Run command can be disabled using group policy, we will use Windows Server 2012 R2, domain controller and a client computer for the implementation of disabling run command. Run command is typically opened by two ways. One by clicking on windows icon or the start button depending upon the OS and other way is to press “Win key and R key” together.
Run command can be used to open up any application or services. First, we need to create a group policy on an OU in our Active directory where we want to restrict users from opening up run command. Log in to the Windows server and open up the active directory users and groups.
We will implement this policy on “Sales Dept” OU and it contains three users. Once group policy is configured we will log in from any of these users to check the working of newly created policy.
Since we have selected the required OU now open the group policy management console in Windows Server.
Browse to the required OU in group policy management as in this case it is “Sales Dept”.
Right-click on “Sales Dept” and select the first option of “Create a GPO in this domain, and link it here”.
It should have open up a window of “New GPO” so name the GPO accordingly and press ok. I will name it as “Disable RUN“.
GPM wizard is popped up so browse to the “Disable RUN” location.
Right-click on it and select the “Edit” option.
Now GPO editor is opened where we can configure this group policy by selecting User Configuration to expand Policies and then click on Administrative Templates.
Under Administrative Templates click on “Start Menu and Taskbar” and you will notice that bunch of options are available so scroll down to select “Remove Run Menu from Start Menu”
Double-click on it to select “Enabled” and click on “Apply”
Now login to the client computer using their credentials which come under Sales dept in my example.
Once you log in as the “user” you’ll get an error when trying to open the Run Window. I have logged in as “user” and got an error when I tried to open it .