You can delete command.com if you have not need to use it for 16 bit apps
but that will not stop someone from copying it to their user profile to run.
A couple possibilities to try to prevent it's access could be - as you
mentioned delete it or change the permissions on it [probably better option
than deleting] so that only authorized users can execute copies the
currently exist on the computer, add command.com to the disallowed Windows
application list under user configuration/administrative templates/system -
don't run specified Windows applications with the understanding that it will
not work if a user renames command.com., using Group Policy Software
Restriction Policies for XP Pro to create a hash rule to disallow use of
command.com and if you do that try to find all the versions of command.com
you can from the different operating systems or again assuming you have no
need to run 16 bit applications you could also try deleting or renaming
AUTOEXEC.NT in the \Windows\system32 folder.
Steve
Hi all,
Whilst you can use Group Policy to prevent access to cmd.exe, you can't
prevent access to command.com as it is a 16-bit application.
Is there any other way to prevent access to command.com? Will deleting
command.com render the system unusable?
Regards,
Joshua Morgan
