Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Disallow access to the command screen

Status
Not open for further replies.
CondorMan

CondorMan

Technical User
Jan 23, 2005
211
GB
Hi everyone

The situation is a stand alone PC connected to ADSL via a router. The OS is XP Pro SP2.

I'd like to disable access to the command screen. I know that I can remove <Run> from the Start Menu and set permissions on cmd.exe, but what if someone brings their own copy of cmd.exe via floppy, CD, USB memory stick or e-mail (users need access to USB and floppy)? I set the Policy to prevent users accessing the command prompt so the only way to access it now is Right Click>Run As>Administrator. Everything's fine so far, but this doesn't stop a user using command.com (or bringing their own copy).

I have two questions:

First: how can I disable command.com as well as com.exe? Is it possible to generate my personal Policy to prevent this from being run?

Second: why is command.com present on the PC as well as com.exe?

I see that command.com uses 8.3 terminology rather than full folder names and it doesn't support Tab to complete folder names. Are there any other differences?

Thanks in advance.
 
Sort by date Sort by votes
Disable Command Prompt and Batch Files

Have a look at third party programs such as Process Guard.

Maybe you could also look at something to prohibit ntvdm.exe from running, this article may give you a few ideas?

Troubleshooting MS-DOS-Based Programs in Windows

Even if you could block Command.com or Cmd.exe from running, anybody could probably just rename the file extension to something else such as .exe, .bat, or .com, they could also rename the file itself.

Using Software Restriction Policies to Protect Against Unauthorized Software

How To Use Software Restriction Policies in Windows Server 2003

Microsoft Windows Server 2003 Software Restriction Policies

Description of the Software Restriction Policies in Windows XP





COMMAND.COM vs. CMD.EXE.
 
Upvote 0 Downvote
Wow - you really are a fount of knowledge! I'm astonished by the information that emanates from your PC relating to a wide variety of problems.

Many thanks.
 
Upvote 0 Downvote
Don't be astonished, the thing is, I am a hoarder of information supplied by my fellow posters on this site and re-dispersed by me when the need arises. That is my main skill in this matter.
 
Upvote 0 Downvote
<LOL> - some filing system!

As a matter of interest, how do you log and track the information? I doubt you keep everything in your head, so do you use Excel or Access, for instance, to keep a track of the urls or text that you post? I suspect that you have snippets there in a Wordprocessor ready to copy and paste because I've seen your post about MS superhidden files (and the bit about where it becomes really interesting!) several times.

The reason that I ask is because I am also building a series of articles, tips etc. which are of interest to me. I've resorted to a "little black book" but soon realised that this isn't practicable when had to search for something that I KNEW was in there. It took me almost as long to retrive it as to re-research the problem from scratch!
 
Upvote 0 Downvote
Unfortunately there is no method in my madness, and certainly no highly skilled technical solution. I guess I rely on good old fashioned memory, I have to, because the main backbone of my system is one folder with over 6000 text files stored in it, all gathered from Tek-Tips. I should thank my fellow posters for their contribution too.

I find searching for text strings in the Search program my main technical assistant. And yes, I find copying and pasting snippets a great time saver, I hate typing!

I also make judicial use of the Help and Support Center program, Google, and MSKB.
 
Upvote 0 Downvote
I suppose the more complicated a system, the more vulnerable it is. Your system obviously works very well and maybe I'll look at something similar.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Locked
  • Question
Windows 11 Screen Colours have changed (slightly) 3
Replies
14
Views
7K
pjw001
pjw001
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
2K
Flinx
Flinx
hamburg18w
  • Locked
  • Question
Task Host is Stopping the Shutdown
Replies
1
Views
996
Ign3us
Ign3us
pjw001
  • Locked
  • Question
How to configure Bookmarks in Chrome 2
Replies
4
Views
720
pjw001
pjw001
Andrzejek
  • Locked
  • Question
How to Disable Google Chrome Password Manager 2
Replies
3
Views
1K
combo
combo

Part and Inventory Search

Sponsor

Back
Top