Intel Insights: How to Secure PowerShell

Center for Internet Security logo

If PowerShell is not needed, prevent its execution on systems after performing appropriate testing to assess the impact to the environment. This may not always be possible since this is a legitimate tool and has administrative functions. Restrict PowerShell in these cases through execution policy to administrators and execute signed scripts only. Depending on environmental configurations there may be ways to bypass the execution policy. Lastly, to prevent the use of PowerShell for remote execution disable, or at the very least restrict, Windows Remote Management Service.

Click here for the full article