Prevent Applications from running from command prompt.

Posted on 2006-06-26
Medium Priority
Last Modified: 2012-06-21
I may just be spacing here, but I seem to recall a way that there was to prevent applications from being run from the command line.  Here's the situation.  I blocked access to the C: drive and to certain applications on the C: drive using group policy.  I knew that blocking certain applications in group policy would not work from the command prompt, which is why I prevented access to the C: drive.  When you go to start > Run then type c:\, it comes up properly and blocks the drive from coming up.  But when you run cmd.exe, then change drives, the drive is fully accessible.

I really thought there was a way to stop that....and I'm either wrong or I just cannot remember how to do it.  Can anyone offer a quick fix to this?  It seems stupid to block access to everything EXCEPT if you go into the command prompt.

FYI...I don't want to block access to the command prompt simply because the students need access to TCP/IP diagnostic tools for their networking classes.

Thanks in advance!

Question by:jamesreddy
  • 3
  • 2
LVL 30

Expert Comment

ID: 16989092
LVL 30

Accepted Solution

callrs earned 2000 total points
ID: 16989133
The above may not block access to command.com, but this will:

http://www.experts-exchange.com/Operating_Systems/Q_21792248.html     Operating Systems: Disable access to command.com
--> http://www.windowsnetworking.com/articles_tutorials/Software-Restriction-Policies.html   "Using Software Restriction Policies To Keep Games Off Of Your Network"

This solution uses file hash, so that even renaming command.com or running it from a floppy won't work.

Author Comment

ID: 16992016
Thanks for the suggestions folks, but notice the part of my question where I WANT them to have access to the command prompt, but NOT to the applications.  They need access to the command prompt for their classes.

In any event, I figured it out.  It was the software policy portion of group policy.  I created a path statement and a hash statement to be disallowed for the applications I do not want students to use.  They can now no longer execute the program from the command prompt.


Author Comment

ID: 16992041
Since Callrs second link on software policies was the correct answer...I'm awarding him the points.  Thanks for everyone's input.


Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Watch the video to know how one can repair corrupt Exchange OST file effortlessly and convert OST emails to MS Outlook PST file format by using Kernel for OST to PST converter tool. It can convert OST to MSG, MBOX, EML to access them. It can migrate…

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question