AvoidErrors

Disable Run Command using Group Policy – Server 2012

by · July 6, 2017

Run command can be disabled using group policy, we will use Windows Server 2012 R2, domain controller and a client computer for the implementation of disabling run command. Run command is typically opened by two ways. One by clicking on windows icon or the start button depending upon the OS and other way is to press β€œWin key and R key” together.

Run command can be used to open up any application or services. First, we need to create a group policy on an OU in our Active directory where we want to restrict users from opening up run command. Log in to the Windows server and open up the active directory users and groups.

We will implement this policy on β€œSales Dept” OU and it contains three users. Once group policy is configured we will log in from any of these users to check the working of newly created policy.

Since we have selected the required OU now open the group policy management console in Windows Server.

Browse to the required OU in group policy management as in this case it is β€œSales Dept”.

Right-click on β€œSales Dept” and select the first option of β€œCreate a GPO in this domain, and link it here”.

It should have open up a window of β€œNew GPO” so name the GPO accordingly and press ok. I will name it as β€œDisable RUNβ€œ.

GPM wizard is popped up so browse to the β€œDisable RUN” location.

Right-click on it and select the β€œEdit” option.

Now GPO editor is opened where we can configure this group policy by selecting User Configuration to expand Policies and then click on Administrative Templates.

Under Administrative Templates click on β€œStart Menu and Taskbar” and you will notice that bunch of options are available so scroll down to select β€œRemove Run Menu from Start Menu”

Double-click on it to select β€œEnabled” and click on β€œApply”

Now login to the client computer using their credentials which come under Sales dept in my example.

Once you log in as the “user” you’ll get an error when trying to open the Run Window. I have logged in as β€œuser” and got an error when I tried to open it .

Miguel

I started this tech blog back in 2011 as a place to write down processes I took to fix my client systems and network. Now I write some tips and tricks to help others with the tech issues that one might encounter.

You may also like...