Ensure Windows PowerShell 2.0 is disabled or removed
Disable or remove Windows PowerShell 2.0 to enhance security.
Plain language
Disabling or removing Windows PowerShell 2.0 helps protect your systems from attackers who might exploit weaknesses in this outdated software version. It reduces the risk of malicious software and hackers using old PowerShell features to cause harm.
Framework
ASD Essential Eight
Control effect
Proactive
E8 mitigation strategy
Application hardening
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML3
Official control statement
Windows PowerShell 2.0 is disabled or removed.
Why it matters
If PowerShell 2.0 remains enabled, attackers can use the legacy engine to evade modern script logging and security controls, increasing compromise risk.
Operational notes
Audit Windows Features/optional components and GPO to confirm PowerShell 2.0 is removed/disabled and only newer PowerShell versions are in use.
Implementation tips
- System Administrator: Identify all systems running PowerShell 2.0 across your organisation by using asset management tools that list installed software.
- IT Team: Remove PowerShell 2.0 from identified systems by using the 'Turn Windows features on or off' settings in the Control Panel, ensuring newer versions of PowerShell remain available.
- System Administrator: Ensure that scripts and tools compatible with newer PowerShell versions are used by updating any business processes reliant on PowerShell 2.0.
- Security Officer: Communicate the removal or disabling of PowerShell 2.0 to all staff, explaining the security benefits and providing guidance on using newer PowerShell versions.
- IT Team: Set up automated updates for PowerShell to make sure the platform remains up-to-date, leveraging configuration management tools like Group Policy.
Audit / evidence tips
-
AskCan you confirm that Windows PowerShell 2.0 is no longer in use on your systems?
-
GoodThere is no listing for PowerShell 2.0 in the installed features; only newer versions are active
-
AskHow has the organisation confirmed the removal of PowerShell 2.0?
-
GoodReports demonstrate that procedures were implemented and completed to remove PowerShell 2.0 from all systems
Cross-framework mappings
How E8-AH-ML3.2 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.9 | E8-AH-ML3.2 requires organisations to implement a specific secure configuration by disabling or removing Windows PowerShell 2.0 | |
ASD ISM
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (4) expand_less | ||
| ISM-0380 | E8-AH-ML3.2 requires organisations to disable or remove Windows PowerShell 2.0 as a specific hardening action | |
| ISM-1247 | E8-AH-ML3.2 requires organisations to disable or remove Windows PowerShell 2.0 | |
| ISM-1470 | E8-AH-ML3.2 requires organisations to disable or remove Windows PowerShell 2.0 specifically | |
| ISM-1914 | E8-AH-ML3.2 requires organisations to disable or remove Windows PowerShell 2.0 on Windows systems | |
| sync_alt Partially overlaps (2) expand_less | ||
| ISM-1246 | ISM-1246 requires server applications to be hardened with ASD and vendor guidance, applying the most restrictive guidance where conflicts... | |
| ISM-1655 | E8-AH-ML3.2 requires organisations to disable or remove Windows PowerShell 2.0 to reduce attack surface and weaken common living-off-the-... | |
| handshake Supports (2) expand_less | ||
| ISM-1584 | E8-AH-ML3.2 requires organisations to disable or remove Windows PowerShell 2.0 | |
| ISM-1622 | ISM-1622 requires PowerShell to use Constrained Language Mode to reduce capability available to scripts and interactive sessions | |
| link Related (4) expand_less | ||
| ISM-1409 | ISM-1409 requires operating systems to be hardened in accordance with ASD and vendor hardening guidance, applying the most restrictive gu... | |
| ISM-1621 | E8-AH-ML3.2 requires organisations to ensure Windows PowerShell 2.0 is disabled or removed to reduce exposure to legacy scripting capabil... | |
| ISM-1798 | ISM-1798 requires producing and providing secure configuration guidance (hardening/loosening) for consumers | |
| ISM-1858 | ISM-1858 requires IT equipment to be hardened in accordance with ASD and vendor guidance, prioritising the most restrictive requirements | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.