Hello all, So we're working on a lockdown policy for our users and I've come across a bit of a problem regarding powershell. It seems that even if you run it without elevated privelages the user can not only view the system drive, but has full access to manipulate files there. This is under a standard user account mind you. On a side note, I also find it odd that I could launch powershell as an administrator under a standard user account without being prompted for credentials. Does anyone have any experience or perhaps a link to a good resource on how to lock down powershell? I don't even see an entry for it in our Group Policy. Thanks

Hello We also found this problem. To resolve, we used File System permissions in Group Policy. In a policy which applies to your computers edit the Computer Config > Windows Settings > Security Settings > File System to modify NTFS permissions for %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe and %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell_ise.exe Remove Users but ensure Administrators is still available. Hope this helps Lee Bowman MCITP MCTS

Darn, I had a feeling that would end up being the best answer after the lack of leads on the net. Thanks Lee. Seems also that despite being able to click on "run as administrator" with UAC off, it simply runs under the user context still... I don't know why they just didn't whack the option.