Hide access to the Command prompt(CMD) for users,
Question
Hello, I have a query.
How can I do from Intune, hide access to the command promt (CMD) for users, but have the possibility to launch batch.
Thnaks,
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Hello, I have a query.
How can I do from Intune, hide access to the command promt (CMD) for users, but have the possibility to launch batch.
Thnaks,
Answers ( 7 )
Hello David, Intune allows us to restrict access to Command prompt using below OMA- URI settings –
OMA-URI: ./user/vendor/MSFT/Policy/Config/ADMX_ShellCommandpromptRegeditTools/DisableCMD
Value:
1 = Disable command prompt and BAT and CMD scripts
2 = Disable command prompt
https://snipboard.io/5AaMG4.jpg
+ Reference link – https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools#admx-shellcommandpromptregedittools-disablecmd
If you want to allow users not to search and find the Command Prompt like Start Menu, Search Option, you can remove the shortcuts like – This is not a recommended option.
“%AppData%\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk”
Let’s give a test and update with your points what you want to achieve for further help.
OMA-URI: ./user/vendor/MSFT/Policy/Config/ADMX_ShellCommandpromptRegeditTools/DisableCMD
Data type: String
Value:
Note – This setting will only work with the device running with Windows 10 build 20226.
jitesh,
I have version 20H2 installed Windows 10 Pro, is it compatible? I don’t know which version 20226 is.
The configuration policy that you detail is applicable to groups of users as well as devices?
I have thrown it on the device and it is wrong.
OMA-URI: ./user/vendor/MSFT/Policy/Config/ADMX_ShellCommandpromptRegeditTools/DisableCMD
Data type: String
Value:
In the value option do I add 1 or 2?
David, I just noticed this post from Peter that might help to get step by step process! Please do follow –
+ https://www.inthecloud247.com/disable-command-prompt-and-registry-access-with-microsoft-intune/
I haven’t tried tested with Intune. Generally, It’s taking value 1 or 2 both from the Registry level. You can give a try and update us!
Note – Please perform the testing internally before directly implementing it to production to avoid any issues.
The value for OMA URI which I provided to you earlier in the double quote isn’t accepted here, appeared with blank space and you got only 1 or 2. that’s why you might get an issue. Hopefully, with the above reference, you’ll able to get it.
Thank you for your quick answer. I will try the option that you detail. If I can do it, I will tell you about it.
Thanks.