We help IT Professionals succeed at work.

cmd permission

how to disable cmd in domain users environment??????
Comment
Watch Question

Distinguished Expert 2019

Commented:
You can deploy restrictive NTFS permissions using GPOs. You can use software restriction policies or applocker.
https://msdirectoryservices.wordpress.com/2012/01/13/set-ntfs-folder-permissions-using-gpo/
https://docs.microsoft.com/en-us/windows/device.../applocker/applocker-overview
ICT Senior Infraestructure  Engineer  
Commented:
Hi,

Disable CMD can be done(and should) by Active Directory GPO policies.

In the Group Policy window please navigate to User Configuration -> Administrative Templates ->
System and open Prevent access to the command prompt.

http://www.thewindowsclub.com/enable-disable-command-prompt-windows

How to do this to all users/computers in the network:

Edit your GPO and then: User Configuration -> Administrative Templates ->
System and open Prevent access to the command prompt

Global Policies:  https://technet.microsoft.com/en-us/library/cc766291(v=ws.10).aspx

Hope this can help
E ATech Lead

Commented:
How to Disable Run Command using Group Policy Editor:
http://www.itingredients.com/how-to-disable-run-command-using-group-policy-editor/

Check this post having multiple options to get this task done: https://www.sevenforums.com/tutorials/87750-run-command-enable-disable.html

As above suggested, you can use the Windows AppLocker a new feature in Windows that allows you to specify which users or groups can run particular applications in your organization based on unique identities of files: https://technet.microsoft.com/en-us/library/dd759117.aspx

Hope this helps!
Asad RehmanAssistant IT Admin

Author

Commented:
Thanks Bro for the answer .............