Wahmans Powershell Blog

New-PSSessionConfigurationFile

Exploring New-PSSessionConfigurationFile in PowerShell

Welcome back to Wahmans PowerShell Blog! Today, we’re going deep into one of those lesser-known but super powerful cmdlets in PowerShell: New-PSSessionConfigurationFile.

According to the official Microsoft documentation, the New-PSSessionConfigurationFile cmdlet creates a file that defines a session configuration. These session configuration files can be used to register custom PowerShell sessions that enforce policies and limitations on users who connect using PowerShell Remoting.

Why Should You Care?

Custom session configurations allow you to control and secure remoting sessions. Whether you need to restrict visible commands, run as a different user, define modules, or limit language usage, this cmdlet is your friend.

Example 1: Basic Session Configuration File

Let’s start with the very basics: create a minimal session configuration file with default settings.

New-PSSessionConfigurationFile -Path ".\MySessionConfig.pssc"

This creates a .pssc file that you can later register using Register-PSSessionConfiguration. It uses the default settings, which is great for understanding the layout and possibilities.

Example 2: Limit Visible Cmdlets

Next, let’s restrict which cmdlets are visible in the session. This is extremely useful for enforcing operational boundaries for scripts or junior administrators.

New-PSSessionConfigurationFile -Path ".\LimitedConfig.pssc" \ 
  -VisibleCmdlets @("Get-Process", "Get-Service")

In this setup, users of the session will only be able to use Get-Process and Get-Service.

Example 3: Force Module Loading and Script Block Language Mode

Now we’re upping our game. This configuration file will automatically import a module and lock the language mode to ‘NoLanguage’ to improve security.

New-PSSessionConfigurationFile -Path ".\RestrictedConfig.pssc" \ 
  -ModulesToImport "ActiveDirectory" \ 
  -LanguageMode NoLanguage

This is useful when you only want users to use specific cmdlets and prevent them from running arbitrary script code.

Example 4: RunAsUser Configuration

This advanced example sets up the session to always run as a specific user. Great when you want standardized access levels, such as a monitoring or reporting account.

New-PSSessionConfigurationFile -Path ".\RunAsConfig.pssc" \ 
  -RunAsUser "DOMAIN\ServiceAccount" \ 
  -VisibleCmdlets @("Get-EventLog")

Don’t forget — the account specified by RunAsUser must have appropriate permissions and be configured to allow delegation if used alongside Kerberos-based remoting.

Final Thoughts

The New-PSSessionConfigurationFile cmdlet is a powerful tool in the PowerShell toolbox for creating custom and secure remoting experiences. Whether you’re managing a small team or locking down a large environment, understanding this cmdlet will definitely level up your administrative skills.

Happy scripting, and I will see you in the next post!

Leave a Reply

Your email address will not be published. Required fields are marked *