Q. How can I configure a remote PowerShell session configuration to only allow a set of cmdlets or modules?
A. To restrict a custom session configuration to a list of cmdlets create a custom session configuration file specifying the list of allowed modules and cmdlets, for example:
New-PSSessionConfigurationFile –ModulesToImport CustomMod –VisibleCmdLets ('*CustomMod*') –LanguageMode ‘NoLanguage’ –SessionType ‘RestrictedRemoteServer’ –Path ‘c:\CustomModonly.pssc’
This would then be used when creating a new session configuration, for example:
Register-PSSessionConfiguration -Name "DCMs" -SecurityDescriptorSddl $psscSd.GetSddlForm("All") -Path C:\CustomModonly.pssc
Now when connecting when you look at commands only the cmdlets specified will be available along with a few core cmdlets such as Exit-PSSession, Get-Help etc. If you needed to remove the session configuration use Unregister-PSSessionConfiguration.
[localhost]: PS> get-command
CommandType Name ModuleName
----------- ---- ----------
Function Add-CustomModBulkUser CustomMod
Function Enable-CustomModVLANUser CustomMod
Function Exit-PSSession
Function Get-Command
Function Get-FormatData
Function Get-Help
Function Measure-Object
Function New-CustomModGroup CustomMod
Function New-CustomModRegUser CustomMod
Function New-CustomModSpecUser CustomMod
Function New-CustomModVLANUser CustomMod
Function Out-Default
Function Select-Object
Function Update-CustomModUserPass CustomMod