Q: I want to disable PowerShell, because I'm concerned about the scope of its capabilities. Should I disable it?
A: Simply put, No! PowerShell runs as a user-mode application, which means it can only do what the user himself can do. If you disable PowerShell, a user can still accomplish the same actions; he will just use another method to accomplish tasks, such as the command prompt, tools, scripts, and so on. In addition, PowerShell is a huge benefit for the IT department to perform management. Disabling PowerShell actually reduces your capability to monitor and manage your environment, making it more susceptible to attack.
Although PowerShell can be used to perform any function, this is only possible if the user running PowerShell has those permissions. PowerShell doesn't open up any "back doors."
