1. Knowledge Base
  2. Security
  3. Microsoft Endpoint Manager / InTune

Disabling Command Prompt via Intune/Endpoint Manager

If your users have no requirement for access to the command prompt, it is recommended to remove this access from them.

From Devices / Configuration Profiles - click the Create Profile Option

You need to create for Windows 10 and later and use the Template and Custom option.

Enter a Name for your policy and a description (if you wish) - personally we always like to make the name descriptive, so we can later, quickly see what the policy is doing and we like to have lots of policies delivering certain aspects, so its easy to remove if we wish.

You are then going to create a CUSTOM OMA-URI for the settings


Disable Command Prompt


Disable the Command Prompt



Data Type: String


<data id="DisableCMDScripts" value="1"/>

Once you have that created, you can click on NEXT and apply this to a Group or indeed all users, however, we would recommend applying to a group which contains all your users, but excludes any admin's, so you are still able to RUNAS and use an Admin account to access the command prompt.