We're running BT EPM Cloud. We have some users that need to be able to install some PowerShell modules that require administrative rights. They can successfully run powershell.exe or powershell_ise.exe via the on-demand. When the run the commands for like
`install-module ExchangeOnlineManagement -force -verbose`
it appears to do all the file downloading of the module, but does NOT actually copy the downloaded modules into `C:\Program Files\WindowsPowerShell\Modules directory`.
We have rules for allowing the various modules.
For example:
- Type: Executable
- File/Folder Name: matches contains *powershell*.exe
- Command Line: matches contains *module *ExchangeOnlineManagement*
- Publisher: matches contains Microsoft Windows
- Production Description: matches contains Windows PowerShell*
- Application Requires Elevation (UAC)
We have tried with and without the option
- Treat child processes in the same way if the child process: matches <Any Application>
The allowed powershell modules are in their own application group and just for our High Flex users.
I've even gone as far as creating a COM class exeception for {3AD05575-8857-4850-9277-11B85BDB8E09} (file operations)
The issue only seems to be for the modules that REQUIRE that they run as administrator. As I can, for example, get `install-module ImportExcel' working, without even needing a BT EPM rule.
I found this, https://docs.beyondtrust.com/epm-wm/docs/epm-for-windows-core-scripting, but that appears to be more so for the legacy on-prem solution. I can't find anywhere in EPM Cloud manage scripts or anything.