The current version of Windows PowerShell is 5. PowerShell comes pre-installed in Windows 10 and has replaced Command Prompt in the Power user menu. While PowerShell 5 is the stable version running on your system, the PowerShell 2.0 engine is still enabled on it and this version of PowerShell is now recognized as a security risk that can be used to run malicious scripts. Windows 10 deprecated it in the Fall Creators Update however, that doesn’t mean that it’s been removed for all users. It may still be enabled on your system. Here’s how you can check if you’re still running this engine, and how you can disable Windows PowerShell 2.0.
Check PowerShell 2.0
Open PowerShell with administrative rights and run the following command.
Get-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2
In the results that this command returns, look at the State field. If it says that this engine is Enabled, then you need to disable it. If the State returns the Disabled value, you’re good to go. You do not need to do anything else.
Disable Windows PowerShell 2.0 Engine
Open PowerShell with administrative rights, and run the following command;
Disable-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2Root
This will disable Windows PowerShell 2.0 engine. You can check it by running this command again. The State should return ‘Disabled’.
If you’re not comfortable running the command in PowerShell, you can disable the feature from the Control Panel as well. Open File Explorer and enter the following in the location bar.
Click ‘Turn Windows features on or off’. This will open a new window called ‘Windows Features’. It may take a little time for this window to load the list of features that you can enable/disable. Once the list loads, scroll to the end and look for Windows PowerShell 2.0. Uncheck it, and click OK. You do not need to restart your system for this to take affect.
What’s The Risk?
Windows PowerShell 5 has an anti-malware feature that scans and prevents malicious scripts from running however, the PowerShell 2.0 engine can be used to run a downgrade attack that can bypass the anti-malware check. This will ultimately result in a malicious PowerShell script running on your system.
Disabling the engine shouldn’t have any negative impacts. Microsoft is aware that some apps still use PowerShell 2.0 but they’re working to help migrate them to a newer version. While this feature has been deprecated, it will still remain a part of Windows 10 for the foreseeable future and users will be able to enable it if they need/want to.