I am testing customized endpoints for security and want to bypass the Constrained Language mode that is in place due to a Block App Data GPO policy. I want to bypass this for future projects where I may need to use .NET type of objects…for instance I may need to gather remote deskop profile paths within Active Directory.
ON a Windows 2016 test server, I created a custom endpoint with Full Language mode enabled.
@{ # Version number of the schema used for this document SchemaVersion = '2.0.0.0' # ID used to uniquely identify this document GUID = 'bdd8a1fc-9f40-4e14-b1e3-5ddf1c43e2c9' # Author of this document Author = 'administrator' # Description of the functionality provided by these settings # Description = '' # Session type defaults to apply for this session configuration. Can be 'RestrictedRemoteServer' (recommended), 'Empty', or 'Default' SessionType = 'Default' LanguageMode = 'FullLanguage' # Directory to place session transcripts for this session configuration # TranscriptDirectory = 'C:\Transcripts\' # Whether to run this session configuration as the machine's (virtual) administrator account # RunAsVirtualAccount = $true # Scripts to run when applied to a session # ScriptsToProcess = 'C:\ConfigData\InitScript1.ps1', 'C:\ConfigData\InitScript2.ps1' # User roles (security groups), and the role capabilities that should be applied to them when applied to a session # RoleDefinitions = @{ 'CONTOSO\SqlAdmins' = @{ RoleCapabilities = 'SqlAdministration' }; 'CONTOSO\ServerMonitors' = @{ VisibleCmdlets = 'Get-Process' } } }
I then register the session file BCTEST.pssc and for testing give domain admin full access to the session using the –ShowSecurityDescriptorUI.
PS C:\Windows\system32> Get-PSSessionConfiguration Name : BCTEST PSVersion : 5.1 StartupScript : RunAsUser : Permission : NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, XXXX\administrator AccessAllowed Name : microsoft.powershell PSVersion : 5.1 StartupScript : RunAsUser : Permission : NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, BUILTIN\Remote Management Users AccessAllowed Name : microsoft.powershell.workflow PSVersion : 5.1 StartupScript : RunAsUser : Permission : BUILTIN\Administrators AccessAllowed, BUILTIN\Remote Management Users AccessAllowed Name : microsoft.powershell32 PSVersion : 5.1 StartupScript : RunAsUser : Permission : NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, BUILTIN\Remote Management Users AccessAllowed Name : microsoft.windows.servermanagerworkflows PSVersion : 3.0 StartupScript : RunAsUser : Permission : NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed
I set this session on server w16-tpbc, however when I create a remote session, and see what language mode I am in, I am still in Constrained language mode. Shouldn’t I be in ‘Full Language Mode’ from within this session?
PS C:\Windows\system32> Enter-PSSession -ComputerName w16-tpbc -ConfigurationName BCTEST [w16-tpbc]: PS C:\Users\administrator.TECHPRO\Documents> $ExecutionContext.SessionState.LanguageMode ConstrainedLanguage [w16-tpbc]: PS C:\Users\administrator.TECHPRO\Documents>