How to Disable PowerShell 2.0: Guide With Script

Hello, savvy tech professionals! If you’re an IT administrator or work in managed services (MSP), you know that keeping your environment secure is job number one. One area that often needs scrutiny is the configuration of PowerShell on your Windows systems. So, let’s talk about PowerShell 2.0 and why you might want to disable it. Better yet, let’s discuss a script that does the job for you.

Why Disable PowerShell 2.0?

Firstly, let’s understand why you would want to disable PowerShell 2.0. This legacy version of PowerShell does not have many of the security features and improvements available in newer versions. It’s practically an open invitation to malicious actors to exploit your systems.

The Disable PowerShell 2.0 Script

Now that we’ve established the “why,” let’s talk about the “how.” The Disable PowerShell 2.0 script is your one-stop solution. Written in PowerShell 5.1, the script is designed to work on Windows 10, Windows Server 2016, and above.

Here’s what this script offers:

Elevated Privileges Check

The script performs an initial check to see if it is being run with administrative privileges, and if not, it will notify you to run it as an admin.

OS and Version Check

Before it attempts to remove PowerShell 2.0, it checks your PowerShell version. You need to be running PowerShell 5.1 or later. It’s a good feature, ensuring you don’t mess up your existing setup.

The Removal

The script employs different commands (Disable-WindowsOptionalFeatureand Uninstall-WindowsFeature) based on your operating system to disable PowerShell 2.0. If PowerShell 2.0 is already disabled, it’ll let you know.

The Script

#Requires -Version 5.1

<#
.SYNOPSIS
    Disables PowerShell 2.0.
.DESCRIPTION
    Disables PowerShell 2.0 by removing the feature.
    This script does require that PowerShell 5.1 be installed before hand.
    See: https://docs.microsoft.com/en-us/powershell/scripting/windows-powershell/wmf/setup/install-configure
.EXAMPLE
    No parameters needed.
.OUTPUTS
    String[]
.NOTES
    Minimum OS Architecture Supported: Windows 10, Windows Server 2016
    Release Notes:
    Initial Release
    (c) 2023 NinjaOne
    By using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https://www.ninjaone.com/terms-of-use.
    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. 
    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. 
    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. 
    Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. 
    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. 
    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. 
    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
#>

[CmdletBinding()]
param ()

begin {
    function Test-IsElevated {
        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()
        $p = New-Object System.Security.Principal.WindowsPrincipal($id)
        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)
    }
}
process {
    if (-not (Test-IsElevated)) {
        Write-Error -Message "Access Denied. Please run with Administrator privileges."
        exit 1
    }
    if ($PSVersionTable.PSVersion -ge [Version]::new(5, 1)) {
        if ($(Get-Command "Disable-WindowsOptionalFeature" -ErrorAction SilentlyContinue).Name -like "Disable-WindowsOptionalFeature") {
            if ($(Get-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2 -ErrorAction SilentlyContinue).State -like "Enabled") {
                # Remove PowerShell 2.0 on Windows 10,11
                try {
                    Disable-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2 -ErrorAction Stop
                    Write-Host "Disabled PowerShell 2.0"
                }
                catch {
                    Write-Error $_
                    Write-Host "Unable to disable PowerShell 2.0"
                    exit 1
                }
            }
            if ($(Get-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2Root -ErrorAction SilentlyContinue).State -like "Enabled") {
                # Remove PowerShell 2.0 on Windows 10, 11, Server 2016
                try {
                    Disable-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2Root -ErrorAction Stop
                    Write-Host "Disabled PowerShell 2.0"
                }
                catch {
                    Write-Error $_
                    Write-Host "Unable to disable PowerShell 2.0"
                    exit 1
                }
            }
            else {
                Write-Host "PowerShell is already disabled."
            }
        }
        if ($(Get-Command "Uninstall-WindowsFeature" -ErrorAction SilentlyContinue).Name -like "Uninstall-WindowsFeature") {
            if ($(Get-WindowsFeature -Name PowerShell-V2) -and $(Get-WindowsFeature -Name PowerShell-V2).InstallState -like "Installed") {
                # Remove PowerShell 2.0 on Windows Server
                try {
                    Uninstall-WindowsFeature -Name PowerShell-V2 -ErrorAction Stop
                    Write-Host "Disabled PowerShell 2.0"
                }
                catch {
                    Write-Error $_
                    Write-Host "Unable to disable PowerShell 2.0"
                    exit 1
                }
            }
            else {
                Write-Host "PowerShell is already disabled."
            }
        }
        if (
            $(Get-Command "Disable-WindowsOptionalFeature" -ErrorAction SilentlyContinue).Name -notlike "Disable-WindowsOptionalFeature" -and 
            $(Get-Command "Uninstall-WindowsFeature" -ErrorAction SilentlyContinue).Name -notlike "Uninstall-WindowsFeature"
        ) {
            Write-Host "Running on an unsupported version of Windows."
            exit 1
        }
    }
    else {
        Write-Host "Please upgrade to 5.1 before disabling PowerShell 2.0."
        exit 1
    }
}
end {}

 

How to Use the Script

You don’t need to provide any parameters. Just run the script with administrative privileges. The script will guide you through the process and even catch errors to let you know if something goes wrong.

Benefits for IT Professionals and MSPs

For IT professionals and MSPs, the benefits are twofold:

1. Enhanced Security: By disabling PowerShell 2.0, you’re closing a vulnerability point, thereby making your network more secure.
2. Efficiency: Instead of manually navigating to each server and system to disable PowerShell 2.0, you can automate this task with this script.

Final Thoughts

Disabling PowerShell 2.0 is crucial for enhancing the security posture of your Windows environment. For IT pros and MSPs looking for an efficient way to do this, our Disable PowerShell 2.0 script is a godsend. It automates the task and comes equipped with checks to ensure you’re doing things right.