20.70 Ensure 'Windows PowerShell 2.0' is 'not installed'

Information

Windows PowerShell was designed with purpose of task automation and configuration management.

The STIG recommended state for this setting is: Not installed

Windows PowerShell 2.0 can be used in some scenarios by attackers who want to bypass the script block logging feature that was added in PowerShell 5.0.7.

Solution

To Uninstall the

Windows PowerShell 2.0 Engine

feature:

- Open

Server Manager

- Select the

server

with the role
- Scroll down to

ROLES AND FEATURES

in the right pane
- Select

Remove Roles and Features

from the drop-down

TASKS

list
- Select the appropriate server on the

Server Selection

page and click next
- Deselect

Windows PowerShell 2.0 Engine

under

Windows PowerShell

on the

Features

page
- Click next and

Remove

as prompted (if installed)

Note: Windows PowerShell 5.0 added advanced logging features that can provide additional detail when malware has been run on a system.

Impact:

PowerShell scripts that rely on PowerShell 2.0 will not function in your environment.

See Also

https://workbench.cisecurity.org/benchmarks/15301