WN12-00-000220 - Windows PowerShell 2.0 must not be installed on Windows 2012/2012 R2.

Information

Windows PowerShell versions 4.0 (with a patch) and 5.x add advanced logging features that can provide additional detail when malware has been run on a system. Ensuring Windows PowerShell 2.0 is not installed as well mitigates against a downgrade attack that evades the advanced logging features of later Windows PowerShell versions.

Solution

Windows PowerShell 2.0 is not installed by default.

Uninstall it if it has been installed.

Open 'Windows PowerShell'.

Enter 'Uninstall-WindowsFeature -Name PowerShell-v2'.

Alternately:

Use the 'Remove Roles and Features Wizard' and deselect 'Windows PowerShell 2.0 Engine' under 'Windows PowerShell'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_MS_V3R7_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-225265r569185_rule, STIG-ID|WN12-00-000220, STIG-Legacy|SV-95185, STIG-Legacy|V-80477, Vuln-ID|V-225265

Plugin: Windows

Control ID: 48c8591097cfeb8e2f2d76018a6a44ebfcb595ed38d7cb6fc4a2c4a1b30e73f1