How to limit exported commands from binary powershell module (*.dll file)? #23810
Replies: 3 comments 1 reply
-
Can you throw an error if the environment variable is not set correctly when somebody tried to run it? Alternatively base it on some user privilege that the currently executing user must have, eg throw an error if the user is not a member of a group or has some certain rights. |
Beta Was this translation helpful? Give feedback.
-
If the intent is to hide them as to not confuse the user due to cmdlets they wouldn't be using, you could achieve this by not implementing cmdlets directly in your dll, but instead have the psm1 implement cmdlets that call into your dll to perform the work. You can then dynamically use However, if this is intended to be a security boundary, then hiding it wouldn't be sufficient. The resources themselves need to be ACLd correctly with permissions so the user can't call them whether from PowerShell or otherwise. |
Beta Was this translation helpful? Give feedback.
-
If you want real security, rather than security through obscurity, have you considered Just Enough Administration |
Beta Was this translation helpful? Give feedback.
-
I know I can limit exported commands from module that is imported like this:
Import-Module C:\...\MyModule
orImport-Module C:\...\MyModule\MyModule.psd1
Then I can use CmdletsToExport in .psd1.
But, what if I import module from .dll?
Import-Module C:\...\MyModule.dll
How to limit exported commands (cmdlets)?
There are cmdlets in our .dll that should be "hidden" in default and we want to allow calls of them only if some environment variable has some value.
I was thinking that Powershell maybe uses reflection to get commands from .dll, so maybe there is some way to catch some "module initialized" event when importing module, where I could somehow influence what cmdlets should be exported.
Do you see any way how I can achieve this?
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions