Restricting Powershell to only be used by domain admins

I need to use Group Policy to make it so that only domain admins can run and use powershell. I have tried to use the "Don't run specified Windows applications," however it only blocks use through Windows Explorer/Start Menu/Run.. - I can still open a CMD and run Powershell within in.

Is there a way to make it so that no normal user can use Powershell?
Matthew EilersI.T. SpecialistAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tom CieslikIT EngineerCommented:
I think that Powershell is some kind of command prompt software.
Maybe I'm mistaken but if I'm not you can disable Command Prompt in GPO and assign it to some group (except domain admins)
I need to test this but you can test it for yourself.

User Cfg - Admin Templates - System - Prevent access to the command prompt
To make sure policy will be applied, make sure you'll assign appropriate rights in delegation
Mike TLeading EngineerCommented:

#1 - Don't login and do ANYTHING as Domain Admin, ever, *unless* you are working on a Domain Controller
#2 - Disabling PowerShell is not a good solution to security
#3 - goto 1!

Your best bet is to remove the ability to launch either CMD.exe or PowerShell.exe by deleting the entry point - aka the icons, from users' machines.
If you want to restrict running them too than AppLocker is the solution but part of a bigger picture.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PberSolutions ArchitectCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

-- Mike T (https:#a42378200)
-- Sarang Tinguria (https:#a42377737)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Experts-Exchange Cleanup Volunteer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.