I would like to restrict the Powershell commands available to a local domain user account running a service on a server, similar to what is described for remoting users here: http://www.petri.co.il/powershell-remoting-restricting-user-commands.htm#
Ideally, I would restrict the service account to only being able to execute functions defined within 1 or 2 signed modules.
The reason I want to do this is that I'm setting up an Octopus Tentacle service running under a domain user account, and I would like to limit the behaviors available to powershell deployment tasks run on that specific server by that Tentacle service account.
I've toyed with the idea of remoting to the local machine, and assigning a new, restricted identity, using stored credentials, and/or a variety of other things, but really it would be simplest just to restrict the local service to only being able to run a select number of pre-defined, signed Powershell modules. Since the service account has network access to other folders, it is necessary to prevent users from loading a signed script to a fileshare and referencing it externally.
Any ideas?