-
-
-
-
-
-
-
Citrix Applications Are Still Displayed with Old Name After Renaming
-
Differences between SessionPublishedAppsCtx and SessionPublishedName
-
PowerShell Constrained Language mode
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
PowerShell Constrained Language mode
This document explains how to use uberAgent with PowerShell’s Constrained Language mode enabled.
Understanding Constrained Language Mode
PowerShell Constrained Language mode is a security feature that restricts access to sensitive language elements that can be used to invoke arbitrary Windows APIs. These features are often required to perform sophisticated cyber attacks. For a detailed description, see this Microsoft blog post.
Impact on uberAgent
uberAgent relies on PowerShell for collecting various metrics, such as details related to Citrix or Custom Scripts. The required data is accumulated via multiple APIs, most of which need full access to PowerShell’s capabilities.
Identifying Potential Issues
If you encounter problems in this context, you will notice the following keywords near powershell.exe in uberAgent’s log files:
PermissionDeniedPSNotSupportedException
The above keywords indicate issues that may have arisen due to the limitations imposed by Constrained Language mode in PowerShell.
How to use Constrained Language Mode With uberAgent
Constrained Language mode is often implemented by system-wide application control tools, such as AppLocker or Windows Defender Application Control. These tools can also remove the restrictions for files and folders you trust, allowing full command functionality for those particular files.
AppLocker
If AppLocker is used for application control, you can allow-list uberAgent’s PowerShell scripts with the following steps:
- Open the Group Policy editor.
- Navigate to Computer Configuration > Windows Settings > Security Settings > Application Control Policies > AppLocker > Script Rules.
-
Create a new rule
- Action: Allow
- You can choose between Publisher (4) and Path (5)
-
Did you choose Publisher?
- Select an uberAgent script, e.g.,
C:\ProgramData\vast limits\uberAgent\Configuration\Security inventory\Windows\Antivirus\Antivirus.ps1 - Set the slider to Publisher
- Select an uberAgent script, e.g.,
-
Did you choose Path?
- Select Browse Folders
- Select a folder e.g.,
%OSDRIVE%\ProgramData\vast limits\uberAgent\Configuration\Security inventory\*
- If you want to exclude files from the allowlist, you can do that on the Exceptions page.
- Finally, enter a name for the rule and a description.
- Click Create to add the new rule.
Once the policies are synchronized at the endpoint, uberAgent’s scripts should run in FullLanguage mode.
Ensure that allow-listed folders and scripts are read-only for regular users. This prevents privilege escalation and ensures PowerShell can execute scripts without modifications.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.