Kaseya Community

Windows Locking Down Command Prompt without Locking Down Live connect

This question is not answered

Windows Locking Down Command Prompt without Locking Down Live connect

Hi Been trying to lock down Windows 8.1 Tablet with the following registry key via .reg file

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
"DisableCMD"=dword:00000001

When I send this reg file down and run it via executeshell command it locks the Live Connect Command Shell, and then unable to do anything

However the reg file has not applied to the user that I sent it to


has anybody else had this issue whether it be Windows XP/7/8/8,1 and if so how did you fix

Is there another tool out there, that can lock down CMD,RUN, CONTROL PANEL, other than registry or GPO

All Replies
  • You are likely running the command as the system account.

    The HKEY_CURRENT_USER key is not going to apply to the currently logged in 'interactive' user, but the 'system' user.

    You can try executing the procedure step with the option to run as the current user (preceded by an IF check to only run the command if someone is logged in), though they will need registry editing permissions for it to apply - which ultimately means they'll be able to reverse the change if they choose.

    I looked into this particular tweak and it unfortunately can't be made with an exportable GPO template.

    Leveraging Microsoft's Active Setup to make the registry tweak for any logged in user might also work.

  • Hi

    The .reg file I am sending down to the machine to be applied is currently set with

    If UserLoggedIn(Username)

    executeshellcommand regedit.exe / s C:\disable.reg

    this applies to the interactive user but not system user, cos when i restart the machine

    Live connect Command is disabled but the system user is not

  • And you are running that shell command step as the user and not system -- interactively checking regedit for the user to verify the registry change has been made to their HKCU hive ?

    If so I'm at a loss for this one -- you may want to check Technet and send a note in to Microsoft support.



    .
    [edited by: Ben at 8:10 AM (GMT -7) on May 29, 2014]