Prevent Access to Registry Editing Tools
If this setting is enabled and the user tries to start a registry editor, a message appears explaining that a setting prevents the action.
To prevent users from using other administrative tools, use the "Run only allowed Windows applications" setting.
START > RUN > GPEDIT.MSC > USER CONFIGURATION > ADMINISTRATIVE TEMPLATES > SYSTEM > FIND PREVENT ACCESS TO REGISTRY EDITING TOOLS > RIGHT CLICK > PROPERTIES > CLICK ENABLE > OK > REBOOT
Prevent Access to Command Prompt
This setting also determines whether batch files (.cmd and .bat) can run on the computer.
If you enable this setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action.
Note: Do not prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Terminal Services.
START > RUN > GPEDIT.MSC > USER CONFIGURATION > ADMINISTRATIVE TEMPLATES > SYSTEM > FIND PREVENT ACCESS TO THE COMMAND PROMPT > RIGHT CLICK > PROPERTIES > CLICK ENABLE > OK REBOOT
Note: This will disable the command for all users including the local administrator. If you want to disable this for specific users only (and for XP Home users) make the change in the registry. Login to the account you want to change and create the following registry entries:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\
DisableCMD dword 0x00000001 to disable command prompt and batch files
or
DisableCMD dword 0x00000002 to disable command prompt but not batch files
No comments:
Post a Comment