Introduction
Windows PowerShell 2.0 is outdated and should no longer be present on your systems. If you haven’t checked your systems, it’s time to audit your workstations and servers. If you find Windows PowerShell 2.0, disable it and update as necessary.
Many companies have yet to remove it or update the Windows Management Framework on their servers. If you’re still using Windows Server 2008 R2 and Server 2012R2, perform an audit and update them to WMF 5.1.
Ideally, these older servers should be upgraded to a newer operating system, but we understand that application compatibility can sometimes make this difficult.
Download WMF 5.1 here: https://www.microsoft.com/en-us/download/details.aspx?id=54616
Read the Windows Management Framework 5.x release notes: https://learn.microsoft.com/en-us/powershell/scripting/windows-powershell/wmf/whats-new/release-notes?view=powershell-7.2
How to remove it
To remove Windows PowerShell 2.0, you can create a Baseline using Configuration Manager or Intune.
For discovery, use this one-liner:
<#
=================================================================================
DISCLAIMER:
This script is provided "as-is" with no warranties. Usage of this script is at
your own risk. The author is not liable for any damages or losses arising from
using this script. Please review the full legal disclaimer at:
https://kaidojarvemets.com/legal-disclaimer/
=================================================================================
#>
Get-WindowsOptionalFeature -FeatureName "MicrosoftWindowsPowerShellV2Root" -Online | Select-Object -ExpandProperty State
Remediation one-liner
<#
=================================================================================
DISCLAIMER:
This script is provided "as-is" with no warranties. Usage of this script is at
your own risk. The author is not liable for any damages or losses arising from
using this script. Please review the full legal disclaimer at:
https://kaidojarvemets.com/legal-disclaimer/
=================================================================================
#>
Disable-WindowsOptionalFeature -FeatureName "MicrosoftWindowsPowerShellV2Root" -Online
You can also create a PowerShell script to remotely check all machines.
You can find the recommendation on STIG Viewer:
These two lines of PowerShell are also available on my GitHub page.
Summary
In summary, it’s crucial to remove the outdated Windows PowerShell 2.0 from your systems and update the Windows Management Framework on your servers. Regularly audit your workstations and servers, especially if using Windows Server 2008 R2 or Server 2012R2, and update them to WMF 5.1. Ideally, upgrade older servers to a newer operating system when possible.
Utilize Configuration Manager or Intune to create a Baseline for removing Windows PowerShell 2.0, and use one-liners or PowerShell scripts for discovery and remediation.
