![]() ![]() Step 2 – Create the Device Policy in the Group Policy Editor Later, when you want to quickly enforce the policy on this device, you will open that Windows 10 computer, select the Company Portal app (you do have this installed for every device per the BYOD device enrollment process, right?) and under the settings gear select “Sync.” This will sync the policies in the Endpoint Manager to the local Windows 10 device. Create a new security group and name it with something that makes sense like “Disable PowerShell for Users and Devices.” Add one test device to the new security group. If users never require the use of PowerShell, and they already have local administrative access, then why allow them to have access to this powerful program in the first place? Open the Endpoint Manager and browse to Groups from the home menu tree. I use policy strings with 9’s in them when they contain restrictions, use what makes sense to you.ĭetailed Steps of how to Disable PowerShell in a Microsoft 365 Cloud Only Environment through the Microsoft Endpoint Manager: Step 1 – Create new Security Group in Endpoint Managerīuild the Security Group you will use to restrict devices and users from using PowerShell. The other values must be entered exactly and this string is case sensitive. Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/9000/EXE/Policy where the string value of “9000” is some value that you decide upon that makes sense to you. Finally, roll out the device configuration profile in the Microsoft Endpoint Manager using the following OMI-URI: Important: You will need to edit the XML created in the Group Policy Manager and delete just the elements you need. Use the file hash method and for these two four files found in these locations:Ĭ:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeĬ:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exeĬ:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeĬ:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe Using a Windows 10 computer, use the Group Policy Editor to create a Applocker device policy which blocks the use of the EXE files associated with PowerShell. You could name your security group something like “Disable Powershell for Users and Devices.” I recommend that you add just one test device to this new security group at first for testing purposes before you roll it out to your entire enterprise. ![]() In Endpoint Manager, create a security group which you will use to assign users and devices for which you want to disable PowerShell. This policy will now block the execution of the four files, however if the files are updated the policy will need to reflect the new hash values. That is now reflected below as of September 22, 2021. Note: Thanks to a comment from James B we have revised this procedure to utilize the file hash method instead of the file path method. I highly recommend reading them at his site at: Summary of Steps to Disable PowerShell in a Microsoft 365 Cloud Only Environment through the Microsoft Endpoint Manager: I also wish to thank Alex Fields from ITProMentor who sent me Peter’s article as well as for his very helpful articles on Microsoft 365. Note: I am thankful for the very helpful instructions provided by Peter van der Woude in the article referenced above. ![]() For the latter, just follow these instructions but when you roll out the configuration profile in Microsoft Endpoint Manager but make adjustments by following the config profile creation for Intune per this article: These would also work within a hybrid environment with small adjustments. These instructions were created for Windows 10 devices registered through the BYOD registration method but should also work for the other enrollment methods albeit with slight differences. This article describes how a Microsoft 365 Endpoint administrator can selective disable PowerShell either on a device by device basis or for a group of devices registered through the Microsoft 365 Azure Active Directory. ![]() While this application allows great power for administrators to configure and control their devices it also opens up huge opportunities for hackers to launch malware attacks including the recent spike of ransomware attacks in which the universal element in common was the use of PowerShell. Microsoft’s PowerShell is a powerful scripting application which is built natively into Windows 10 devices. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |