Disable CMD
Solved
caus909
Posted messages
133
Status
Membre
-
damien -
damien -
Hello,
I am currently managing a few PCs and:
On these PCs, I have installed ESET Smart Security protected by a password.
Don't worry, the problem doesn't come from the antivirus.
The issue is that the users of these public PCs use the Task Manager to kill the antivirus.
So I created a reg file that disables the Task Manager and regedit to prevent this.
The problem is that clever users use the command prompt and its "reg delete" command to reactivate them...
So:
What is the value to insert in the registry to disable cmd:
DisableTaskMgr disables the Task Manager
DisableRegistryTools disables regedit
? disables cmd
Thank you in advance.
I am currently managing a few PCs and:
On these PCs, I have installed ESET Smart Security protected by a password.
Don't worry, the problem doesn't come from the antivirus.
The issue is that the users of these public PCs use the Task Manager to kill the antivirus.
So I created a reg file that disables the Task Manager and regedit to prevent this.
The problem is that clever users use the command prompt and its "reg delete" command to reactivate them...
So:
What is the value to insert in the registry to disable cmd:
DisableTaskMgr disables the Task Manager
DisableRegistryTools disables regedit
? disables cmd
Thank you in advance.
Configuration: Windows XP HOME Internet Explorer 7.0
6 réponses
Good evening,
Start --> run type, gpedit.msc and click ok.
You can set up a list of unauthorized applications for all users, including yourself. Double-click on the item Do not run specified Windows applications (path: local computer policy/User configuration/Administrative templates/System). In the Settings tab, check the Enabled box. Click on the Show button, then on Add. Enter the names of the executables related to the banned applications (e.g., kazaa.exe, etc...). Remove a program from the list as soon as you want to use it.
for the registry
Registry Editor then run the command Regedit via the Start menu and Run. Then open the key HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ System and double-click on the DWORD value DisableRegistryTools. Enter 1 in the Value data text box and confirm by pressing Enter. Close the Registry Editor and then restart the session to apply the change.
the command prompt
in the "Group Policy" window, go to:
user configuration > administrative template > system
and in the right pane, check the value of the entry:
"disable access to the command prompt"
plus this
http://www.labo-microsoft.com/articles/win/xp_groupes/
http://www.win-protector.com/
Start --> run type, gpedit.msc and click ok.
You can set up a list of unauthorized applications for all users, including yourself. Double-click on the item Do not run specified Windows applications (path: local computer policy/User configuration/Administrative templates/System). In the Settings tab, check the Enabled box. Click on the Show button, then on Add. Enter the names of the executables related to the banned applications (e.g., kazaa.exe, etc...). Remove a program from the list as soon as you want to use it.
for the registry
Registry Editor then run the command Regedit via the Start menu and Run. Then open the key HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ System and double-click on the DWORD value DisableRegistryTools. Enter 1 in the Value data text box and confirm by pressing Enter. Close the Registry Editor and then restart the session to apply the change.
the command prompt
in the "Group Policy" window, go to:
user configuration > administrative template > system
and in the right pane, check the value of the entry:
"disable access to the command prompt"
plus this
http://www.labo-microsoft.com/articles/win/xp_groupes/
http://www.win-protector.com/
Hello magician10024
Sorry, but you didn't see the configuration :)
The PCs are running XP Home. (no gpedit)
Furthermore, it needs to be included in a reg file or a batch file (silent deployment from the central PC)
Thanks in advance
For regedit, I know magician, but with the command "reg delete," it reactivates it
And please, I would like to understand how switching the network to domain will prevent them from using the "reg delete" command
Sorry, but you didn't see the configuration :)
The PCs are running XP Home. (no gpedit)
Furthermore, it needs to be included in a reg file or a batch file (silent deployment from the central PC)
Thanks in advance
For regedit, I know magician, but with the command "reg delete," it reactivates it
And please, I would like to understand how switching the network to domain will prevent them from using the "reg delete" command
You need a Windows Server 2XXX and clients in Professional versions to create a domain, so this is not possible in your case. When a client is integrated into the domain, the domain administrator account has power that exceeds that of a local administrator account, making it a priority. Administration is centralized, all GPOs created propagate to the domain clients, and no local administrator account can counter them. Since Windows Server 2003, it is also possible to test a policy on a dedicated client (usually the administrator's machine) before rolling it out to other clients. Fine-tuning a GPO in this way is therefore much easier to implement.
--
Forget Internet Explorer 6, 7, 8 and give Firefox 3.0 a try; if you're curious, you'll forget about IE.
--
Forget Internet Explorer 6, 7, 8 and give Firefox 3.0 a try; if you're curious, you'll forget about IE.
oops! Sorry
but you can add it
http://www.teamatic.net
http://www.web-infotek.com/sections.php?op=viewarticle&artid=71
but you can add it
http://www.teamatic.net
http://www.web-infotek.com/sections.php?op=viewarticle&artid=71
and if you tried this Disable Command Prompt and Batch File
User Key: [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
Value Name: DisableCMD
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = default, 1 = disabled, 2 = disabled but allow batch)
https://us.norton.com/internet-security
--
Forget Internet Explorer 6, 7, 8 and why not try Firefox 3.0; if you are curious you will forget IE.
User Key: [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
Value Name: DisableCMD
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = default, 1 = disabled, 2 = disabled but allow batch)
https://us.norton.com/internet-security
--
Forget Internet Explorer 6, 7, 8 and why not try Firefox 3.0; if you are curious you will forget IE.
I'm sorry to bring up this topic again, but I'm currently facing the same problem.
Could you tell me how to deploy this command: User Key: [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
Value Name: DisableCMD
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = default, 1 = disabled, 2 = disabled but allow batch)
Do I need to create a script with this command, and how do you deploy it from Windows Server?
Excuse my question, but I'm still a novice learning.
Could you tell me how to deploy this command: User Key: [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
Value Name: DisableCMD
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = default, 1 = disabled, 2 = disabled but allow batch)
Do I need to create a script with this command, and how do you deploy it from Windows Server?
Excuse my question, but I'm still a novice learning.