Disable or Remove Windows PowerShell 2.0
Ensure the outdated PowerShell 2.0 is disabled or uninstalled for security.
Plain language
PowerShell 2.0 is an outdated version of a tool used to automate tasks and manage computer systems. If it remains active on your system, it can expose you to security risks because it's more prone to attacks by hackers trying to exploit its old flaws. Removing or disabling it helps protect your computers from potential threats.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML3
Official control statement
Windows PowerShell 2.0 is disabled or removed.
Why it matters
If PowerShell 2.0 remains enabled, attackers can abuse weaker logging and legacy features, reducing detection and bypassing newer PowerShell protections.
Operational notes
Audit Windows Features and GPO/registry settings to confirm PowerShell 2.0 is disabled/removed; alert and remediate immediately if v2 is re-enabled.
Implementation tips
- The IT team should identify all computers and servers running Windows in the organisation. They can do this by scanning the network for devices and checking their software versions. This will highlight which systems might still have PowerShell 2.0 installed.
- Once systems with PowerShell 2.0 are identified, the IT team should remove or disable it. They can perform this action by accessing the system settings or using a software management tool to uninstall or turn off this old version, ensuring it cannot be used.
- IT managers should educate staff about the risks of running outdated software like PowerShell 2.0. This can be done through brief training sessions that explain why older software versions are riskier and how newer versions provide better security.
- The IT team should install a more secure version of PowerShell on all systems that require it. This involves downloading the latest version from a trusted source and following installation procedures to ensure it's correctly set up and ready for use.
- IT staff should regularly review system software and update it as required. Setting up a schedule to periodically check all installed programs ensures older, vulnerable software is promptly replaced with safer, updated versions.
Audit / evidence tips
-
Aska list of all systems within the organisation and what version of PowerShell each is running
Goodis documentation showing an absence of PowerShell 2.0 across all devices
-
Goodoutlines clear, periodic review processes and actions for outdated software removal
-
Askdocumentation of any training given to staff about software security best practices
Goodshows training was offered regularly and covers the need to avoid legacy software
-
Goodprovides evidence of current PowerShell versions being used after PowerShell 2.0 removal
-
Askthe results of any recent network scans targeting software versions
Goodshows results confirming systems are free of legacy PowerShell 2.0 installations
Cross-framework mappings
How ISM-1621 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| E8-AH-ML3.1 | E8-AH-ML3.1 requires organisations to disable or remove legacy .NET Framework versions (3.5/3.0/2.0) to reduce the attack surface from ou... | |
| handshake Supports (2) expand_less | ||
| E8-AH-ML2.11 | ISM-1621 requires organisations to disable or remove Windows PowerShell 2.0 to remove an older execution environment that can evade moder... | |
| E8-AH-ML3.3 | ISM-1621 requires organisations to disable or remove Windows PowerShell 2.0 so PowerShell cannot fall back to a legacy engine with reduce... | |
| link Related (1) expand_less | ||
| E8-AH-ML3.2 | E8-AH-ML3.2 requires organisations to ensure Windows PowerShell 2.0 is disabled or removed to reduce exposure to legacy scripting capabil... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.