Z
zuhair
Any one knows how to restrict command prompt in proup
policy
policy
M
Miha Pihler
Hi,
In non-domain environment you can create software restriction policy for
cmd.exe and command.com. You can do it in Group Policy.
Open Group policy -> expand Computer Configuration -> Security Settings ->
Software Restriction Policies! Right click additional rule and my suggestion
is Hash rule. It is most reliable but it is still possible to get around it.
E.g. applying service pack might change e.g. cmd.exe. This will most likely
change the hash and users will be able to run cmd.exe command.
In domain environment you can e.g. change permission on file and give only
admins e.g. full control and remove all other users and groups...
Open Group policy -> expand Computer Configuration -> Security Settings ->
File System. Add file from c:\windows\system32\cmd.exe and select who has
any rights on it...
Good luck
In non-domain environment you can create software restriction policy for
cmd.exe and command.com. You can do it in Group Policy.
Open Group policy -> expand Computer Configuration -> Security Settings ->
Software Restriction Policies! Right click additional rule and my suggestion
is Hash rule. It is most reliable but it is still possible to get around it.
E.g. applying service pack might change e.g. cmd.exe. This will most likely
change the hash and users will be able to run cmd.exe command.
In domain environment you can e.g. change permission on file and give only
admins e.g. full control and remove all other users and groups...
Open Group policy -> expand Computer Configuration -> Security Settings ->
File System. Add file from c:\windows\system32\cmd.exe and select who has
any rights on it...
Good luck
M
Miha Pihler
In Win2K you have to use File system Restriction. Since this is WinXP news
group I explained first how to do it in XP...
Mike
group I explained first how to do it in XP...
Mike