Restricting CMD & Powershell

1. Restricting Command Prompt (CMD)

To disable Command Prompt (cmd.exe), follow these steps:

1. Open the Group Policy Editor:

   • Press Win + R, type gpedit.msc, and press Enter.

2. Navigate to the following path:

   User Configuration > Policies > Administrative Templates > System

3. Find and configure the "Prevent access to the command prompt" policy:

   • Look for the policy "Prevent access to the command prompt" in the right-hand pane.

   • Double-click to open the settings window.

   • Set it to Enabled.

   • You can also configure the option to Disable the command prompt script processing if needed.

4. Click Apply and then OK.

This policy will prevent users from accessing the Command Prompt. If the user tries to launch it, they will see an error message.

---

2. Restricting PowerShell

To block PowerShell, follow these steps:

1. Open the Group Policy Editor:

   • Press Win + R, type gpedit.msc, and press Enter.

2. Navigate to the following path:

   User Configuration > Administrative Templates > System

3. Find and configure the "Don't run specified Windows applications" policy:

   • Double-click on "Don't run specified Windows applications".

   • Set it to Enabled.

   • In the "List of disallowed applications", click on Show, then type powershell.exe and powershell_ise.exe in the list.

4. Click Apply and then OK.

This policy will prevent users from running PowerShell or the PowerShell ISE (Integrated Scripting Environment).