STIG V-224859 | Windows PowerShell 2.0 must not be in...

Microsoft Windows Server 2016

Windows PowerShell 2.0 must not be installed

STIG ID: WN16-00-000420 | SRG: SRG-OS-000095-GPOS-00049 | Severity: Medium | CCI: CCI-000381 | Vulnerability ID: V-224859

Description

Windows PowerShell 5.0 added advanced logging features that can provide additional detail when malware has been run on a system. Disabling the Windows PowerShell 2.0 mitigates against a downgrade attack that evades the Windows PowerShell 5.0 script block logging feature.

Check

Open "PowerShell".Enter "Get-WindowsFeature | Where Name -eq PowerShell-v2".If "Installed State" is "Installed", this is a finding.An Installed State of "Available" or "Removed" is not a finding.

Fix

Uninstall the "Windows PowerShell 2.0 Engine".Start "Server Manager".Select the server with the feature.Scroll down to "ROLES AND FEATURES" in the right pane.Select "Remove Roles and Features" from the drop-down "TASKS" list.Select the appropriate server on the "Server Selection" page and click "Next".Deselect "Windows PowerShell 2.0 Engine" under "Windows PowerShell" on the "Features" page.Click "Next" and "Remove" as prompted.