How to disable CTRL-Z in Windows Telnet Server

We run a home-made commande line applications that is executed when someone logs on our telnet server on Windows Server 2003 (we call this .EXE from the login.cmd file).

The user logs with his NT account (he is part of the Telnet Clients Groups). When it logs, our application launches. The user can disconnect by choosing an option in our application. This close the .EXE and the connection. But if the user does CTRL-Z, it ask to terminate the batch job. The user then say Yes and then he has access to the server.

How do we disable CTRL-Z ?
Who is Participating?
You cannot directly modify the behavior of the batch job/cmd prompt.

I have a similar environment where a user can create batch jobs however I have disabled access to the cmd prompt through group policy. During a quick test a moment ago I created a batch [dir c:\ /s] and saved to desktop. As it ran I pressed CTRL+C [not Z] and chose YES to cancel batch job. It immediately stated I do not have access and terminated the access to cmd.exe

You can modify this via group policy:
User Configuration - System - Prevent Access to the command prompt.

You should test this change in a dev environment first and/or change the ACL of the GPO to apply to certain users.

I have many offshore developers and have locked down the Terminal Servers extremely well, and always try defeating my own changes and have it now where security is balanced for their job function. Hopefully this can lead you in a better direction for securing your system.

LanticrogersAuthor Commented:
Thanks I will give it a try
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.