Disable Command Prompt Using Group Policy or Registry Trick

February 2, 2015 updated by Admin Leave a reply »

Command Prompt is a built-in tool in Windows that is rarely used by the average user. It’s not so user-friendly but advanced computer users with malicious intent can use the Command Prompt to bypass most restrictions that are enforced on the Windows Explorer based GUI. In this post, we will explain how to disable Command Prompt for all Windows accounts.

Note: If you need to use the Command Prompt frequently, or run batch scripts or use the Terminal Services, disabling Command Prompt is not recommended.

Option 1: Disable Command Prompt Using Group Policy

  1. Press the Windows key + R to bring up the Run box, type gpedit.msc and hit Enter.
  2. This will open the Local Group Policy Editor. Now, go to the following location in the left pane:
    User Configuration/Administrative Templates/System
  3. Make sure to click on the System node rather than expanding it. In the right side pane you will see “Prevent access to the command prompt“.


  4. Double-click on the policy and then select Enabled in the pop-up window. Click Apply/OK and you are done. You do not have to restart your computer for the setting to take effect.
  5. All users of the PC are now denied access to the Command Prompt. If you try to launch the Command Prompt, you’ll see the message “The command prompt has been disabled by your administrator.


Option 2: Disable Command Prompt with Registry Trick

Unfortunately, the Local Group Policy (gpedit.msc) is not available in all editions of Windows. For those users running Starter, Home Basic, and Home Premium editions of Windows, you can still disable Command Prompt with this registry tweak:

  1. Press the Windows key + R to bring up the Run box, type regedit and hit Enter.
  2. This will open the Registry Editor. Navigate to the following registry key:

    If the Windows or System key is not present, you may be required to create them manually.

  3. Right-click on any blank space in right pane, create a new DWORD value, name it DisableCMD and then give it a value 2 you will disable the command prompt. To enable it back, just change the value to 0.



So this is how you can disable the Command Prompt in all versions of Windows. However, re-enabling access to the Command Prompt for all users is as simple as following the steps outlined above. If you need a more secure method to lock the Command Prompt, you can use the third-party software – Protect My Folders, which allows you to protect c:\windows\system32\cmd.exe with a password.