You can restrict access to PowerShell, and here’s how on Windows 10.

Spread the love
  • Yum

On Windows 10, PowerShell is a powerful cross-platform tool that allows you to run scripts and commands to change system settings, manage features, troubleshoot problems, and automate tasks.

Although it is a useful command-line shell, in some situations, you may need to disable it to make sure that users do not make unwanted changes or execute scripts with malicious commands. And other times, you may need to restrict access to PowerShell to comply with the company’s policies.

Whatever the reason it might be, Windows 10 offers multiple ways to disable access to the built-in version of PowerShell or the standalone version of the tool, PowerShell 7.

In this Windows 10 guide, we will walk you through three different ways to disable access to PowerShell, including PowerShell 7.

VPN Deals: Lifetime license for $16, monthly plans at $1 & more

How to block PowerShell access using Group Policy

If you use Windows 10 Pro (or Enterprise), the easiest way to disable access to PowerShell is using the Local Group Policy Editor.

To disable PowerShell on Windows 10, use these steps:

  1. Open Start.
  2. Search for gpedit.msc and select the top result to open the Local Group Policy Editor.
  3. Browse the following path:

    User Configuration > Administrative Templates > System

  4. On the right side, double-click the Don’t run specified Windows applications policy.

    System Don't run specified Windows applications policy

    Source: Windows Central

  5. Select the Enabled option.
  6. Under the “Option”s section, click the Show button.

    Configure Don't run specified Windows applications policy

    Source: Windows Central

  7. In the “Value” column, type powershell.exe to disable the PowerShell experience.

    Group Policy disable PowerShell

    Source: Windows Central

  8. (Optional) In the “Value” column, type powershell_ise.exe in a new cell to disable the PowerShell ISE interface.
  9. (Optional) In the “Value” column, type pwsh.exe in a new cell to disable PowerShell 7.
  10. Click the Apply. button 
  11. Click the OK button.

Once you complete the steps, users will no longer be able to launch and use PowerShell. 

In the case you change your mind, you can roll back the previous settings using the same instructions, but on step No. 5, select the Not Configured option.

We are focusing this guide on disabling PowerShell for all users, but you can also restrict access to the shell for specific users with these instructions.

How to block PowerShell access using Security Policy

Alternatively, you can achieve the same effect using the Local Security Policy console.

To prevent users from launching PowerShell settings up a Local Security Policy, use these steps:

  1. Open Start.
  2. Search for Local Group Policy and click the top result to open the app.
  3. Double-click to expand the Software Restriction Policies branch.
  4. Right-click the “Additional Rules” category, and select the New Hash Rule option.

    Security policy New Hash Rule

    Source: Windows Central

    Quick tip: If the category is not available, right-click the Software Restriction Policies branch and select the New Software Restriction Policies option.

  5. Click the Browse button.

    Configure new hash rule

    Source: Windows Central

  6. Copy and paste the following path in the address bar to locate the 32-bit version of PowerShell and press Enter:

    %SystemRoot%\system32\WindowsPowerShell\v1.0

  7. Select the powershell.exe executable.

    Disable PowerShell with Security Policy

    Source: Windows Central

  8. Click the Open button.
  9. Click the Apply button.
  10. Click the OK button.
  11. Right-click the “Additional Rules” category and select the New Hash Rule option.
  12. Click the Browse button.
  13. Copy and paste the following path in the address bar to locate the 64-bit version of PowerShell and press Enter:

    %SystemRoot%\SysWOW64\WindowsPowerShell\v1.0

    Quick tip: If you want to disable access to PowerShell version 7, then you can create another hash rule with this path: "%SystemRoot%\Program Files\PowerShell\7\pwsh.exe. Or uninstall the app with the steps below.

  14. Select the powershell.exe executable.

    Disable Powershell 64-bit on Windows 10

    Source: Windows Central

  15. Click the Open button.
  16. Click the Apply button.
  17. Click the OK button.
  18. Restart the computer.

After you complete the steps, users will no longer be able to launch the 32-bit or 64-bit version of PowerShell.

Disable access PowerShell ISE

Although the above steps can restrict access to the command-line tool, users can still get around this limitation using the PowerShell ISE interface. However, you can also disable access to this tool with the Local Security Policy app.

To disable access to PowerShell ISE, use these steps:

  1. Open Start.
  2. Search for Local Group Policy and click the top result to open the app.
  3. Double-click to expand the Software Restriction Policies branch.
  4. Right-click the “Additional Rules” category, and select the New Hash Rule option.

    Security policy New Hash Rule

    Source: Windows Central

  5. Click the Browse button.

    Configure new hash rule

    Source: Windows Central

  6. Copy and paste the following path in the address bar to locate the 32-bit version of PowerShell ISE and press Enter:

    %SystemRoot%\system32\WindowsPowerShell\v1.0

  7. Select the powershell_ise.exe executable.

    Disable Powershell ISE 32-bit

    Source: Windows Central

  8. Click the Open button.
  9. Click the Apply button.
  10. Click the OK button.
  11. Right-click the “Additional Rules” category and select the New Hash Rule option.
  12. Click the Browse button.
  13. Copy and paste the following path in the address bar to locate the 64-bit version of PowerShell and press Enter:

    %SystemRoot%\SysWOW64\WindowsPowerShell\v1.0

  14. Select the powershell_ise.exe executable.

    Disable PowerShell 64-bit

    Source: Windows Central

  15. Click the Open button.
  16. Click the Apply button.
  17. Click the OK button.
  18. Restart the computer.

Once you complete the steps, the built-in version of PowerShell ISE will no longer be accessible.

If you want to revert the changes, you can use the same instructions outlined above, but on step No. 4, right-click each hash rule you created, select the Delete option, and restart the computer.

How to block PowerShell 7 access uninstalling app

If the device also has PowerShell 7, you can restrict access by removing the app from Windows 10.

To uninstall PowerShell 7, use these steps:

  1. Open Settings.
  2. Click on Apps.
  3. Click on Apps & features.
  4. Under the “Apps & features” section, select the PowerShell app.
  5. Click the Uninstall button.

    Windows 10 block PowerShell 7 by uninstalling

    Source: Windows Central

  6. Click the Uninstall button again.
  7. Continue with the on-screen directions (if applicable).

After you complete the steps, no one will have access to PowerShell version 7 since it’s no longer installed on the device. Of course, you can always download and install the app again.

If you are trying to prevent users from making unwanted system changes, in addition to restricting access to PowerShell, you can also disable Command Prompt, Task Manager, and Registry. Furthermore, you can even try switching the account type to “Standard User” to prevent users from making system changes and make the account more secure. However, users will still have access to PowerShell, Command Prompt, and Task Manager to perform some common tasks.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

Leave a Reply

%d bloggers like this: