Hi,
Our InfoSec team are currently preparing to roll out the PowerShell lockdown environment variable “__pslockdownpolicy=4” which enables PowerShell 5’s “Constrained Mode” and stops a load of PowerShell features from working unless the code is signed with a trusted certificate (e.g. New-Object and Import-Module are blocked for the most part) .
I’ve tested this setting on a canary server, and it broke a lot of our OctopusDeploy projects :-(. I didn’t get as far as testing the core Tentacle itself so I’m not sure if there are any other problems waiting for me further down th eline.
Do you currently have any advice for how to run a Tentacle on a server with this the PowerShell Constrained Mode setting applied? E.g. are there specific folders I could try whitelisting, do you sign your code with a code-signing certificate I could trust, or is OctopusDeploy just not really designed to support Constrained Mode?
Cheers,
Mike