Command Prompt is a built-in tool in Windows that is rarely used by the average user. It’s not so user-friendly but advanced computer users with malicious intent can use the Command Prompt to bypass most restrictions that are enforced on the Windows Explorer based GUI. In this post, we will explain how to disable Command Prompt in Windows 11/10/8/7.

Note: If you need to use the Command Prompt frequently, or run batch scripts or use the Terminal Services, disabling Command Prompt is not recommended.

Option 1: Disable Command Prompt Using Group Policy

1. Press the Windows key + R to bring up the Run box, type gpedit.msc and hit Enter.

   

2. This will open the Local Group Policy Editor. Now, go to the following location in the left pane:
   User Configuration/Administrative Templates/System

   

   Make sure click on the System node rather than expanding it. In the right side pane you will see the “Prevent access to the command prompt” policy. Double-click it to modify.

3. In the pop-up window, select Enabled. If you also want to prevent running .bat or .cmd script files, select Yes from the dropdown under the Options section. Click Apply/OK and you are done.

   

4. You do not have to restart your computer for the setting to take effect. If you try to launch the Command Prompt, you’ll see the message “The command prompt has been disabled by your administrator.”

   

Option 2: Disable Command Prompt with Registry Trick

Unfortunately, the Local Group Policy (gpedit.msc) is not available in all editions of Windows. For those users running the Home edition of Windows, you can still disable Command Prompt with this registry tweak:

1. Press the Windows key + R to bring up the Run box, type regedit and hit Enter.

   

2. This will open the Registry Editor. Navigate to the registry key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows. Right-click the Windows key in the left sidebar and choose New -> Key.

   

3. Name the newly-created as System. When the System key is selected, right-click the blank area in the right pane and select New -> DWORD (32-bit) Value.

   

4. Name the DWORD as DisableCMD and then give it a value 1 for disabling the Command Prompt and preventing batch files from running. If you want to disable the Command Prompt but allow batch files, set the value to 2. This change will take effect immediately.

   

   To enable the Command Prompt again, just change the value to 0.

Conclusion

So this is how you can disable the Command Prompt in all versions of Windows. If you need a more secure method to lock the Command Prompt, you can use the third-party software – Protect My Folders, which allows you to protect c:\windows\system32\cmd.exe with a password.

• Previous Post: Repair Your Corrupted Outlook Personal Folders (PST) File
• Next Post: 5 Methods to Open File Explorer in Windows 10 / 8.1 / 8