├── Disable-PSv2.ps1
└── README.md


/Disable-PSv2.ps1:
--------------------------------------------------------------------------------
 1 | <# 
 2 | .SYNOPSIS
 3 | 
 4 | This script will disable the PowerShell v2 Engine on Windows 10/Server 2012/16/19, if any other version is detected no changes are made.
 5 | 
 6 | .DESCRIPTION
 7 | 
 8 | This script will disable the PowerShell v2 Engine on Windows 10/Server 2012/16/19, if any other version is detected no changes are made.
 9 | 
10 | Disable-WindowsOptionalFeature does not work correctly when used as a startup script, so instead dism.exe is called directly in this
11 | script.
12 | 
13 | Script flow:
14 | - Check the current OS version.
15 |     - If Windows 10/Server 12/16/19, PowerShell v2 will be disabled.
16 |         - If PowerShell v2 is already disabled, no changes will be made.
17 |     - Any other OS, no changes will be made.
18 | 
19 | Script log data saved to: C:\Windows\Logs\Disable-PSv2-Log.txt
20 | 
21 | This script is designed to be deployed as a Group Policy Startup Script.
22 | Policy: Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown)
23 | Script Name: Disable-PSv2.ps1
24 | Parameters: -ExecutionPolicy Bypass -NonInteractive -NoProfile
25 | 
26 | Author - Rob Willis
27 | Blog post - http://robwillis.info/2020/01/disabling-powershell-v2-with-group-policy/
28 | 
29 | .EXAMPLE
30 | 
31 | C:\PS> powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -WindowsStyle Hidden .\Disable-PSv2.ps1
32 | 
33 | #>
34 | 
35 | # Start logging
36 | $DefaultLogLocation = "C:\Windows\Logs\Disable-PSv2-Log.txt"
37 | Start-Transcript -Path $DefaultLogLocation
38 | 
39 | # Get the current OS version
40 | $OSVersion = (get-itemproperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ProductName).ProductName
41 | # Disable PowerShell v2 based off the OS version
42 | switch -regex ($OSVersion) {  
43 |     "(?i)10|2012|2016|2019" {
44 |         Write-Host "Windows 10/Server 2012/16/19 detected."
45 |         Write-Host "Checking to see if PowerShell v2 is currently enabled..."
46 |         $PSv2PreCheck = dism.exe /Online /Get-Featureinfo /FeatureName:"MicrosoftWindowsPowerShellv2" | findstr "State"
47 |         If ( $PSv2PreCheck -like "State : Enabled" ) {
48 |             Write-Host "PowerShell v2 appears to be enabled, disabling via dism..." 
49 |             dism.exe /Online /Disable-Feature /FeatureName:"MicrosoftWindowsPowerShellv2" /NoRestart
50 |             $PSv2PostCheck = dism.exe /Online /Get-Featureinfo /FeatureName:"MicrosoftWindowsPowerShellv2" | findstr "State"
51 |             If ( $PSv2PostCheck -like "State : Enabled" ) {
52 |                 Write-Host "PowerShell v2 still seems to be enabled, check the log for errors: $DefaultLogLocation"
53 |             } Else {
54 |                 Write-Host "PowerShell v2 disabled successfully."
55 |             }
56 |         } Else {
57 |             Write-Host "PowerShell v2 is already disabled, no changes will be made."
58 |         }
59 |     }   
60 |     "(?i)7|Vista|2008" {
61 |         Write-Host "Detected Windows 7/Vista/Server 2008, no changes will be made."
62 |     }
63 |     default {"Unable to match the OS, no changes will be made."}
64 | }
65 | 
66 | #Stop logging
67 | Stop-Transcript
68 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Disable-PSv2
 2 | Disabling PowerShell v2 with Group Policy
 3 | 
 4 | This script will disable the PowerShell v2 Engine on Windows 10/Server 2012/16/19, if any other version is detected no changes are made.
 5 | 
 6 | Disable-WindowsOptionalFeature does not work correctly when used as a startup script, so instead dism.exe is called directly in this
 7 | script.
 8 | 
 9 | Script flow:
10 | - Check the current OS version.
11 |     - If Windows 10/Server 12/16/19, PowerShell v2 will be disabled.
12 |         - If PowerShell v2 is already disabled, no changes will be made.
13 |     - Any other OS, no changes will be made.
14 | 
15 | Script log data saved to: C:\Windows\Logs\Disable-PSv2-Log.txt
16 | 
17 | This script is designed to be deployed as a Group Policy Startup Script.
18 | 
19 | Policy: Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown)\
20 | Script Name: Disable-PSv2.ps1\
21 | Parameters: -ExecutionPolicy Bypass -NonInteractive -NoProfile
22 | 
23 | Author - Rob Willis\
24 | Blog post - http://robwillis.info/2020/01/disabling-powershell-v2-with-group-policy/
25 | 
26 | Example usage:
27 | 
28 | C:\PS> powershell.exe -ExecutionPolicy Bypass -NoProfile -NonInteractive -WindowsStyle Hidden .\Disable-PSv2.ps1
29 | 


--------------------------------------------------------------------------------