New
#1
Disabling CMD and BIOS for non admin accounts Domain
Hello dear people of Tenforums. ive used this site everyday since i started my job as head of IT in the local goverment office i work. and i have learned alot like making a new DC
Anyways to the point.
The systems implemented in the 4 schools of the local goverment are old and lacking. they ran on a win 2003 server with users dating back to 2004. instead of cleaning it up i set up a new DC with server 2016.
After spending some times in the school i found pc's riddled with gaming software and pop up's (viruses).
i reinstalled 97 pc's so far this summer and implemented anti viruses.
im here to ask for help doing something else tho. I want to restrict access to CMD and BIOS. most of the time i read about Group policy blocking cmd. but this would be tedious as all pc's will be configured for remote access to remotely help them. having to then logg onto admin acc and disable the policy would make it impossible to remote fix pc's. some of the schools are rather far away from my IT office as well.
Id like to set it up so if you try and start cmd it will ask for admin credentials either from the local pc or the domain admin account. is there a way to do that?
i would also like to block access to BIOS as these children "explore" everything they can.