Preventing the Use of Cmd.exe and Batch Files

I need to prevent users from using cmd.exe to run applications and batch files. How can I do so?

Cmd.exe is a potential back door to many executable files. You can make a registry change to stop the use of cmd.exe and even stop batch files from running, although you should always be cautious about editing the registry.

Open a registry editor and go to the HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System registry subkey. Add the DisableCMD value (of type REG_DWORD). You can set this value to 1 or 2. A setting of 1 will prevent users from running cmd.exe but will let users run batch files. A setting of 2 will prevent users from using cmd.exe and from running batch files.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.