How to Block PowerShell using Group Policy Editor

Rezolvare problema (Fix IT)

Situatie

Windows PowerShell is a command-line tool that lets users run scripts, modify system settings and even perform basic operating system tasks such as creating folders and text files. Unfortunately, this means an uneducated user could also do a lot of damage with PowerShell. They could inadvertently run a malicious script, purposefully delete system files, or bypass other restrictions.

Solutie

Pasi de urmat
  • Open the Group Policy Editor
  • Press “Start” and then type “gpedit.msc”. Click the top result.

  • Open the “System” folder and double-click “Don’t run specified Windows applications”
  • The System folder can be found under User Configuration > Administrative Templates.

Create your PowerShell GPO

The process to turn off PowerShell is slightly different to Command Prompt as it doesn’t have a dedicated group policy. Instead, switch the policy to “Enabled” and then Click “Show…” next to “List of disallowed applications”.In the “Value” column of the “Show Contents” field, add three rows with each version of PowerShell.
These are:
powershell.exe
powershell_ise.exe
pwsh.exe

Once you’re done, press “OK”.

  • Press ‘OK’ and ‘Apply’ in the main policy window
    You should then test whether Windows PowerShell is disabled. If PowerShell is blocked successfully, you’ll get an error message such as “This app has been blocked by your system administrator”.

If you’re wondering how to enable PowerShell again, just change the policy from “Enabled” to “Disabled”.

Tip solutie

Permanent

Voteaza

(9 din 17 persoane apreciaza acest articol)

Despre Autor

Leave A Comment?