If you want to restrict command prompt access to users, the easiest way is to use a group policy object in your active directory environment. This will allow you to disable access to the command prompt to several users in just a few clicks.
To disable command prompt using group policy, first logon to a domain controller or a computer with RSAT installed. In the policy, navigate to our Group Policy Management inside of Administrative Tools.
Next navigate to
Users Configuration > Policies > Administrative Templates > System. Once inside of the System folder, right click on the policy titled Prevent access to
A new option will appear in the options section. To disable scripting processes, select “Yes” from the drop-down. If the option is “
Click Apply and OK. Last apply the policy to the desired organizational unit.
To verify the policy is being applied, logon to a computer using an account that has the group policy object applied. If the policy is being applied, a message saying, “The command prompt has
To apply the new setting to the computer, restart the machine.