Is anyone able to advise how to block PowerShell and CMD for standard users (and allowed for admins)?
Block PowerShell and CMD for standard users
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
Hello,
In our organization we need to restrict our users from either running scripts in PowerShell and CMD or to block them completely. However admins should be able to run scripts or open these apps after running them as administrator.
We tried to use AppLocker but the apps get blocked for both standard users and administrators. When we allow admins in AppLocker policy it is still blocked.
I also tried implementing "Turn on Script Execution" option under "Administrative Templates\Windows Components\Windows PowerShell" in Intune configuration profile and powershell script gets blocked when is saved as a file but not blocked when user pastes it into already open powerShell window.
Any advise?
Regards,
Mario
Windows for home | Windows 10 | Security and privacy
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
4 answers
Sort by: Most helpful
-
Anonymous
2024-07-23T07:07:46+00:00 -
Ramesh 176.1K Reputation points Volunteer Moderator2024-07-24T08:56:06+00:00 For Intune configuration, you may try the question in one of these forums:
https://techcommunity.microsoft.com/t5/microsoft-intune-and/ct-p/microsoft-endpoint-manager https://learn.microsoft.com/en-us/answers/questions/
-
Anonymous
2024-07-24T08:48:42+00:00 Would this be easy to push via Intune?
-
Ramesh 176.1K Reputation points Volunteer Moderator
2024-07-23T07:15:18+00:00 Hi Mario,
Can you use NTFS permissions to block the execution of those programs by standard users?
Maybe like this:
How to Prevent Command Prompt Access for Specific Users.
(or)
Solved: techniques to prevent powershell/cmd.exe running without admin rights. | Experts Exchange
Standard Disclaimer: There is a link to a non-Microsoft website. The page appears to provide accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as PUPs (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.