[gptalk] Can't block command.com?

  • From: "James F. Prudente" <JPrudente@xxxxxxxxxxxxx>
  • To: "gptalk@xxxxxxxxxxxxx" <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 17 Nov 2008 10:51:51 -0500

Hi All,

Command.com is blocked via "Don't run specified Windows applications," and sure 
enough that works properly if a user tries to run the file directly. However, 
if they put command.com in a batch file, and then run that batch file, they can 
get to a command prompt. "Prevent access to the command prompt" is enabled, and 
as best I can tell, I've got things locked down as far as possible. Is there 
something I'm missing? There are a lot of sites out that that seem to indicate 
it's not possible to block this. Seems odd though.


James F. Prudente
Network & Systems Coordinator
Islip Public Schools
215 Main Street
Islip, NY 11751

Other related posts: