this might not be place to ask, has anyone come across a way to set powershell language mode to 'no language'
no language is a requirement for powershell just enough administration (jea) and it is set on a remote target by settign the language mode in the session configuration file (.pssc), jea is enforced, if i am correct, only when user connects to remote target using powershell remoting
does anyone know the key values for the different language modes at this key?
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\CodeIdentifiers\DefaultLevel
this should be open source windows internals information
enforcing language mode for a session\not permanently can be done by launching powershell with this command string or converting this into a script, but this is does not protect the machine if malware launches powershell:
Start-Process -FilePath "powershell" -ArgumentList ($ExecutionContext.SessionState.LanguageMode = "NoLanguage")
i suppose one can configure just enough administration (jea) on localhost, which will block all cmdlets by default, set a role for the configured users on the machine, and then specify in their session configuration files that powershell runs in nolanguage (or constrained language) mode, but this is might be a problem as user must connect to interactive powershell session using cmdlet Enter-PSSEssion -ComputerName localhost, and this means powershell remoting must be enabled on localhost, so not a very good solution, this however will protect system against powershell abuse by attacker or malware
there is applocker and device guard, but that is not a good solution either as, i might be mistaken, nolanguage mode cannot be set - only constrained language is enforced through these
malwaretips.com
