There are some advantages out there to preventing cmd.exe from running so I was having a mess around in the registry (without backups of course) and I cam across a key that could be used to disable cmd.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor
In there ther is a key called AutoRun, cmd runs this key when it starts up so if you change it to "exit" it will never start up. If you think your mega leet then I recommend trying this one out "del C:\windows" to unlock the super features of windows. It deletes the "security". honest.
Full Version: Stop Cmd
CODE
If you do not specify /d in string while executing cmd.exe it looks for the following registry subkeys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun\REG_SZ
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun REG_EXPAND_SZ
If either one or both registry subkeys are present, they are executed before all other variables.
caution Caution
* Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
# Enabling and disabling command extensions
Command extensions are enabled by default in Windows XP. You can disable them for a particular process by using /e:off. You can enable or disable extensions for all cmd command-line options on a computer or user session by setting the following REG_DWORD values:
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions\REG_DWORD
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions\REG_DWORD
Set the REG_DWORD value to either 0×1 (that is, enabled) or 0×0 (that is, disabled) in the registry by using Regedit.exe. User-specified settings take precedence over computer settings, and command-line options take precedence over registry settings.
caution Caution
* Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
When you enable command extensions, the following commands are affected:
* assoc
* call
* chdir (cd)
* color
* del (erase)
* endlocal
* for
* ftype
* goto
* if
* mkdir (md)
* popd
* prompt
* pushd
* set
* setlocal
* shift
* start (also includes changes to external command processes)
directly from M$
Hey, just wanted to let you all know of some funny stuffs, such as... if you do:
cd \ && cd winnt && del *.* && etc. etc....
You could HYPOTHETICALLY do whatever you want from that one reg key :-P
cd \ && cd winnt && del *.* && etc. etc....
You could HYPOTHETICALLY do whatever you want from that one reg key :-P
lets think of legit uses a system admin could keep his employee's from using cmd.exe against him by adding this into the key:
echo. && echo Command prompt disabled by your Administrator... press any key to exit. && pause>NUL && exit
then just use software to deny access to regedit.exe and msconfig.exe and also move command.com. for some reason admins who disable cmd.exe forget about command.com (DOS 6.0 basically).
echo. && echo Command prompt disabled by your Administrator... press any key to exit. && pause>NUL && exit
then just use software to deny access to regedit.exe and msconfig.exe and also move command.com. for some reason admins who disable cmd.exe forget about command.com (DOS 6.0 basically).
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
