Hide access to the Command prompt(CMD) for users,

Question

Hide access to the Command prompt(CMD) for users,

Question

Hello, I have a query.

How can I do from Intune, hide access to the command promt (CMD) for users, but have the possibility to launch batch.

Thnaks,

solved 0

Intune David Lopez 2 years 2021-05-17T18:05:55+05:30 2021-05-17T18:05:55+05:30 7 Answers 780 views Beginner

0

About David LopezBeginner

Answers ( 7 )

Jitesh Kumar
0
2021-05-17T20:21:50+05:30 May 17, 2021 at 8:21 PM
Reply
Hello David, Intune allows us to restrict access to Command prompt using below OMA- URI settings –
OMA-URI: ./user/vendor/MSFT/Policy/Config/ADMX_ShellCommandpromptRegeditTools/DisableCMD
Value:
1 = Disable command prompt and BAT and CMD scripts
2 = Disable command prompt
https://snipboard.io/5AaMG4.jpg
+ Reference link – https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools#admx-shellcommandpromptregedittools-disablecmd
If you want to allow users not to search and find the Command Prompt like Start Menu, Search Option, you can remove the shortcuts like – This is not a recommended option.
“%AppData%\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk”
Let’s give a test and update with your points what you want to achieve for further help.

Jitesh Kumar
0
2021-05-17T20:29:37+05:30 May 17, 2021 at 8:29 PM
Reply
OMA-URI: ./user/vendor/MSFT/Policy/Config/ADMX_ShellCommandpromptRegeditTools/DisableCMD
Data type: String
Value:
Note – This setting will only work with the device running with Windows 10 build 20226.

David Lopez Beginner
0
2021-05-17T21:56:52+05:30 May 17, 2021 at 9:56 PM
Reply
jitesh,
I have version 20H2 installed Windows 10 Pro, is it compatible? I don’t know which version 20226 is.
The configuration policy that you detail is applicable to groups of users as well as devices?
I have thrown it on the device and it is wrong.

David Lopez Beginner
0
2021-05-17T22:04:29+05:30 May 17, 2021 at 10:04 PM
Reply
OMA-URI: ./user/vendor/MSFT/Policy/Config/ADMX_ShellCommandpromptRegeditTools/DisableCMD
Data type: String
Value:
In the value option do I add 1 or 2?

Jitesh Kumar
0
2021-05-17T22:22:33+05:30 May 17, 2021 at 10:22 PM
Reply
David, I just noticed this post from Peter that might help to get step by step process! Please do follow –
+ https://www.inthecloud247.com/disable-command-prompt-and-registry-access-with-microsoft-intune/
I haven’t tried tested with Intune. Generally, It’s taking value 1 or 2 both from the Registry level. You can give a try and update us!
Note – Please perform the testing internally before directly implementing it to production to avoid any issues.

David Lopez Beginner
0
2021-05-17T22:39:16+05:30 May 17, 2021 at 10:39 PM
Thank you for your quick answer. I will try the option that you detail. If I can do it, I will tell you about it.
Thanks.

Leave an answer

Sorry, you do not have permission to answer to this question .

Previous question

Next question

Jitesh Kumar · Accepted Answer · 2021-05-17T22:28:24+05:30

The value for OMA URI which I provided to you earlier in the double quote isn’t accepted here, appeared with blank space and you got only 1 or 2. that’s why you might get an issue. Hopefully, with the above reference, you’ll able to get it.

Register Now

Login

Lost Password

Login

Register Now

Hide access to the Command prompt(CMD) for users,