Security Focus: Set ConstrainedLanguage Mode on My Machine


Whilst doing some research, for a presentation on Security and PowerShell, I came across this cheeky one-liner:


[Environment]::SetEnvironmentVariable('__PSLockdownPolicy', '4', 'Machine')

 

After running it, look what happens when I try and start PowerShell. Damn, my profile script won’t run… but, what’s this? I can’t do other stuff, too? Damn!

capture192

 

If you’ve never come across ConstrainedLanguage mode, it does exactly that… it constrains the PowerShell language. Very useful if you want to harden a system.

In WMF 5 on Windows 10 you can use this in conjunction with Applocker to enforce the restriction of PowerShell activity.

capture190

 

 

Comments (0)

Skip to main content