Reasons to disable the command prompt for normal users

Hi Experts,

Are there any security reasons for disabling the command prompt for users in a domain?
LVL 7
SvenIAAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SvenIAAuthor Commented:
Thanks i found that first hit on Google myself. I was looking for peoples opinions on this topic. And also for more specific reasons. Why should i, or should i not disable the command prompt for domain users?
Kanti PrasadCommented:
Hi SvenIA

Try this it will give you the pros and cons
http://www.tweakandtrick.com/2013/08/enable-command-prompt.html
SD-WAN: Making It Work for You

As bandwidth requirements and Internet costs grow, businesses naturally want to manage budgets by reducing reliance on their most expensive connection types. Learn more about how to make SD-WAN work for your business in our on-demand webinar!

JohnBusiness Consultant (Owner)Commented:
If the user is a Standard User, they cannot run an Admin Command prompt, so they are restricted in what they can do anyway.

Do you perceive a problem?  I do not have any issues at my clients.
Kanti PrasadCommented:
As cmd will be executed only after getting through any firewall in organizations there will not be any particular security threat from outside by enabling cmd.
In general controlling bat command execution (cmd execution), users directories with read only read-write access is the best way to control users not doing anything by accident.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
Theoretically, there could be flaws in cmd.exe that could be exploited so that the user could do things on his own machine that you might not want. But that would be bugs that will get fixed, normally. I have not heard of this occurring often and cannot remember when it happened for the last time.
This would mean they could maybe extend their local privileges. That what of course not meant they could do anything to other remote systems,

Since it is possible that your users might need the command prompt some day, I would not block it unless you are perfectly sure that they don't.
SvenIAAuthor Commented:
Thanks for the help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.