UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Windows PowerShell 2.0 must not be installed on Windows 2012/2012 R2.


Overview

Finding ID Version Rule ID IA Controls Severity
V-226055 WN12-00-000220 SV-226055r569184_rule Medium
Description
Windows PowerShell versions 4.0 (with a patch) and 5.x add advanced logging features that can provide additional detail when malware has been run on a system. Ensuring Windows PowerShell 2.0 is not installed as well mitigates against a downgrade attack that evades the advanced logging features of later Windows PowerShell versions.
STIG Date
Microsoft Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide 2021-03-05

Details

Check Text ( C-27757r475488_chk )
Windows PowerShell 2.0 is not installed by default.

Open "Windows PowerShell".

Enter "Get-WindowsFeature -Name PowerShell-v2".

If "Installed State" is "Installed", this is a finding.

An Installed State of "Available" or "Removed" is not a finding.
Fix Text (F-27745r475489_fix)
Windows PowerShell 2.0 is not installed by default.

Uninstall it if it has been installed.

Open "Windows PowerShell".

Enter "Uninstall-WindowsFeature -Name PowerShell-v2".

Alternately:

Use the "Remove Roles and Features Wizard" and deselect "Windows PowerShell 2.0 Engine" under "Windows PowerShell".