I have a module with a single user defined function inside of it. This is located locally on a remote server I am using to test. I have created an endpoint configuration file and registered the configuration. I have also specified to allow the module I created.
My question is related to how to lock it down as securely as possible while still being able to execute the user defined function within the module.
The function is pretty simple and uses: New-Item, New-SMBShare, CMD.exe (for icacls and dfsutil) and New-DFSNFolder.
If I understand this correctly it would be better to run the Endpoint with a -SessionType of something like RestrictedRemoteServer and set the -LanguageMode to NoLanguage(or Constrained or Restricted). However when I set these values to anything other than totally unrestricted I am no longer able to run my function remotely.
Any guidance is appreciated.