Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Microsoft > Tips & Tricks

January 10th, 2007, 15:19 GMT · By Dragos Jijau

Block Access to Command Prompt

SHARE:

Adjust text size:


The command prompt is an important component of the operating system. It has been present since the first versions of Windows and it still lives under the new Windows Vista. As I mentioned in other articles, commands ran from the command prompt can do amazing things especially for the inexperienced users that are not familiar with them.

These commands have rough force and form, at the same time not being so user friendly but they do their job if proper handled. If an advanced computer user gets in front of your PC when you are not around, you might get in trouble. No need to install applications or other stuff to mess with your computer. He can simply do it using commands ran from the command prompt.

With the command prompt activated (the command prompt is activated by default in Windows), malicious batch scripts can be run which can endanger the normal life of your computer and operating system.

All these being said, some more cautious users may
see in disabling the command prompt one of the mandatory steps to protect a personal computer. Of course this is true unless you are not a frequent user of the command prompt facilities. If you run batch scripts or use the Terminal Services, disabling this Windows feature is not recommended.

How to disable the command prompt

For Windows XP Professional

Windows XP Professional comes with a useful tool called Group Policy Editor (GPEDIT.msc) which permits to set some restrictions and one of this is exactly the one that concerns us.

Hence, go to Start > Run and type gpedit.msc. Then go to:
User Configuration > Administrative Templates > System > Find Prevent Access To The Command Prompt. Right click on it, select Properties and click Disable. Then OK, and restart your computer.

With this option, you disable the access to the command prompt for all the users including the administrator.

For Windows XP Home Edition

Because Windows XP Home Edition does not provide the Group Policy Editor, we need to edit the registry.

Browse the following registry path:

HKEY_CURRENT_USER > Software > Policies > Microsoft > Windows > System

There, in the right panel you have the DWORD value DisableCMD. Giving it the value 0x00000001 you will disable the command prompt. To enable it back, just change the value to
0x00000002.
Review imageReview imageReview image


With this method, you will prevent access to the command prompt just for the logged user. It won't affect the other user accounts.

TELL US WHAT YOU THINK:

23,296 hits · 2 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


How to Add an Application to Startup Using the Registry
How to Add OEM Logo and Information to Your Windows
Two Protection Tweaks for Corporate PCs
Windows "AT" Command
How to Hide a Partition/Drive

READER COMMENTS:


Comment #1 by: Peter on 07 Jun 2010, 16:46 UTC reply to this comment

open MS word click file then open and in the filename field type c:\windows\system32\cmd.exe

this policy fails


Comment #2 by: midc on 24 Dec 2011, 02:26 UTC reply to this comment

My school uses this policy along with another that forbids the use of the run prompt. Both are stupid as hell, all I have to do is make a batch script that opens up command.com and from there run cmd.exe

Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use