• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 118
  • Last Modified:

Server 2012 R2 File Explorer


We are just starting to roll out Citrix XenApp Desktops and have noticed that if you allow access to 'File Explorer' the users are able to open a 'Command Prompt' from the 'File' menu on the ribbon.  Is there a way we can either turn off the ribbon or disable the 'Command Prompt' shortcut on the ribbon?  We have already set the ribbon to start minimized but this does not stop the users from clicking on the links at the top and opening the menus.

2 Solutions
Sekar ChinnakannuStaff EngineerCommented:
You try same using gpo User Configuration\Administrative Templates\System or you can try the same via registry...
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System -> Select  DisableCMD and set value to 0.
Moto_SystemsAuthor Commented:
Thanks for the suggestion but due to some software that we use we are not able to disable the CMD, so would just like to hide the link.

James RankinCommented:
You could use appsense environment manager's lock down tool to disable this entry point, but there is a licensing cost involved.
AndyIt ConsultantCommented:
Hiding it won't help, there are other ways to break out such as:

create a shortcut on the desktop to cmd.exe
using task manager file open to run cmd

anyone looking up 'breakout citrix' will find numerous ways to run cmd or other tools (such as powershell) as well as bypassing other restrictions:

It's risk vs compromise

I  agree, AppSense can help a lot but it's pricey.
James RankinCommented:
If you need the command prompt, but don't want users to be able to run it - what are you worried they will do from the command prompt? As long as they're not administrators, then most of the damaging functions should be unavailable.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now