InformationWindows PowerShell was designed with purpose of task automation and configuration management.
The STIG recommended state for this setting is: Not installed
Note: Windows PowerShell 5.0 added advanced logging features that can provide additional detail when malware has been run on a system.
Windows PowerShell 2.0 can be used in some scenarios by attackers who want to bypass the script block logging feature that was added in PowerShell 5.0.7.
PowerShell scripts that rely on PowerShell 2.0 will not function in your environment.
SolutionTo Uninstall the Windows PowerShell 2.0 Engine feature:
Open Server Manager
Select the server with the role
Scroll down to ROLES AND FEATURES in the right pane
Select Remove Roles and Features from the drop-down TASKS list
Select the appropriate server on the Server Selection page and click next
Deselect Windows PowerShell 2.0 Engine under Windows PowerShell on the Features page
Click next and Remove as prompted (if installed)
Microsoft Windows Server 2016 Security Technical Implementation Guide:
Version 2, Release 2, Benchmark Date: May 04, 2021
Vul ID: V-224859
Rule ID: SV-224859r569186_rule
STIG ID: WN16-00-000420
Severity: CAT II