Disabling CMD and BIOS for non admin accounts Domain


  1. Synixer
    Posts : 7
    Win 10
       New #1

    Disabling CMD and BIOS for non admin accounts Domain


    Hello dear people of Tenforums. ive used this site everyday since i started my job as head of IT in the local goverment office i work. and i have learned alot like making a new DC

    Anyways to the point.

    The systems implemented in the 4 schools of the local goverment are old and lacking. they ran on a win 2003 server with users dating back to 2004. instead of cleaning it up i set up a new DC with server 2016.

    After spending some times in the school i found pc's riddled with gaming software and pop up's (viruses).
    i reinstalled 97 pc's so far this summer and implemented anti viruses.

    im here to ask for help doing something else tho. I want to restrict access to CMD and BIOS. most of the time i read about Group policy blocking cmd. but this would be tedious as all pc's will be configured for remote access to remotely help them. having to then logg onto admin acc and disable the policy would make it impossible to remote fix pc's. some of the schools are rather far away from my IT office as well.

    Id like to set it up so if you try and start cmd it will ask for admin credentials either from the local pc or the domain admin account. is there a way to do that?

    i would also like to block access to BIOS as these children "explore" everything they can.
      My Computer
    Quote Quote

  3. fenrir0wulf
    Posts : 43
    Windows 10 Pro Insider
       New #2

    Blocking access to the BIOS rather simple, but I'm telling you right now, unfortunately you're going to need to go through every single one of those computers again. You need to set an Admin password inside the BIOS itself. The location/name will change depending on the brand, model and age of the computer so I cant really tell you exactly but it tends to look like this (this is the VMWare bios, here it's called Supervisor).

    Disabling CMD and BIOS for non admin accounts Domain-2019-07-22-11_44_08-freenas-vmware-workstation.jpg

    As for the CMD, Group Policy is really the simplest solution. Instead of straight up blocking it, I'm sure there's a way to make a policy that does exactly what you're wanting, to ask for credentials every time it starts (don't have access to an AD as I'm writing this so I can't exactly guide you right now), although it's probably slightly less of a concern as regular users already don't have the permissions to run it as admin (a lot of commands will return a failure when ran as user as well).
      My Computers
    Quote Quote

 

  Related Discussions
Computer Management local admin vs domain admin
in User Accounts and Family Safety

Not exactly sure this is the right section for this question, but it does have to do with user accounts and permissions. So, as standard practice, I use a normal user login as my daily work account, and have a separate login for a domain admin...
Hi there, I'm new to the forum, so I will try my best to be clear as possible in describing my issues. For the past month I've been trying to customize the look of my windows 10 such as folders, start menu, notifications and uninstall of apps in...
Hello All, I'm delighted to have found you and after a long day of trying to help myself i am now requiring your much appreciated assistance please!:cry: I'm not a techy person at all and am hoping someone can help:) Last week my husband purchased...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 12:00.
Find Us




Windows 10 Forums