Restrict access to system command propmt

RE: Restrict access to system command propmt

ColinTanswell — Tue, 27 Jan 2015 16:15:02 GMT

Hi,

Restricted access to the run command is via group policy as is the hidden c drive within windows explorer. You can't even enter c:\ within explorer. If you use the ! Keyin in Microstation then you can get to the c drive within the command prompt. I'm not from IT but a power user for CAD it is IT that has asked me the question to see if the keyin can be restricted.

I didn't know if there was a Microstation variable to restrict the ! Keyin but it seems not. It looks like a command filter application is the way to go.

Thanks
Colin.

RE: Restrict access to system command propmt

Jan Šlegr — Tue, 27 Jan 2015 15:45:56 GMT

Hi Colin,

in addition to Phil's answer:

How do you restrict using command prompt? I have not tested it (I have only basic Windows admin knowledge), but using system policy should solve it.
Hiding cannot be treated as a restriction in any way, it's not its intention. Hidden folder is still fully accessible by definition. If you need another level of control, access rights asignment is a proper tool.

The monitor application mentioned by Phil could be the solution, but only for MicroStation. But in Windows there are plenty of places where Command Prompt can be started from ... and we are back at system policy and GAC.

With regards,

Jan

RE: Restrict access to system command propmt

Phil Chouinard — Tue, 27 Jan 2015 14:57:53 GMT

Two things come to mind... develop and use an application that filters the input queue for those key-ins and rejects them or take a look at disabling the command prompt through Group Policy (there are quite a number of hits on the internet for the latter, along with disclaimers about things to take into account).