-SmbShare', 'Close-SmbOpenFile'
VisibleFunctions = 'myFunction'

that one works but I think it has a bug – alongside my Visible commands , it exposes a long list of cmdlets from 'Microsoft.PowerShell.Core' which I didn't ask for, it even exposes 'Add-PSSnapin' and 'Disable-PSRemoting'.

Thanks, I'll appreciate any advice..

November 29, 2016 at 10:23 am

OK..
I have worked around it by adding this to my endpoint configuration:

AliasDefinitions = @{
    Name='Select-MyObject'
    Value='Microsoft.PowerShell.Utility\Select-Object'
}

and using 'Select-MyObject' instead of 'Select-Object' in my function.
Now it works with the RestrictedRemoteServer SessionType.

Am I over-complicating stuff? I'd be glad to here any input..

My final configuration:

AliasDefinitions = @{
    Name='Select-MyObject'
    Value='Microsoft.PowerShell.Utility\Select-Object'
}
ModulesToImport = 'myModule','SmbShare'
VisibleFunctions = 'myFunction'
ExecutionPolicy = 'RemoteSigned'
SessionType = 'RestrictedRemoteServer'
LanguageMode = 'NoLanguage'
RunAsVirtualAccount = $true

November 29, 2016 at 8:53 pm

About to start playing with JEA so thanks for the heads up