Windows 11/10 预装了PowerShell跨平台工具。这是一个非常重要的工具,只需键入一些简单的命令即可轻松执行多项任务。它允许您运行命令以在设置(Settings)中进行各种更改、解决多个问题、管理功能以及自动化您的工作等。
Windows PowerShell是包含在Windows操作系统中的重要且方便的应用程序。但有时,您可能需要禁用它以避免通过运行恶意命令进行不必要的更改。威胁参与者使用此工具来创建运行恶意脚本并访问文件系统和注册表的恶意软件。换句话说,你可以说这个工具也被一些黑客用来运行恶意命令。
在这种情况下,如果您需要禁用PowerShell应用程序,那么本文将帮助您执行此操作。本文介绍如何使用安全(Security)策略和本地组策略编辑器禁用(Local Group Policy Editor)PowerShell应用程序。让我们详细了解它们。
在 Windows 11/10 上禁用 PowerShell
在继续之前,建议创建一个系统还原点。现在按照以下建议在Windows 10上禁用(Windows 10)Windows PowerShell:
1]使用安全(Security)策略在Windows上(Windows)禁用 PowerShell(Disable PowerShell)
本地安全策略为用户提供了一种在(Security Policy)Windows 10上阻止PowerShell访问的方法。请按照以下说明进行操作:
- 单击 Start(Click Start),键入Local Security Policy,然后从菜单列表中选择结果。
- 转到左侧窗格并展开Software Restriction Policies。
- 右键单击Additional Rules 并选择New Hash Rule选项。
- 如果您找不到展开软件限制策略(Software Restriction Policies )的方法,请右键单击软件限制策略(Software Restriction Policies)并选择新软件限制策略(New Software Restriction Policies)选项。
在New Has Rule窗口中,点击Browse选项。Windows+E键打开文件资源管理器并在地址栏中键入以下路径位置,然后按 Enter:
%SystemRoot%\system32\WindowsPowerShell\v1.0
这将找到PowerShell(PowerShell)的 32 位版本。从列表中选择powershell.exe,然后单击Open > Apply > OK。
禁用 PowerShellISE
如果要在 Windows 10 计算机上禁用PowerShellISE,请从列表中选择 powershell_ise.exe(而不是 powershell.exe)。
在Local Security Policy窗口中,右键单击Software Restriction Policies部分下的Additional Rules ,然后单击 New Hash Rule按钮,然后选择Browse按钮。
再次打开文件资源管理器(File Explorer)并在地址栏中复制粘贴下面给出的路径。然后按Enter键选择 64 位版本的PowerShell。
%SystemRoot%\SysWOW64\WindowsPowerShell\v1.0
在下一页上,向下滚动并选择 powershell.exe 选项,然后单击“打开(Open)”按钮。
注意:(Note:)如果要禁用PowerShellISE ,则需要选择 powershell_ise.exe 选项。
然后单击应用(Apply),然后选择确定(OK)按钮。
完成上述步骤后,重新启动计算机以保存更改。这将禁用您 PC 上的Powershell访问。
2]使用组策略(Group Policy)在Windows上(Windows)禁用PowerShell(Disable PowerShell)
本地组策略编辑器是(Group Policy Editor)Windows 10 专业版(Pro)或企业版(Enterprise)中可用的强大工具,可简化 PC 上的多项任务。那些拥有Windows 11/10专业版(Pro)或企业(Enterprise)版的用户可以使用组(Group)策略工具来阻止PowerShell。按照以下步骤使用组(Group)策略禁用PowerShell :
首先,按Windows+R键盘快捷键打开“运行”(Run)对话框。
键入gpedit.msc并按Enter。在本地组策略编辑器(Local Group Policy Editor)窗口中,导航到以下路径:
User Configuration > Administrative Templates > System
转到右窗格并双击不运行指定的 Windows 应用程序(Don’t run specified Windows applications)策略。
在下一页上,单击启用(Enabled )按钮,如上图所示。然后转到选项(Options )部分并单击显示(Show )按钮。
现在您需要在“值 (Value )”列中打开一个新单元格,键入powershell.exe,然后单击“确定(OK)”按钮。这将禁用PowerShell访问。
您还可以禁用PowerShell ISE界面。为此,请打开一个新单元格,键入powershell_ise.exe,然后单击“确定”按钮。
但是,如果您需要禁用PowerShell 7,请在新单元格中键入pwsh.exe ,然后单击“确定(OK)”按钮。
最后,单击Apply > OK以保存更改。
完成上述过程后,您将无法再访问Powershell。
提示(TIP):这篇文章展示了如何卸载 PowerShell(uninstall PowerShell)。
在 Windows 上禁用 PowerShell 7
如果您的设备上有PowerShell 7,则可以通过从 Windows PC 卸载它来禁用它。以下是您需要遵循的步骤:
- 右键单击开始按钮
- 从高级用户菜单中选择设置。
- 在设置(Settings)应用程序中,单击应用程序(Apps)类别
- 然后从左窗格中选择 应用程序和功能选项。( Apps & features )
- 现在转到右窗格,向下滚动并选择PowerShell应用程序。
- 单击卸载按钮。
- 如果Windows要求您确认,请再次单击“卸载(Uninstall)”按钮。
按照屏幕上的说明卸载此应用程序。它将删除应用程序及其相关数据。这样,您可以禁用用户对PowerShell版本 7 的访问。
阅读下一篇(Read next):如何打开或关闭 Windows PowerShell 脚本执行(How to turn on or off Windows PowerShell script execution)。
How to disable PowerShell in Windows 11/10
Windows 11/10 comes with a pre-installed PowerShell cross-platform tool. This is a very imрortant tool that makes it easy to perform several tasks just by typing some simple commands. It lets you run commands to make variouѕ changes in the Settings, troubleshoot sevеral issues, manage features, and automate your work, etc.
Windows PowerShell is an essential and convenient application included in the Windows operating system. But sometimes, you may need to disable it to avoid making unwanted changes by running malicious commands. This tool is used by a threat actor to create malicious software that runs malicious scripts and accesses the file system and registry. In other words, you can say that this tool is also used by some hackers to run malicious commands.
In such a case, if you need to disable the PowerShell application then this article will help you to do so. This article explains how to disable the PowerShell application using Security policy and Local Group Policy Editor. Let us see them in detail.
Disable PowerShell on Windows 11/10
Before you proceed, it is recommended to create a System Restore point. Now follow the below suggestions to disable Windows PowerShell on Windows 10:
1] Disable PowerShell on Windows using Security Policy
Local Security Policy offers users a way to block PowerShell access on Windows 10. Follow the instructions given below to do so:
- Click Start, type Local Security Policy, and select the result from the menu list.
- Go to the left pane and expand Software Restriction Policies.
- Right-click on the Additional Rules and select the New Hash Rule option.
- If you don’t find the way to expand the Software Restriction Policies then right-click on the Software Restriction Policies and select the New Software Restriction Policies option.
In the New Has Rule window, tap on the Browse option. Now open the file explorer using Windows+E keys and type the following path location in the address bar and press Enter:
%SystemRoot%\system32\WindowsPowerShell\v1.0
This will locate the 32-bit version of PowerShell. Select the powershell.exe from the list and then click Open > Apply > OK.
Disable PowerShellISE
If you want to disable PowerShellISE on your Windows 10 computer, then select powershell_ise.exe (instead of powershell.exe) from the list.
In the Local Security Policy window, right-click on the Additional Rules under the Software Restriction Policies section and click on the New Hash Rule button and then select the Browse button.
Again open the File Explorer and copy-paste the path given below in the address bar. Then press the Enter key to select the 64-bit version of PowerShell.
%SystemRoot%\SysWOW64\WindowsPowerShell\v1.0
On the following page, scroll down and select the powershell.exe option and then click on the Open button.
Note: You need to select the powershell_ise.exe option if you want to disable PowerShellISE.
Then click Apply and then select the OK button.
After completing the above steps, restart your computer to save the changes. This will disable Powershell access on your PC.
2] Disable PowerShell on Windows using Group Policy
Local Group Policy Editor is a powerful tool available in Windows 10 Pro or Enterprise that eases several tasks on PC. Those users with the Pro or Enterprise version of Windows 11/10 can use the Group policy tool to block PowerShell. Follow the below steps to disable PowerShell using Group Policy:
First of all, press the Windows+R keyboard shortcut to open the Run dialog box.
Type gpedit.msc and hit Enter. In the Local Group Policy Editor window, navigate to the path below:
User Configuration > Administrative Templates > System
Go to the right pane and double click on the Don’t run specified Windows applications policy.
On the next page, click on the Enabled button as shown in the above image. Then go to the Options sections and click on the Show button.
Now you need to open a new cell in the Value column, type powershell.exe, and click the OK button. This will disable the PowerShell access.
You can also disable the PowerShell ISE interface. To do so, open a new cell, type powershell_ise.exe, and click the OK button.
However, if you need to disable the PowerShell 7, type pwsh.exe in the new cell and then click the OK button.
In last, click Apply > OK to save the changes.
Once you complete the above process, you will not be able to access Powershell anymore.
TIP: This post shows how to uninstall PowerShell.
Disable PowerShell 7 on Windows
If you have PowerShell 7 on your device, you can disable it by uninstalling it from your Windows PC. Here are the steps you need to follow:
- Right-click on the Start button
- Select Setting from the power user menu.
- In the Settings app, click on the Apps category
- Then select the Apps & features option from the left pane.
- Now go to the right-pane, scroll down and select the PowerShell app.
- Click on the Uninstall button.
- If Windows asks you to confirm, click the Uninstall button again.
Follow the on-screen instructions to uninstall this app. It will remove the app and its related data. This way you can disable the user’s access to PowerShell version 7.
Read next: How to turn on or off Windows PowerShell script execution.