Disable PowerShell v2 via GPO

I'm trying to disable the old v2 version of PowerShell via GPO but have not been successful.

I have tried everything, to run a Scheduled Task (running a PowerShell script which command inside DOES indeed work if run locally), which included copying the file on the local machine, to setting up a new Software Restriction Policy, but nothing works as that version of PowerShell stays enabled.

Any suggestions?

4

1 Answer

Assuming you have a requirement like this STIG:

Windows PowerShell 5.0 added advanced logging features which can provide additional detail when malware has been run on a system. Disabling the Windows PowerShell 2.0 mitigates against a downgrade attack that evades the Windows PowerShell 5.0 script block logging feature.

The fix is to disable the windows Feature. For example:

# Windows 10:
Disable-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2Root
# Windows Server:
Uninstall-WindowsFeature -Name PowerShell-V2

Uninstalling should take a minute or so, then show you whether a restart is required for the change:

Uninstall-WindowsFeature PowerShell-V2
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True No Success {Windows PowerShell 2.0 Engine}
# running the command again does not error:
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True No NoChangeNeeded {} 

To check the current status:

# Windows 10
Get-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2Root
FeatureName : MicrosoftWindowsPowerShellV2Root
DisplayName : Windows PowerShell 2.0
Description : Adds or Removes Windows PowerShell 2.0
RestartRequired : Possible
State : Enabled
CustomProperties :
# Windows Server:
Get-WindowsFeature -Name PowerShell*
Display Name Name Install State
------------ ---- -------------
[X] Windows PowerShell PowerShellRoot Installed [X] Windows PowerShell 5.1 PowerShell Installed [X] Windows PowerShell 2.0 Engine PowerShell-V2 Installed ## Should be "Available" [X] Windows PowerShell ISE PowerShell-ISE Installed
4

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like