Situatie
Windows PowerShell is a command-line tool that lets users run scripts, modify system settings and even perform basic operating system tasks such as creating folders and text files. Unfortunately, this means an uneducated user could also do a lot of damage with PowerShell. They could inadvertently run a malicious script, purposefully delete system files, or bypass other restrictions.
Solutie
Pasi de urmat
- Open the “System” folder and double-click “Don’t run specified Windows applications”
- The System folder can be found under User Configuration > Administrative Templates.
Create your PowerShell GPO
The process to turn off PowerShell is slightly different to Command Prompt as it doesn’t have a dedicated group policy. Instead, switch the policy to “Enabled” and then Click “Show…” next to “List of disallowed applications”.In the “Value” column of the “Show Contents” field, add three rows with each version of PowerShell.
These are:
powershell.exe
powershell_ise.exe
pwsh.exe
Once you’re done, press “OK”.
- Press ‘OK’ and ‘Apply’ in the main policy window
You should then test whether Windows PowerShell is disabled. If PowerShell is blocked successfully, you’ll get an error message such as “This app has been blocked by your system administrator”.
If you’re wondering how to enable PowerShell again, just change the policy from “Enabled” to “Disabled”.
Leave A Comment?