cmd permission

how to disable cmd in domain users environment??????
Asad RehmanAssistant IT AdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
You can deploy restrictive NTFS permissions using GPOs. You can use software restriction policies or applocker.
https://msdirectoryservices.wordpress.com/2012/01/13/set-ntfs-folder-permissions-using-gpo/
https://docs.microsoft.com/en-us/windows/device.../applocker/applocker-overview
0
Luciano PatrãoICT Senior Infraestructure  Engineer  Commented:
Hi,

Disable CMD can be done(and should) by Active Directory GPO policies.

In the Group Policy window please navigate to User Configuration -> Administrative Templates ->
System and open Prevent access to the command prompt.

http://www.thewindowsclub.com/enable-disable-command-prompt-windows

How to do this to all users/computers in the network:

Edit your GPO and then: User Configuration -> Administrative Templates ->
System and open Prevent access to the command prompt

Global Policies:  https://technet.microsoft.com/en-us/library/cc766291(v=ws.10).aspx

Hope this can help
2

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ajit SinghCommented:
How to Disable Run Command using Group Policy Editor:
http://www.itingredients.com/how-to-disable-run-command-using-group-policy-editor/

Check this post having multiple options to get this task done: https://www.sevenforums.com/tutorials/87750-run-command-enable-disable.html

As above suggested, you can use the Windows AppLocker a new feature in Windows that allows you to specify which users or groups can run particular applications in your organization based on unique identities of files: https://technet.microsoft.com/en-us/library/dd759117.aspx

Hope this helps!
1
Asad RehmanAssistant IT AdminAuthor Commented:
Thanks Bro for the answer .............
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.