Information
Windows PowerShell was designed with purpose of task automation and configuration management.
The STIG recommended state for this setting is: Not installed
Note: Windows PowerShell 5.0 added advanced logging features that can provide additional detail when malware has been run on a system.
Rationale:
Windows PowerShell 2.0 can be used in some scenarios by attackers who want to bypass the script block logging feature that was added in PowerShell 5.0.7.
Impact:
PowerShell scripts that rely on PowerShell 2.0 will not function in your environment.
Solution
To Uninstall the Windows PowerShell 2.0 Engine feature:
Open Server Manager
Select the server with the role
Scroll down to ROLES AND FEATURES in the right pane
Select Remove Roles and Features from the drop-down TASKS list
Select the appropriate server on the Server Selection page and click next
Deselect Windows PowerShell 2.0 Engine under Windows PowerShell on the Features page
Click next and Remove as prompted (if installed)
Default Value:
N/A
Additional Information:
Microsoft Windows Server 2019 Security Technical Implementation Guide:
Version 2, Release 1, Benchmark Date: November 13, 2020
Vul ID: V-205685
Rule ID: SV-205685r569188_rule
STIG ID: WN19-00-000410
Severity: CAT II