Enter-PSSession to custom endpoint: Cmdlet not recognized

Question

I am trying to setup an Endpoint-Server in my company and am struggling to connect to it. For testing I put a RcLogUtil Module in the Global Module Path
C:\windows\system32\WindowsPowershell\v1.0\Modules\RcLogUtil\
that exports the functions

'Out-LogToEventLog','New-LogMessage'

The Plan is to let a specific set of users access only those Logging-Functions.

I create a SessionConfiguration:

New-PSSessionConfigurationFile -Path C:\Scripts\LoggerEp.pssc `
            -SessionType RestrictedRemoteServer `
            -LanguageMode FullLanguage `
            -ExecutionPolicy Unrestricted `
            -ModulesToImport 'RcLogUtil' `
            -VisibleFunctions 'Out-LogToEventLog' `
            -VisibleCmdlets 'Split-Path'

Register it:

Register-PSSessionConfiguration -Path C:\Scripts\LoggerEp.pssc `
                            -Name loggerep `
                            -ShowSecurityDescriptorUI 

And enter it on my local machine:

[W0216]> Enter-PSSession -ComputerName mka-ps-endpoint -ConfigurationName loggerep

Enter-PSSession : One or more errors occurred processing the module 'RcLogUtil' specified in the InitialSessionState object used to create this runspace. See the ErrorRecords property for a complete list of errors. The first error was: The term 'Split-Path' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + Enter-PSSession -ComputerName mka-ps-endpoint -ConfigurationName loggerep + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (:) [Enter-PSSession], RunspaceOpenModuleLoadException + FullyQualifiedErrorId : ErrorLoadingModulesOnRunspaceOpen

The huge question now is.. why is the Session unable to find Split-Path? Or how do I tell the Endpoint to load that particular cmdlet? I successfully tried the same with SessionType=’Default’ and it worked but with all the powershell clutter around it.


I would really apreciate any help I can get as I am stuck with this for quite some time now.. Thanks!

Answer 1

There is the option to disable each cmdlet in advance by using -SessionType Default with the -ScriptsToProcess 'C:\Scripts\LoggerEpStartup.ps1' Parameter when creating a SessionConfiguration.

New-PSSessionConfigurationFile -Path C:\Scripts\LoggerEp.pssc `
                -SessionType Default `
                -LanguageMode FullLanguage `
                -ExecutionPolicy Unrestricted `
                -ModulesToImport 'RcLogUtil' `
                -VisibleFunctions 'Out-LogToEventLog' `
                -ScriptsToProcess 'C:\Scripts\LoggerEpStartup.ps1'

C:\Scripts\LoggerEpStartup.ps1:

# Commands needed by PSSession (Also the commands used when 
# creating a RestrictedRemoteServer )
$CmdsToExclude = @(
    'Get-Command'   , 'Out-Default'   ,
    'Exit-PSSession', 'Measure-Object',
    'Select-Object' , 'Get-FormatData'
)

# Hide any other commandlets except the ones needed 
# to create a remote session
Get-Command | Where Visibility -eq 'Public' | ForEach-Object {
    if ( $_.Name -notin $CmdsToExclude ) {
        $_.Visibility = 'Private'
    }
}

But I want to avoid that aproach as it seems to be more of a clumsy workaround than a proper solution.