Want to restrict users from opening Command Prompt or running command-line scripts? Follow these steps to disable Command Prompt in Windows.
In Windows, any user can open the Command Prompt and run commands or other scripts without much resistance. This is useful because you can run simple commands and get information that is otherwise unavailable or hard to get in the regular mode. Of course, if you want to run commands or scripts that require admin privileges then the command will prompt for those permissions.
That being said, Command Prompt is not for everyone and most seldom use it. So, if you are sure you don't need the Command Prompt or if you want to restrict other users from accessing the Command Prompt, Windows has a hidden way to disable Command Prompt.
So, without further ado, let me show you can disable the Command Prompt and Command Prompt script execution in Windows 10, 7, and 8.
Steps to Disable Command Prompt
Just like for many things in Windows, there are two ways you can follow to restrict Command Prompt. The first method is via the Group Policy Editor and the second is to use the Registry Editor. If you are using Windows 10 Pro or Enterprise edition, follow the first method. Otherwise, follow the second method.
1] Via Group Policy Editor
Group Policy Editor provides a clean way to disable both Command Prompt and command-line scripts like BAT and CMD. All you have to do is select a policy and you are good to go.
1. First, open the Start Menu, search for "Edit Group Policy' and click on the search result to open the Group Policy Editor.
2. After opening the group policy editor, go to the following folder on the left panel.
User Configuration → Administrative Templates → System
3. On the right panel, find and double-click on the "Prevent access to the Command Prompt" policy.
4. As soon as you double-click, a policy properties window will open. Here, select the "Enabled" radio option. If you want to restrict users from running any kind of CMD or BAT file, select "Yes" from the drop-down menu under the "Options" section.
5. Click "Apply" and "Ok" buttons to save changes.
6. Close the Group Policy Editor and reboot Windows to make the changes take effect.
After rebooting, no user can access the Command Prompt or run the CMD or BAT scripts depending on your configuration. If you ever want to enable Command Prompt, go through the above process again but select "Not Configured" or "Disabled" radio option in step 4. Save changes, reboot Windows and you are done.
2] Via Registry Editor
If you are a Windows Home edition user, you won't have access to the Group Policy Editor. As such, you have to use the Registry Editor to achieve the same thing.
1. First, open the start menu, search for "Registry Editor" and click on the first result to open the Windows Registry Editor.
2. Now, copy the below path, paste it in the address bar and press Enter. This action will take you to the target folder.
3. Now, right-click on the "Windows" folder and select "New → Key".
4. Name the new folder as "System" and press Enter to confirm it.
5. Select the System folder, right-click on the right panel and select the "New → Dword value" option.
6. Name the new value as "DisableCMD" and press Enter to confirm it.
7. Double-click on the newly created value. In the Edit Value window, set the value data as follows and click on the "Ok" button to save changes.
- 1 - To disable Command Prompt and CMD and BAT script execution
- 2 - To disable Command Prompt only and allow script execution
8. Close the registry editor and reboot Windows.
That is it. From now on, you or any other user will not be able to access the Command Prompt in Windows.
If you want to revert the changes, simply delete the "DisableCMD" value we just created.
Hope that helps. If you are stuck or need some help, comment below and I will try to help as much as possible. If you like this article, do check out how to create elevated Command Prompt shortcut and how to always Command Prompt as administrator in Windows.