0ptikGhost
Basic Member
Posts:296
 |
| 26 Feb 2010 06:17 PM |
|
I want to execute a script in "restricted language mode". I would like to specify a small subset of functions that are available to be executed in the script. I've been trying to find something online describing how to do this but I'm coming up with nothing. Can somebody point me in the right direction? |
|
|
|
|
Marco Shaw (MVP)
Veteran Member
Posts:1646
|
| 27 Feb 2010 03:31 AM |
|
Sounds like you want a "restricted runspace". These are available in v2 and are considered, I think, to be part of the remoting features.
Are you running v2? |
|
Marco
*Microsoft MVP - Windows PowerShell
https://mvp.support.microsoft.com/profile/Marco.Shaw
*Co-Author - Sams Windows PowerShell Unleashed 2nd Edition
*Blog - http://marcoshaw.blogspot.com |
|
|
0ptikGhost
Basic Member
Posts:296
|
| 28 Feb 2010 08:21 AM |
|
Yes, I'm running v2. I'll see what I can find out about restricted runspaces as they relate to remoting. Any other pointers, examples, etc. would be greatly appreciated! |
|
|
|
|
aleksandar
New Member
Posts:54
|
| 28 Feb 2010 09:29 AM |
|
Here is an example for you. The following script c:\scripts\restrictions.ps1 is used to disable an access to all applications and scripts. It also allows users to run only a few cmdlets and restricts the PowerShell language elements to a very limited set.
PS> Get-Content c:\scripts\restrictions.ps1
# Disable access to all applications
$ExecutionContext.SessionState.Applications.Clear()
# Disable access to scripts
$ExecutionContext.SessionState.Scripts.Clear()
# Define a list of allowed commands
$RequiredCommands = "Exit-PSSession", "Get-Command", "Get-FormatData", "Get-Help", "Measure-Object", "Out-Default", "Select-Object"
$Commands = $RequiredCommands + "Get-Process", "Get-Service", "Where-Object", "ForEach-Object"
# Make everything except the allowed commands private (not visible)
Get-Command | Where-Object {$Commands -notcontains $_.Name} | ForEach-Object {$_.Visibility="Private"}
# Restrict the PowerShell language elements to a very limited set. The possible values are FullLanguage, RestrictedLanguage, and NoLanguage
$ExecutionContext.SessionState.LanguageMode="RestrictedLanguage"
Creating a restricted PowerShell session configuration is now very easy. You should run the following command on a target computer:
PS> Register-PSSessionConfiguration -Name Restricted -StartupScript c:\scripts\restrictions.ps1
On a client computer you can create restricted remote session specifying the Restricted configuration name:
PS> $restricted = New-PSSession -ComputerName -ConfigurationName Restricted
PS> Enter-PSSession $restricted
|
|
| Follow me on Twitter: http://twitter.com/alexandair |
|
|
Marco Shaw (MVP)
Veteran Member
Posts:1646
|
| 28 Feb 2010 09:33 AM |
|
|
|
Marco
*Microsoft MVP - Windows PowerShell
https://mvp.support.microsoft.com/profile/Marco.Shaw
*Co-Author - Sams Windows PowerShell Unleashed 2nd Edition
*Blog - http://marcoshaw.blogspot.com |
|
|