When forcing PowerShell to run using its PowerShell 2.0 engine (read: downgrade), none of the advanced security features (such as transcription) are available, since the older .NET Framework v2.0 is loaded.
All machines running Windows 7 and above will have at least PowerShell 2.0.
Up until now, these were the only ways of disabling PowerShell V2 engine:
- Remove the PowerShell 2.0 Engine from the OS (including image) completely or
- Apply application blacklisting (using AppLocker) to deny access to PowerShell 2.0 Engine specific .NET assemblies.
To remove the PowerShell 2.0 Engine from the OS (including image) we could use:
When forcing PowerShell to run using its PowerShell 2.0 engine (read: downgrade), none of the advanced security features (such as transcription) are available, since the older .NET Framework v2.0 is loaded.
All machines running Windows 7 and above will have at least PowerShell 2.0.
How to check if the old engine is enabled:
Get-WindowsOptionalFeature -Online | Where-Object {$_.FeatureName -match "PowerShellv2"}
Output:
Up until now, these were the only ways of disabling PowerShell V2 engine:
To remove the PowerShell 2.0 Engine from the OS (including image) we could use:
Disable-WindowsOptionalFeature –Online -FeatureName MicrosoftWindowsPowerShellV2Root,MicrosoftWindowsPowerShellV2 –Remove
Or even better Raccine way: patch
-version, /version
argumentDowngrade attempt example:
powershell.exe -Version 2.0 -Command {<scriptblock>} -ExecutionPolicy <ExecutionPolicy>