Disable access to

Posted on 2006-03-28
Last Modified: 2010-03-16
I work in a school and I am trying to disable access to using Windows Server 2003 with XP clients. I can disable access to cmd but can’t seem to find a way to disable access to command. I have been working on this issue for quite some time but cannot find an answer. I am thinking about deleting the file but am not sure of the outcome. Even if I did delete the file, a user could possibly run it from a floppy. Has anyone else encountered this problem and if so how did they solve it? Any ideas?
Question by:andyward007
    LVL 2

    Accepted Solution

    You should be able to use secpol.msc to block
    This link is written for games but the same idea should apply.
    LVL 8

    Expert Comment

    Yes, an user could run the file from floppy, but if you set a group policy or security policy to prevent the user from running, the user could rename the file to and is able to run the file again, so the only possibility is to disable the 16bit application subsystem through a group policy item.
    User Configuration\Administrative Templates\Windows Components\Application Compatibility

    Prevent access to 16-bit applications -> Enabled

    Relogon with the user, and you will see, cannot be started.

    Author Comment

    That was just what I was looking for. Thanks.
    LVL 10

    Expert Comment

    by:Walter Padrón
    The answers are great, but IMHO you need more security measures than just disabling
    LVL 4

    Expert Comment

    Shhhhhhh...  The students have to have SOME secrets!   :-)

    Author Comment

    Thanks to Dave8555. I have blocked via hash.

    AllocationError - Thanks for your comment but I have tried renaming and as I have blocked the hash, it still cannot run. We unfortunately run some 16 bit apps so blocking these is not an option.

    IMHO - Thanks for the concern. I have used GPOs to configure the security settings and lockdown but have not played with Software Restriction Policies before. I assumed, incorrectly, that software restriction policies prevented all software running except that if it has been given a valid certificate or has been specified as allowed.

    JRS_50 - I am sure the students have plenty of secrets and some of which i'm sure I don't want to know :)

    Thanks alot for everyones feedback.

    Author Comment

    Sorry wpadron - IMHO stuck in my mind

    Author Comment

    Time to leave work.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, ( because one time I did this and I essentially had a bricked …
    #Citrix #POC #XenDesktop #vCenter #VMware #ESX
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now