Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


rootfixxxer

Disable CMD.exe

Recommended Posts

How can i disable the command prompt for all users using the registry?

I know how to do this in the control panel, but i want that the command prompt be disable by default.

And by the way there«s any way to prevent users to run the taskkill?

Share this post


Link to post
Share on other sites

Go to run and type "gpedit.msc' and enter.

From here you can do what ever you want. You can restrict the user to use task.

you can disable cmd and task kill also from here.

Share this post


Link to post
Share on other sites

Like i said before i know how to do that in the control panel!

What i need it's a reg tweak or a command to do this without using the windows gui!

Thanks anyway

Share this post


Link to post
Share on other sites

Use a tool such as regsnap to take registry snapshots before and after a change. You don't need to ask for help, you can DIY

-gosh

Share this post


Link to post
Share on other sites

Disable cmd prompt:

(HKLM or HKCU)\\Software\\Policies\\Microsoft\\Windows\\System

DisableCMD=DWORD

set to 1 to disable the cmd prompt but allow batch files.

Set to 2 to disable cmd and batch files

Disable Task Manager:

(HKLM or HKCU)\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System

DisableTaskManager=DWORD

Set to 1 to disable

Share this post


Link to post
Share on other sites

Ok, i got if, you need only the registry tweak to disable your CMD command & Batch file to run... ok here is it

Open registry typing regedit command in run then goto

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System

create a REG_DWORD file and give "DisableCMD" name

Now: if you want to disable CMD & Batch then give value=1

If you want to disable only CMD but not batch then give value=2

If you want to allow both of them then give the value=0 (default)

I hope it will solve your prob.

Share this post


Link to post
Share on other sites

No, i don't think so, if it exist then i don't know..

But you can do 1 think. you can rename cmd.exe found in \windows\system32

If you want then create a batch file to rename that file at startup then no user can run cmd command, if any one need to run then they should re-rename file to cmd.

Share this post


Link to post
Share on other sites

Yes, it DOES work. Trust me ;)

I'll make a reg file to do it for you for all users.

If you want to do it for one individual user, it's a bit more complicated. You'll need to load their hive and edit it from there as if it were HKCU.

There is an MS KB article on it. To load that user's hive, open regedit, click on HKEY_USERS, open the file menu, click "Load Hive". No, navigate to that user's folder, usually C:/Documents and Settings/thatusername. Click on NTUSER.DAT and click ok. Name the key whatever; they're username works well. Now navigate to HYEK_USERS\\ThatKey\\Software\\Policies\\Microsoft\\Windows\\System. Right-click and choose New -> DWORD value, then double-click it. Set it to 1 to allow batch files to run, but not the command prompt, or 2 to disable the command prompt and batch files completely. (It's not the other way around, I checked.) Then, MAKE SURE TO UNLOAD THAT HIVE!!! This is CRITICAL, because if you don't, then when they log on, their profile won't be available. That means any restrictions won't be there, and settings at ALL won't be there. It's not a good situation. Just click on that hive, then go File > Unload hive. Yes, you're sure.

Edited by Idontwantspam

Share this post


Link to post
Share on other sites

Whoops. It appears that indeed, it doesn't work under HKLM. I tried it just now. Using gpedit.msc to do it, it puts values in every single account under that HKCU, though I don't know how. It must load and then unload all the profiles or something. So, there's no registry way to do it for ALL users. You can however use gpedit, or else do it for each individual user, which is probably better anyway, since you don't want to restrict cmd for yourself. ;)

Share this post


Link to post
Share on other sites

Add the subkey cmd.exe to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

You don't need anything else except the cmd.exe subkey.

NOTE: You must reboot your system before this registry change will work!

Edited by mhc

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...