News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Windows 10 PowerShell Security Bug? Can start PowerShell although it’s blocked

    Home Forums Developers, developers, developers DevOps Lounge Windows 10 PowerShell Security Bug? Can start PowerShell although it’s blocked

    This topic contains 4 replies, has 2 voices, and was last updated by  anonymous 1 week, 3 days ago.

    • Author
      Posts
    • #1976915 Reply

      anonymous

      Hy,

      I’m from Germany and Woody told me that I should ask my question here.

      I didn’t find anything on the web so far (or maybe I’m just blind :D).
      Here is the case: It’s about PowerShell.

      I blocked it completely via GPO. I used software restriction (path and hash policies). And the policies work. When I try to start PowerShell I get the message “This app has been blocked…”. That’s perfect!

      But there is one case where Windows is ignoring anything (see screenshot 1 and 2 below) and allows me to start PowerShell although it’s blocked.

      When I go to Settings –> Update & Security –> For developers –> down to PowerShell –> Show settings
      Screenshot 1: https://drive.google.com/open?id=1LZhA-Aegjy7RyuiKOYPvJOIE5KCzgpRe

      PowerShell is disabled for every user (even for admins)… but when I click on this “Show settings”-button… PowerShell starts (see screenshot 2).
      Screenshot 2: https://drive.google.com/open?id=1qGf6wigo4xhe-sy-CZRPVXqIGislOK6L

      It’s with Win10 Pro 1803 (running CU: KB4516058) and Win10 Pro 1809 (running CU: KB4512578).

      Can you confirm this issue? Or is it just me? 😀

      Best regards
      Alex

    • #1977213 Reply

      RetiredGeek
      AskWoody MVP

      Alex,

      From what I can see from your screen shots you have not blocked PowerShell from starting only from running scripts (programs) that are downloaded. Thus, you can start PowerShell and issue interactive commands in the PS Command Shell and/or write scripts locally and run them.

      Now, per your OP you have instituted the GPO’s as shown it this article correct?
      Have you rebooted since making the changes?
      Could you post screen shots of your GPO’s?

      HTH 😎

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

    • #1977230 Reply

      RetiredGeek
      AskWoody MVP

      Alex,

      Further investigation negates some of what I said above. Yes, clicking on the show settings does take you the PowerShell command shell. However, you are still restricted to your set policies as per:

      PSExecutionPolicys

      Thus as stated you can’t run external scripts only locally written ones, external ones that have been intentionally unblocked, and local interactive commands.

      You may what to check into this article for other security options for newer versions of PowerShell.

      HTH 😎

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      Attachments:
    • #1977544 Reply

      anonymous

      Hy and thank you very much for your help, Sir!

      And yes, I did it as shown in your link: https://www.top-password.com/blog/disable-powershell-with-software-restriction-policies-gpo/

      And when I click on PowerShell or copy PowerShell to a different place and try to start it, Windows shows me this message which is fine.

      But PowerShell still starts when I do it the way I described above.

      Here is a screenshot of my gpo (computer policy): https://drive.google.com/open?id=1TMpEf9ZOaFOw8BvmzgO8y4fuOcPxMKaX

       

      Best regards

      Alex

    • #1977613 Reply

      anonymous

      I summarized everything in a PDF file: https://drive.google.com/open?id=1LFwgDg0hfmtNADbnsAnDACdOZFrLmv51

      This morning I tested it with different Windows 10 Builds. Even OS Build 1909 seems to have it.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Windows 10 PowerShell Security Bug? Can start PowerShell although it’s blocked

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.