Due to the dependencies of the users rights, one important approach for defenders to securing PowerShell is the well-known Principle of Least Privilege. The fewer rights the user has, the smaller the attack surface is; the reduction of the attack surface is probably the best way to increase security in an enterprise environment. Unfortunately, the implementation of this approach is not an easy or a small task and can be sorted under the category of Securing Privileged Access. The problem that comes with PowerShell security is that many enterprise customers tend to have too many admins. There are typical excuses for why they are necessary, but the reality is that these admins only in very rare cases need to have elevated rights. In most cases, laziness when it comes to creating processes and rules is why they still exist. But giving an attacker the chance to make use of PowerShell on a machine where local admin rights have been made available increases their potential drastically!

There are dedicated resources available to start adapting the principle of Least Privilege.