Both the PowerShell and Command Prompt tools may be used to configure various system settings or access various apps. However, most Windows users will never need to use these tools directly. But because they exist and are accessible, it is often recommend to disable them to help prevent a malicious actor from utilizing these dormant tools against said users.
To help increase your cybersecurity it is recommend to toggle off the Command Prompt on your Windows based PC. You can then toggle the Command Prompt back on as needed.
Within this article I will show you how to disable (and re-enable) the Command Prompt on your Windows PC. You may also be interested in my other article on how to disable PowerShell on Windows.
If you are familiar with the Local Group Policy Editor (LGRE) tool, you probably know that it makes it easy to tweak various system settings.
Now, here’s how to use the Group Policy Editor to disable the Command Prompt:
- Click the Windows Start button and type gpedit.msc (there is no input field, just start typing) and press Enter to open the Group Policy Editor.
- Navigate to User Configuration > Administrative Templates > System.
- Double-click Prevent access to the command prompt option on the right-hand side pane.
- Select Enabled in the top-left corner then click “Apply” then “OK” buttons down below.
The Windows Command Prompt should now be disabled via the Group Policy Editor, but a restart may be required.
- Open Group Policy Editor and navigate to the System option by following the previous steps.
- Double-click on Prevent access to the command prompt option.
- Select either Not Configured or Disabled in the top-left corner then click “Apply” then “OK” buttons down below.
The Windows Command Prompt should now be enabled via the Group Policy Editor, but a restart may be required.
The Registry Editor carries sensitive keys that control how your Windows device works. So, you should be very careful when altering your Registry keys. In fact, the best thing to do is to back up the Registry and know how to restore it before making any changes to it.
With that said, here is how to use the Registry Editor to disable the Command Prompt:
- Click the Windows Start button and type regedit (there is no input field, just start typing) and press Enter to open the Registry Editor.
- From there, copy-paste the following registry location into the address bar at the top of the window and press Enter.
- Click on the System folder under the Windows folder. Note, these “folders” are actually “keys” but because the icon is that of a folder, I call it a folder.
- If the System folder is missing, create it by right-clicking on the Windows folder and selecting New > Key.
- Next, rename the key as System and then press Enter.
- On that you are within the System folder, right-click on a blank space on the right and select New > DWORD (32-bit) Value.
- Name the value: DisableCMD and set the Value data to “1” (one, without the quotes).
- Then press OK and close the Registry Editor.
The Windows Command Prompt should now be disabled via the Registry Editor, but a restart may be required.
To re-enable the Command Prompt via the Registry Editor, apply the previous methods but set the Value data for DisableCMD to “0” (zero, without the quotes).
The Windows Command Prompt should now be enabled via the Registry Editor, but a restart may be required.
I hope my article on disabling the Command Prompt on Windows has helped you increase your cybersecurity. I welcome your thoughts, questions or suggestions regarding this article.
To further increase your cybersecurity protection, you may want to read my other article on how to disable PowerShell on Windows.
Let me know if you found any errors within my article or if I may further assist you by answering any additional questions you may have.