How to Disable Run Command Prompt using Group Policy

Let’s suppose you are working in the organization as a network engineer and your client comes to you and ask to revoke the access to command prompt since the client doesn’t want users to access the command prompt because of some reasons.

The command prompt is mainly used to perform the commands entered in it as frequently the commands are used to automate tasks via scripts and batch files, perform advanced administrative functions, and troubleshoot and solve certain kinds of Windows issues

This can be implemented all over the network using the group policy, I will use Windows server 2012 R2 as an example. Let’s begin with the process, first of all, login to your Windows Server which year administrative credential and open server manager, from the top right side click on tools and select group policy management.

It will open up the new window console of group policy management.

Expand the “Domains” folder and select the domain where you want to implement this group policy as in this case I have only one domain named “youdomainname.local”, right click on your required domain and select “Create a GPO in this domain, and link it here”

A new window will pop up, enter the name of GPO as you like, I will name it as “restrict users to access CMD”

Now expand your domain and search for your newly created GPO. Right click on it and select “edit”

From group policy management editor window, Expand used configuration and then click on policies.

Select administrative templates and then click on system.

From there select “Prevent access to command prompt”, double click on it to open it

Click “enable” to activate this group policy.

Click apply and then click “Ok”. ”, now open the command prompt so that the newly created group policy gets enabled right away write “gpupdate/force” and it will update the group policy. Once this policy gets enabled it will throw an error whenever the user tries to open a command window, that a setting prevents the action.