Quick post about VMWare modules and ConstrainedLanguage mode

    • Context

There are new modules from Vmware available on the PowerShell Gallery:

Thanks to Applocker configured in whitelist mode, your favorite PowerShell console runs in ConstrainedLanguage mode even when you’re an admin and have it elevated.
You’ve Applocker rules that for example allow the Path where the VMware modules and files are located.

    • Issue

When you load the VMWare.PowerCli module:

Import-Module VMware.PowerCli -Verbose -Force

There’s a message saying:

Import-Module : Importing *.ps1 files as modules is not allowed in ConstrainedLanguage mode.
At line:1 char:1
+ Import-Module VMware.PowerCli -Verbose -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (:) [Import-Module], InvalidOperationException
+ FullyQualifiedErrorId : Modules_ImportPSFileNotAllowedInConstrainedLanguage,Microsoft.PowerShell.Commands.ImportModuleCommand

    • Solution

If you edit the VMware.PowerCLI.psd1 file and comment the following offending line:

Ok, this breaks the digital signature using the SignerCertificate Subject: CN=”VMware, Inc.”, O=”VMware, Inc.”, L=Palo Alto, S=California, C=US. That’s why we have an Applocker path rules and not a certificate based rule 🙄

It loads your VMware modules w/o the above error message 🙂

Nothing is missing except the welcome/help message in the VMware.PowerCLI.ps1 file 😎