Disable Windows PowerShell 2.0 on your systems

Windows PowerShell 2.0 should not be on your systems anymore. If you haven't analyzed your systems, it is time to audit your workstations and servers. If Windows PowerShell 2.0 is still there, disable it and update where possible.

I still see companies haven't removed it, and at the same time, they haven't updated Windows Management Framework on servers. If you still have Windows Server 2008 R2 and Server 2012R2, audit your servers and update them to WMF 5.1.

A better idea would be to upgrade these old servers to a newer operating system, but we know that sometimes, it is impossible because of the apps, etc.

You can download the WMF 5.1 from here - https://www.microsoft.com/en-us/download/details.aspx?id=54616

You can read the Windows Management Framework 5.x release notes. https://learn.microsoft.com/en-us/powershell/scripting/windows-powershell/wmf/whats-new/release-notes?view=powershell-7.2

How to remove it

If you are using Configuration Manager or Intune, you can create a Baseline.

For discovery, use this one-liner

Get-WindowsOptionalFeature -FeatureName "MicrosoftWindowsPowerShellV2Root" -Online | Select-Object -ExpandProperty State

Remediation one-liner

Disable-WindowsOptionalFeature -FeatureName "MicrosoftWindowsPowerShellV2Root" -Online

You can always write a script in PowerShell to check all the machines remotely.

You can find the recommendation on STIG Viewer as well

• https://www.stigviewer.com/stig/windows_server_2016/2019-03-13/finding/V-73301

I have posted these two lines of PowerShell on my GitHub page as well.

Configuration-Manager/Disable-WindowsPowerShell20.ps1 at master · Kaidja/Configuration-Manager

Automation around Configuration Manager. Contribute to Kaidja/Configuration-Manager development by creating an account on GitHub.

GitHubKaidja