# Restricting CMD & Powershell #### 1. **Restricting Command Prompt (CMD)** To disable Command Prompt (cmd.exe), follow these steps: 1. **Open the Group Policy Editor**: * Press `Win + R`, type `gpedit.msc`, and press Enter. 2. **Navigate to the following path**: ``` User Configuration > Policies > Administrative Templates > System ``` 3. **Find and configure the "Prevent access to the command prompt" policy**: * Look for the policy **"Prevent access to the command prompt"** in the right-hand pane. * Double-click to open the settings window. * Set it to **Enabled**. * You can also configure the option to **Disable the command prompt script processing** if needed. 4. **Click Apply** and then OK. This policy will prevent users from accessing the Command Prompt. If the user tries to launch it, they will see an error message.

*** #### 2. **Restricting PowerShell** To block PowerShell, follow these steps: 1. **Open the Group Policy Editor**: * Press `Win + R`, type `gpedit.msc`, and press Enter. 2. **Navigate to the following path**: ``` User Configuration > Administrative Templates > System ``` 3. **Find and configure the "Don't run specified Windows applications" policy**: * Double-click on **"Don't run specified Windows applications"**. * Set it to **Enabled**. * In the "List of disallowed applications", click on **Show**, then type `powershell.exe` and `powershell_ise.exe` in the list. 4. **Click Apply** and then OK. This policy will prevent users from running PowerShell or the PowerShell ISE (Integrated Scripting Environment).