Microsoft just announced that PowerShell 2 will soon be labeled “deprecated”. It will still be available for some time, but this is a gentle hint that you should move away from it, and focus on PowerShell 5.
PowerShell 2 is the default PowerShell available on Windows 7. Yet even on modern operating systems, PowerShell 2 may still be around. Let’s check how much your system is still impacted by PowerShell 2.
The line below returns the PowerShell version you are currently running:
Any version less than 5 indicates that you should review your update policy. PowerShell 5 is the latest PowerShell version and available as an update to all machines down to Windows 7 and Server 2008 R2. There is typically no reason to run anything less than PowerShell 5, except on servers that run other outdated software components that may still require older versions of PowerShell.
This line will tell you whether the PowerShell 2 subsystem is still around:
PS> powershell -version 2.0
Copyright (C) 2009 Microsoft Corporation. All rights reserved.
If this line runs without errors, and launches a PowerShell with copyright “2009”, then you know that the Windows “feature” PowerShell 2 is still enabled. That’s not good. This feature was originally thought to be a fallback environment for scripts that require PowerShell 2. Today, this subsystem is typically not needed anymore, and it has turned out to be an important attack vector for malicious script code because PowerShell 2 has much less security and protective functionality than PowerShell 5. For example, malicious code running in the PowerShell 2 subsystem will not be logged and reported as vigorously to antivirus engines than in PowerShell 5.
Unless you have very good reasons for keeping PowerShell 2, you should remove it. In client operating systems, go to Control Panel, Software, “Turn Windows-Features on or off”, then deselect “Windows PowerShell 2.0”.
On server operating systems, use Remove-WindowsFeature.
ReTweet this Tip!
aalborz ; PowerShell DSC would be a fairly simple way of doing it. Also safer than GPOs...
How can PS 2 be removed in the enterprise? GPO? If so, what is the exact setting?
"an focus on PowerShell 5."
No, you shouldn't, you should be focusing on PowerShell Core.
I work on an offline environment without a direct internet connection; we use SharePoint 2010 (on Windows Server 2008 R2) amongst other things. Can we upgrade PowerShell to a more current version without affecting SharePoint?