Disable access to command.com

I work in a school and I am trying to disable access to command.com using Windows Server 2003 with XP clients. I can disable access to cmd but can’t seem to find a way to disable access to command. I have been working on this issue for quite some time but cannot find an answer. I am thinking about deleting the file but am not sure of the outcome. Even if I did delete the file, a user could possibly run it from a floppy. Has anyone else encountered this problem and if so how did they solve it? Any ideas?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You should be able to use secpol.msc to block command.com.
This link is written for games but the same idea should apply.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Yes, an user could run the file from floppy, but if you set a group policy or security policy to prevent the user from running command.com, the user could rename the file to comm.com and is able to run the file again, so the only possibility is to disable the 16bit application subsystem through a group policy item.
User Configuration\Administrative Templates\Windows Components\Application Compatibility

Prevent access to 16-bit applications -> Enabled

Relogon with the user, and you will see, command.com cannot be started.
andyward007Author Commented:
That was just what I was looking for. Thanks.
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

Walter PadrónCommented:
The answers are great, but IMHO you need more security measures than just disabling command.com
Shhhhhhh...  The students have to have SOME secrets!   :-)
andyward007Author Commented:
Thanks to Dave8555. I have blocked command.com via hash.

AllocationError - Thanks for your comment but I have tried renaming command.com and as I have blocked the hash, it still cannot run. We unfortunately run some 16 bit apps so blocking these is not an option.

IMHO - Thanks for the concern. I have used GPOs to configure the security settings and lockdown but have not played with Software Restriction Policies before. I assumed, incorrectly, that software restriction policies prevented all software running except that if it has been given a valid certificate or has been specified as allowed.

JRS_50 - I am sure the students have plenty of secrets and some of which i'm sure I don't want to know :)

Thanks alot for everyones feedback.
andyward007Author Commented:
Sorry wpadron - IMHO stuck in my mind
andyward007Author Commented:
Time to leave work.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.