Introduction
Windows PowerShell 2.0 is outdated and should no longer be present on your systems. If you haven’t checked your systems, it’s time to audit your workstations and servers. If you find Windows PowerShell 2.0, disable it and update as necessary.
Many companies have yet to remove it or update the Windows Management Framework on their servers. If you’re still using Windows Server 2008 R2 and Server 2012R2, perform an audit and update them to WMF 5.1.
Ideally, these older servers should be upgraded to a newer operating system, but we understand that application compatibility can sometimes make this difficult.
Download WMF 5.1 here: https://www.microsoft.com/en-us/download/details.aspx?id=54616
Read the Windows Management Framework 5.x release notes: https://learn.microsoft.com/en-us/powershell/scripting/windows-powershell/wmf/whats-new/release-notes?view=powershell-7.2
How to remove it
To remove Windows PowerShell 2.0, you can create a Baseline using Configuration Manager or Intune.
For discovery, use this one-liner:
Get-WindowsOptionalFeature -FeatureName "MicrosoftWindowsPowerShellV2Root" -Online | Select-Object -ExpandProperty State
Remediation one-liner
Disable-WindowsOptionalFeature -FeatureName "MicrosoftWindowsPowerShellV2Root" -Online
You can also create a PowerShell script to remotely check all machines.
You can find the recommendation on STIG Viewer:
These two lines of PowerShell are also available on my GitHub page.
Summary
In summary, it’s crucial to remove the outdated Windows PowerShell 2.0 from your systems and update the Windows Management Framework on your servers. Regularly audit your workstations and servers, especially if using Windows Server 2008 R2 or Server 2012R2, and update them to WMF 5.1. Ideally, upgrade older servers to a newer operating system when possible.
Utilize Configuration Manager or Intune to create a Baseline for removing Windows PowerShell 2.0, and use one-liners or PowerShell scripts for discovery and remediation.
