Skip to content

Improve debuggability of the ConstrainedLanguage mode #18628

New issue
New issue
Closed
Closed
Improve debuggability of the ConstrainedLanguage mode#18628
Assignees
PaulHigin
Labels
Committee-ReviewedPS-Committee has reviewed this and made a decisionIssue-Enhancementthe issue is more of a feature request than a bugResolution-No ActivityIssue has had no activity for 6 months or moreWG-Securitysecurity related areas such as JEA
@wasker

Description

@wasker
wasker
opened on Nov 21, 2022

Summary of the new feature / enhancement

Today, if PowerShell starts in ConstrainedLanguage, there's no way to tell why did this happen.

The problem is simply manifested as:

Microsoft.PowerShell_profile.ps1: Cannot dot-source this command because it was defined in a different language mode. To invoke this command without importing its contents, omit the '.' operator.

There're multiple reasons for why the scripting is restricted and knowing which one exactly is very helpful when troubleshooting the issue.

Proposed technical implementation details (optional)

That'd be great if one could start pwsh in a mode where it would print out the high-level source of the issue (WLDP, AppLocker, cached or not, system or user, file policy enforcement).

The best would be if it could analyze CI policies present on the machine and highlight which one is the culprit (stretch goal.)

Metadata

Metadata

Assignees

Labels

Committee-ReviewedPS-Committee has reviewed this and made a decisionIssue-Enhancementthe issue is more of a feature request than a bugResolution-No ActivityIssue has had no activity for 6 months or moreWG-Securitysecurity related areas such as JEA

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions