none
Powershell still can be accessed from CMD even i block through Local Policy RRS feed

  • Question

  • Hi, I blocked Powershell and wscript.exe and cscript.exe from Local Group Policy under Software Restriction Policy and Don't run specified windows applications.  But when I launch CMD and run powershell I can access it. Is there any way we can restrict these applications in CMD as well ?

    Thanks.

    Sunday, July 12, 2020 9:35 AM

All replies

  • Hi,

    before we start discussing the merits of AppLocker and such, let me assure you that blocking PowerShell cannot be achieved by these methods. Any application built with .NET has the potential of containing a PowerShell host, and security experts keep demonstrating how you can run a PowerShell host in memory without creating an executable image on disk, which renders all application whitelisting techniques powerless.

    That said, you should be perfectly able to blacklist the built-in powershell.exe by AppLocker.


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Sunday, July 12, 2020 6:19 PM
  • Hi,
    Regarding Windows powershell based issue, I suggest you refer to experts from the following forum to get professional support: 
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverpowershell
    Please let us know if you would like further assistance.  :)
    Best wishes,
    Young Yang 

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, July 13, 2020 6:33 AM
  • Hi,
    As this thread has been quiet for a while, so here is a quick question.Was your issue resolved? 
    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
    If no, please reply and tell us the current situation in order to provide further help.
    Best Regards,
    Yang Yang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 23, 2020 5:35 AM