Whether or not allowing PowerShell to be installed on a Windows desktop constitutes a security risk really depends on your own definition of a "security risk."
There are a couple of different ways of looking at the question. Before I elaborate, let me just say that I have PowerShell installed on my own desktop.
With that said, one way of looking at the question is from the standpoint of the operating system's footprint. There is a longstanding law of computing that basically states that the larger the code base, the greater the chance the code will contain an exploitable security vulnerability. Installing PowerShell does increase the size of an operating system, and therefore theoretically also increases the chances of an exploitable vulnerability existing within the system. In that regard, it's a good idea to avoid installing PowerShell onto users' desktops unless they have a legitimate need for it.
Another way of looking at it is with regard to whether PowerShell will give users a level of access to a system they would not otherwise have. Installing PowerShell does not grant the user additional permissions. However, if a user is well versed in PowerShell he might be able to do things that he would not otherwise be able to do. This is not because PowerShell gives users permissions, but because PowerShell is a highly versatile tool.
One last consideration is whether PowerShell can be exploited by malware. Proof of concept PowerShell-based viruses have been created. However, PowerShell is locked down by default to keep scripts from running. A malicious script would be unable to execute unless an authorized user manually changed the execution policy by using the Set-ExecutionPolicy cmdlet.
In my opinion, PowerShell probably doesn't pose a huge security risk, but it should not be installed unnecessarily.
Answers to your most common Microsoft PowerShell questions
Related Q&A from Brien Posey
While you may want to jump on the data management and protection train, consider first how combining the two in one product will affect your systems ... Continue Reading
Hackers can gain remote access to users' desktops through RDP hijacking. As a result, IT pros must know what they can do to prevent such an attack. Continue Reading
When IT pros are seeking an alternative to Outlook, they should consider the features their users need the most and select an email client that best ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.