« previous next »
Pages: [1]

Author Topic: Enable, Disable Command Prompt using GPO or Windows Registry  (Read 720 times)

Online javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35211
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Enable, Disable Command Prompt using GPO or Windows Registry
« on: February 01, 2015, 01:38:03 AM »
To prevent access to the Command Prompt in Window, you can make use of Group Policy settings or edit the Windows Registry, so as to disable the Command Prompt. When you do this, it will prevent users from running the interactive command prompt or CMD.exe. Let us see how we can do it in Windows 8 / 7.

Disable Command Prompt

Using GPO



Open Run box, type gpedit.msc and hit Enter to open the Local Group Policy Editor. Navigate to the following path:

User Configuration/Administrative Templates/System

In the right side pane you will see Prevent access to the command prompt. Double click on it to set the policy. Select Enabled and click Apply/OK.

Quote
This policy setting prevents users from running the interactive command prompt, Cmd.exe.  This policy setting also determines whether batch files (.cmd and .bat) can run on the computer. If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. If you disable this policy setting or do not configure it, users can run Cmd.exe and batch files normally.
Here, you can also Disable the command prompt script processing also, if you wish.

If your version of Windows does not have Group Policy, you can do the following.

Using Registry

Run regedit to open the Registry Editor. navigate to the following registry key:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System

If the Windows or System key is not present, you may be required to create them.

In the right pane, double click DisableCMD and set its value to 0.

If DisableCMD is not present on your system, you may be required to create a new DWORD value, name it DisableCMD and then give it a value 0.

Now if any user were to try to open CMD, they would see a message:

Quote
The command prompt has been disabled by your administrator
Enable CMD

If for some reason, you need to do the reverse, ie. enable the command prompt, simply disable the Prevent access to the command prompt policy setting. In the registry, you may delete the DisableCMD DWORD or set its value to 1.

Hope this helps!

See this post if you want to prevent access to Registry Editor.

twc
Logged

Pages: [1]
« previous next »