this might not be place to ask, has anyone come across a way to set powershell language mode to 'no language'
no language is a requirement for powershell just enough administration (jea) and it is set on a remote target by settign the language mode in the session configuration file (.pssc), jea is enforced, if i am correct, only when user connects to remote target using powershell remoting
does anyone know the key values for the different language modes at this key?
this should be open source windows internals information
enforcing language mode for a session\not permanently can be done by launching powershell with this command string or converting this into a script, but this is does not protect the machine if malware launches powershell:
Start-Process -FilePath "powershell" -ArgumentList ($ExecutionContext.SessionState.LanguageMode = "NoLanguage")
i suppose one can configure just enough administration (jea) on localhost, which will block all cmdlets by default, set a role for the configured users on the machine, and then specify in their session configuration files that powershell runs in nolanguage (or constrained language) mode, but this is might be a problem as user must connect to interactive powershell session using cmdlet Enter-PSSEssion -ComputerName localhost, and this means powershell remoting must be enabled on localhost, so not a very good solution, this however will protect system against powershell abuse by attacker or malware
there is applocker and device guard, but that is not a good solution either as, i might be mistaken, nolanguage mode cannot be set - only constrained language is enforced through these