Information
This policy setting ensures that PowerShell 2.0 is not installed on the system.
The recommended state for this setting is: Not Installed.
Rationale:
Windows PowerShell 2.0 lacks features such as audit logging, which was built into later versions of PowerShell. Therefore, PowerShell 2.0 should not be used on the system as it may impact forensic investigations, such as when a script was executed on the system.
Note: PowerShell 2.0 has been deprecated by Microsoft.
Impact:
PowerShell 2.0 will not be available on the system. Therefore, a later version must be installed.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Uninstall PowerShell 2.0 and PowerShell 2.0 Engine from the system.
GUI:
Navigate to Turn Windows Features on or off
Uncheck the Windows PowerShell 2.0 option
Uncheck the Windows PowerShell 2.0 Engine option
Click OK
Note: Windows Features will search for the required files and then uninstall the PowerShell 2.0. A reboot is necessary for the change to take place.
CMD Line
PowerShell 2.0
Dism /online /Disable-Feature /FeatureName:MicrosoftWindowsPowerShellV2Root
#Verify the feature has been uninstalled:
Dism /online /Get-FeatureInfo /FeatureName:MicrosoftWindowsPowerShellV2Root
PowerShell 2.0 Engine
Dism /online /Disable-Feature /FeatureName:MicrosoftWindowsPowerShellV2
#Verify the feature has been uninstalled:
Dism /online /Get-FeatureInfo /FeatureName:MicrosoftWindowsPowerShellV2
Default Value:
Not Installed.