Link to home
Start Free TrialLog in
Avatar of GCITech
GCITech

asked on

easiest way to disable calculator on a domain user, at AD login. It can stay disabled for other users, if necessary.

I want to rename calc.exe to calc.inop. using the login batch file for the user. (Actually all elementary users use this same user account, so it is being applied to a group)

I added this to their login batch file that pushes shortcuts to desktop:

if exist c:\windows\system32\calc.inop echo Now Exiting && Exit
takeown /F c:\windows\system32\calc.exe
pause
icacls c:\windows\system32\calc.exe /grant empire\administrator:(D,WDAC) /Q
pause
ren c:\windows\system32\calc.exe calc.inop


I added the pauses so I can see where is erroring. Looks like the batch file needs to run elevated. I know about making a shortcut to the batch file, and making it run elevated, but I don't know how to point login to said shortcut. 



ASKER CERTIFIED SOLUTION
Avatar of NVIT
NVIT
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Why wouldn't you just remove NTFS permissions for the calc.exe application instead?