Prevent running the MS-DOS Command Prompt (CMD)

In certain circumstances it may make sense that the Windows user may not start the MS-DOS prompt . Because this can certainly improve the security of the Windows system, because in this case the Windows user may no longer start batch files .

There are two ways to lock the command prompt on Windows 10 . Once via the local group guidelines and once directly via the registry

Prevent CMD via Group Policy

The easiest way is to open the Group Policy Editor (gpedit.msc) and then switch to the following area

User Configuration Administrative Templates System

There is then the point ” Prevent access to the command prompt “. You must ” activate ” this so that the user is no longer allowed to start the MS-DOS prompt. Microsoft describes this setting as follows:

This policy setting prevents users from running the interactive command prompt (Cmd.exe). This policy setting also determines whether batch files (CMD and BAT files) can be run on the computer.
If you enable this policy setting and the user tries to open a command window, a system message appears stating that the action cannot be performed due to a policy setting.
If you disable or do not configure this policy setting, users can run Cmd.exe and batch files regularly.
Note: You should not disable batch file execution if batch file scripts are used to log on, log off, start up, or shut down the computer, or for users who use Remote Desktop Services .

It is also important that you can also restrict whether the script processing of the command prompt should also be deactivated. You can configure this as soon as you have set the group policy to ” Active “. Immediately after activating this option, the prompt window is deactivated for the user, also for the local administrator , as you can see below.

Deactivate command prompt via registry

As already written, there is also the possibility to turn off the command prompt via registry. To do this, you have to call up the registry editor and switch to the following key.

Computer HKEY_CURRENT_USER Software Policies Microsoft Windows System

If the “System” key does not exist, you must first create it. Then the value is in this key


as you can see here below.

The new registry value is then assigned the value “1” . This sets your Windows system so that the user can no longer open the Dox-Box , just like in the picture above after activating the local group policy.

You can deactivate this again by simply assigning the value ” 0 ” to the value ” DisableCMD ” , or simply deleting the entire value. Incidentally, the changes here become active immediately, no Windows reboot is necessary.

You can find many other great helpful tricks around Windows 10 in the following posts here in our Windows blog.

– Shut down Windows 10 time-controlled with a command
– Activate time with seconds in Windows 10 Taskbar
– Hide systray icons from the Windows taskbar completely
– Show or hide desktop icons on Windows 10
– Delete temporary files automatically on Windows 10
– Windows 10 Cortana replace search field with icon or hide
– Windows operating time (runtime) is incorrect in the Task Manager for Windows 10
– Open command prompt or PowerShell in full screen mode
– SD card is no longer recognized – Windows 10 Update
– Delete printer driver under Windows 10 with PNPUTIL
– Return to the last installed Windows device driver (driver Rollback)
– Open the Control Panel in Windows 10 quickly