I had a question about Windows 10 - is it possible to make cmd.exe, as well as running any .bat, .cmd files admin-only?
Optimally I would like to do this without any additional software.
Asked
Active
Viewed 263 times
0
-
1The question clearly is nothing to do with the running of a batch script as administrator. The OP is asking to restrict all cmd.exe and .bat/.cmd to either the administrators group or to the administrator. As such it is not a question for this site. – Compo Dec 18 '16 at 18:36
-
Requiring cmd.exe to have admin access is a question for Superuser, you're right; but the "as well as running any bat/cmd files admin-only" bit can be answered by the question I linked. – SomethingDark Dec 18 '16 at 18:43
-
I think the question of whether or not this question belongs on this site can be argued both ways. I can see both sides to it. – T-Heron Dec 18 '16 at 18:54
-
Is this for a stand-alone Windows 10, or is the machine joined to a network of computers, such as Active Directory? – T-Heron Dec 18 '16 at 18:56
-
You add a manifest to your program that says `requestedExecutionLevel\level="requireAdministrator"` – Dec 18 '16 at 21:22
-
Group policy, or the equivalent registry keys, e.g., [see this](http://www.thewindowsclub.com/enable-disable-command-prompt-windows). Keep in mind that any such restriction is easy for a knowledgeable user to bypass. The only comprehensive solution is an application whitelist, so that the user can only run executables you've whitelisted. – Harry Johnston Dec 18 '16 at 23:47
1 Answers
0
Yes it is possible to restrict.bat .cmd and cmd.exe. Here are a couple links on how to do so...
How to disable the Windows Command Prompt & .cmd Via Group Policy
PryroTech
- 503
- 3
- 12