Guest Gavin Posted August 23, 2008 Posted August 23, 2008 Hi All, We have approx 30 terminal servers where I work, and we are having some issues with users trying to use command prompt. We have disabled cmd.exe, however the users are still able to create a shortcut/batch file to access command.com. Was wondering if there is a way to disable this through group policy, as I would like to apply the same restriction to the pc's that we have as well. I have tested changing the permissions on command.com, and it seems to work well, however, am not entirely keen on having to visit each computer/login to each server separately. Thanks, Gavin
Guest Vera Noest [MVP] Posted August 23, 2008 Posted August 23, 2008 Re: Command.com Software restriction policy should do this. Using Software Restriction Policies to Protect Against Unauthorized Software http://technet.microsoft.com/en-us/library/bb457006.aspx _________________________________________________________ Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server TS troubleshooting: http://ts.veranoest.net ___ please respond in newsgroup, NOT by private email ___ =?Utf-8?B?R2F2aW4=?= <Gavin@discussions.microsoft.com> wrote on 23 aug 2008 in microsoft.public.windows.terminal_services: > Hi All, > > We have approx 30 terminal servers where I work, and we are > having some issues with users trying to use command prompt. We > have disabled cmd.exe, however the users are still able to > create a shortcut/batch file to access command.com. Was > wondering if there is a way to disable this through group > policy, as I would like to apply the same restriction to the > pc's that we have as well. I have tested changing the > permissions on command.com, and it seems to work well, however, > am not entirely keen on having to visit each computer/login to > each server separately. > > Thanks, Gavin
Guest Gavin Posted August 24, 2008 Posted August 24, 2008 Re: Command.com Ok, that makes sense. However, will that effect the running of batch files? We have batch files that we use to set up user accounts initially... Cheers "Vera Noest [MVP]" wrote: > Software restriction policy should do this. > > Using Software Restriction Policies to Protect Against Unauthorized > Software > http://technet.microsoft.com/en-us/library/bb457006.aspx > _________________________________________________________ > Vera Noest > MCSE, CCEA, Microsoft MVP - Terminal Server > TS troubleshooting: http://ts.veranoest.net > ___ please respond in newsgroup, NOT by private email ___ > > =?Utf-8?B?R2F2aW4=?= <Gavin@discussions.microsoft.com> wrote on 23 > aug 2008 in microsoft.public.windows.terminal_services: > > > Hi All, > > > > We have approx 30 terminal servers where I work, and we are > > having some issues with users trying to use command prompt. We > > have disabled cmd.exe, however the users are still able to > > create a shortcut/batch file to access command.com. Was > > wondering if there is a way to disable this through group > > policy, as I would like to apply the same restriction to the > > pc's that we have as well. I have tested changing the > > permissions on command.com, and it seems to work well, however, > > am not entirely keen on having to visit each computer/login to > > each server separately. > > > > Thanks, Gavin >
Guest Vera Noest [MVP] Posted August 24, 2008 Posted August 24, 2008 Re: Command.com There are several ways to deal with this situation. Details are described in the Step-by-Step Guide which I referred to. _________________________________________________________ Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server TS troubleshooting: http://ts.veranoest.net ___ please respond in newsgroup, NOT by private email ___ =?Utf-8?B?R2F2aW4=?= <Gavin@discussions.microsoft.com> wrote on 24 aug 2008 in microsoft.public.windows.terminal_services: > Ok, that makes sense. However, will that effect the running of > batch files? We have batch files that we use to set up user > accounts initially... > > Cheers > > "Vera Noest [MVP]" wrote: > >> Software restriction policy should do this. >> >> Using Software Restriction Policies to Protect Against >> Unauthorized Software >> http://technet.microsoft.com/en-us/library/bb457006.aspx >> _________________________________________________________ >> Vera Noest >> MCSE, CCEA, Microsoft MVP - Terminal Server >> TS troubleshooting: http://ts.veranoest.net >> ___ please respond in newsgroup, NOT by private email ___ >> >> =?Utf-8?B?R2F2aW4=?= <Gavin@discussions.microsoft.com> wrote on >> 23 aug 2008 in microsoft.public.windows.terminal_services: >> >> > Hi All, >> > >> > We have approx 30 terminal servers where I work, and we are >> > having some issues with users trying to use command prompt. >> > We have disabled cmd.exe, however the users are still able to >> > create a shortcut/batch file to access command.com. Was >> > wondering if there is a way to disable this through group >> > policy, as I would like to apply the same restriction to the >> > pc's that we have as well. I have tested changing the >> > permissions on command.com, and it seems to work well, >> > however, am not entirely keen on having to visit each >> > computer/login to each server separately. >> > >> > Thanks, Gavin
Recommended Posts