UCF STIG Viewer Logo

The Windows PowerShell 2.0 feature must be disabled on the system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-70637 WN10-00-000155 SV-85259r1_rule Medium
Description
Windows PowerShell 5.0 added advanced logging features which can provide additional detail when malware has been run on a system. Disabling the Windows PowerShell 2.0 mitigates against a downgrade attack that evades the Windows PowerShell 5.0 script block logging feature.
STIG Date
Windows 10 Security Technical Implementation Guide 2017-04-28

Details

Check Text ( None )
None
Fix Text (F-76869r1_fix)
Disable "Windows PowerShell 2.0" on the system.

Run "Windows PowerShell" with elevated privileges (run as administrator).
Enter the following:
Disable-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2Root

This command should disable both "MicrosoftWindowsPowerShellV2Root" and "MicrosoftWindowsPowerShellV2" which correspond to "Windows PowerShell 2.0" and "Windows PowerShell 2.0 Engine" respectively in "Turn Windows features on or off".

Alternately:
Search for "Features".
Select "Turn Windows features on or off".
De-select "Windows PowerShell 2.0".