News

Microsoft Suggests Slow Death Coming for PowerShell 2.0

• By Kurt Mackie
• 08/25/2017

Microsoft this week indicated that it might take some time before Windows PowerShell 2.0 will get removed, even though organizations should still be working to get rid of it as a potential security hazard.

Last month, Microsoft gave notice that it is planning the deprecation of PowerShell 2.0, starting with the release of the Windows 10 "fall creators update," which is expected to arrive next month or in October. The "deprecation" word, in Microsoft's parlance, means that the company is not planning to put future software development efforts into the product. A deprecated product that's installed continues to function, but it doesn't necessarily get updated.

PowerShell 2.0 currently lacks security protections, such as audit logging, that were built into later versions. Organizations should stop using it, Microsoft has advised.

Instead of using PowerShell 2.0, organizations should move to using Windows PowerShell 5.1 or newer versions, including Windows PowerShell Core 6.0. PowerShell Core 6.0 is the more basic form of the scripting language and it is being groomed as the mainline successor product, supplanting PowerShell 6.0, which never made it out of the beta test stage. Those PowerShell roadmap plans were outlined by Microsoft last month.

This week, Microsoft clarified in an announcement that "we do not currently have a timeline to remove Windows PowerShell 2.0." Moreover, the company plans to "give plenty of notice" to the public when PowerShell 2.0 removal will take place. Exactly how much time in advance the notice might appear wasn't indicated, but it'll be announced in a Windows support article like this one, or in the PowerShell team blog.

It also turns out that while Microsoft wants organizations to get rid of it, there are still a bunch of Microsoft software products out there that have PowerShell 2.0 dependencies. Consequently, Microsoft won't remove PowerShell 2.0 until those product dependencies are gone, the announcement indicated:

There are a number of first-party Microsoft applications that continue to use Windows PowerShell 2.0 under the hood, including some System Center applications, some versions of SQL Server, some versions of Exchange, and others. We will be working with these teams over the coming months to migrate them off of Windows PowerShell 2.0. In the meantime, Windows PowerShell 2.0 will remain a part of Windows 10 and Windows Server 2016, and we have no plans to remove it until those dependencies are mitigated.

The above statement seems to imply that if Microsoft should release the Windows 10 fall creators update next month, it may still contain support for PowerShell 2.0 if those other product dependencies haven't been cleared up by that time.

For IT pros, getting rid of PowerShell 2.0 is a somewhat involved affair. PowerShell versions are tied to certain .NET Framework releases, and while organizations may have upgraded Windows and .NET Framework over the years, Microsoft still kept PowerShell 2.0 in there to maintain compatibility with older applications.

IT pros have to check if their computing environments are still using PowerShell 2.0 in some way. Microsoft's announcement offered a few PowerShell scripts to detect its use. If PowerShell 2.0 is being used, organizations can try seeing if scripts will still work when it's removed. The potentially problematic cases might arise when a script specifically calls out PowerShell 2.0 use. For instance, the script may have used a "#requires -version 2" specification, Microsoft noted.