Windows 10 provides the following CLIs: Command Prompt and PowerShell. Windows PowerShell is a powerful tool for users to install and manage Windows, troubleshoot problems, and do advanced configuration. PowerShell can also be used to automate tasks and perform tasks that would normally take a long time to complete in a graphic user interface.
Sometimes, PowerShell can be used for bad purposes as well. It can be utilized to perform automated malicious tasks and effectively infect devices across an entire network.
In some environments, it may be advisable to disable PowerShell, particularly if you believe an individual is not using PowerShell for everyday tasks.
This article explores two ways through which you can disable Windows PowerShell on your computer so that it does not become abused.
Disable PowerShell in Windows 10 using Group Policy
On Windows 10, you can also manage your PC with tools like Group Policy Editor.
Tip: If you are a Windows 10 Home Edition user, follow this guide to install the Group Policy Editor.
You can use the Group Policy Editor to disable Windows PowerShell on your PC, here is how:
- Launch the Group Policy Editor by typing in gpedit.msc in Run.
- Now navigate to the following from the left pane:
User Configuration -> Administrative Templates -> System
- Now look in the right pane for Don’t run specified Windows applications. Double-click it.
- In the pop-up window, select the Enabled radio button. Then, click on Show under Options.
- In the new Show Contents popup window, type in powershell.exe under the Value column. You can also type in powershell_ise.exe and pwsh.exe to disable the Integrated Scripting Environment (ISE) which is the host application for PowerShell.
Click OK when done.
- Close the Don’t run specified Windows application window by clicking Apply and OK.
- Now type in gpupdate /force in Command Prompt to enforce the changes made to the Group Policy.
Now try launching PowerShell from the Start Menu but it won’t work, because the PowerShell Core (pwsh.exe) has also been disabled and launching it via the Run menu will prompt you with the following:
If at any point you wish to re-enable PowerShell, simply return to the same location within the Group Policy Editor, double-click Don’t run specified Windows application, and select the Disabled or Not Configured radio button.
Disable PowerShell in Windows 10 using Local Security Policy
The Local Security Policy Editor in Windows 10 allows users to manage their security protocols across users as well as the entire computer.
Tip: If you are a Windows 10 Home Edition user, follow this guide to install the Security Policy Editor.
Here is how you can disable Windows PowerShell using the Security Policy Editor:
- Launch the Local Security Policy Editor by typing in secpol.msc in Run.
- Right-click Software Restriction Policies in the left pane and click New Software Restriction Policies from the context menu.
- Now right-click Additional rules and then click New Hash Rule from the context menu.
- In the New Hash Rule window, click Browse.
- In the browsing window, enter the path given below in the address bar:
- Now select powershell.exe from your current working directory.
At this point, you can also select powershell_ise.exe to disable ISE. In order to disable both, repeat steps ____ and select the other one.
- Now back on the New Hash Rule window, click Apply and OK.
- Now restart your computer for the changes to take effect.
Trying to run disabled content (PowerShell or PowerShellISE) will result in the following prompt:
If you want to re-enable Windows PowerShell or ISE, simply re-open the Local Security Policy Editor and click Additional Rules on the left pane. Now, right-click the Hash Rules you have created in the right pane and click Delete from the context menu.
If a confirmation dialog box appears, click Yes. Now all you need to do is reboot your computer to re-enable Windows PowerShell when required.
Disable PowerShell 7 in Windows 10
If you have PowerShell 7 on your Windows 10 device, then the method to remove it from your PC would be a bit different than the ones above. PowerShell 7 can be considered an application. Hence, you can remove it using the Settings app. Here is how to do so:
- Navigate to the following location:
Start Menu -> Settings -> Apps -> Apps and features
- Now scroll down and click on PowerShell 7.
- Now click Uninstall.
Now, trying to launch PowerShell 7 will result in a prompt stating that it could not find it. However, if you ever need it in the future, click this link to download the latest standalone version of PowerShell.
Windows PowerShell is a powerful tool that not everybody should use. It may appear complicated for some, but it is also an avenue for malicious activity for others.
It may be good practice for the IT administrators to only enable PowerShell when they are using a device while disabling it for the other standard users.