Both the PowerShell and Command Prompt tools may be used to configure various system settings or access various apps. However, most Windows users will never need to use these tools directly. But because they exist and are accessible, it is often recommend to disable them to help prevent a malicious actor from utilizing these dormant tools against said users.
To help increase your cybersecurity it is recommend to toggle off PowerShell on your Windows based PC. You can then toggle PowerShell back on as needed.
Within this article I will show you how to disable (and re-enable) PowerShell on your Windows PC. You may also be interested in my other article on how to disable the Command Prompt on Windows.
Please note that these instructions will make changes to all the programs that depend on the “Don’t run specified Windows applications” policy setting within the Group Policy Editor. For example, if you disable PowerShell using this policy setting, other apps that depend on this policy setting will also be disabled.
With that said, here is how to use the Group Policy Editor to disable PowerShell on your Windows PC:
- Click the Windows Start button and type gpedit.msc (there is no input field, just start typing) and press Enter to open the Group Policy Editor.
- Navigate to User Configuration > Administrative Templates > System.
- Double-click Don’t run specified Windows applications option on the right-hand side pane.
- Select Enabled in the top-left corner and navigate to the Options section at the bottom-left. Click the Show button which should pop-up the Show Contents screen.
- Type powershell.exe below the Value box and then press OK. Next, press Apply and then press OK in the Group Policy Editor window.
PowerShell should now be disabled via the Group Policy Editor, but a restart may be required.
In case you want to re-enable PowerShell, follow these steps:
- Open the Group Policy Editor and navigate to the System option as per the previous steps.
- Double-click on the Don’t run specified Windows applications option.
- Select either Not Configured or Disabled at the top-left corner then click “Apply” then “OK” buttons down below.
PowerShell should now be enabled via the Group Policy Editor, but a restart may be required.
Here’s how to use the Registry Editor to disable PowerShell:
- Click the Windows Start button and type regedit (there is no input field, just start typing) and press Enter to open the Registry Editor.
- From there, copy-paste the following registry location into the address bar at the top of the window and press Enter.
- Click on the Explorer folder under the Policies folder. Note, these “folders” are actually “keys” but because the icon is that of a folder, I call it a folder.
- If the Explorer folder is missing, create it by right-clicking on the Policies folder and selecting New > Key.
- Next, rename the key as Explorer and then press Enter.
- On that you are within the Explorer folder, right-click on a blank space on the right and select New > DWORD (32-bit) Value.
- Name the value: DisallowRun and set the Value data to “1” (one, without the quotes).
- Next we will also need to create a new folder (key) under Explorer called “DisallowRun“. Right-click on Explorer and select New > key. Next, name this key DisallowRun
- Click the DisallowRun key and right-click on a blank space on the right-hand side. Select New > String Value and name the value as “1” (one, without the quotes).
- Next, double-click on this newly-created value and set the Value data as powershell.exe and press the OK button to save.
- Now, you should have a value named “1” with a data value displayed as “powershell.exe“
As previously mentioned, this method will disable all the apps that are in the DisallowRun folder/key.
PowerShell should now be disabled via the Registry Editor, but a restart may be required.
To re-enable PowerShell (or other apps within the DisallowRun key), follow these steps:
- Open the Registry Editor and navigate to the Explorer folder as per the previous steps.
- Double-click the DisallowRun value on the right-side and set the Value data to “0” (zero, without the quotes).
- If you want to enable PowerShell for good, navigate to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
- > DisallowRun and delete the PowerShell string.
PowerShell should now be enabled via the Registry Editor, but a restart may be required.
I hope my article on disabling PowerShell on Windows has helped you increase your cybersecurity. I welcome your thoughts, questions or suggestions regarding this article.
To further increase your cybersecurity protection, you may want to read my other article on how to disable the Command Prompt on Windows.
Let me know if you found any errors within my article or if I may further assist you by answering any additional questions you may have.