Hi there,
like the Title says, how i can archieve this?
I configured this (on activate):
User Configuration \ Administrative Templates \ System -> Prevent access to the command prompt
Now the cmd.exe is deactivated with a Message to the user if someone try to open a command box.
I´m searching for the same just for the Powershell. What is the intended way for Microsoft?
First of all, i don´t want to set an restriction Policy, this prevents only execution of ps1 files with powershell.
I want to disable the execution of the whole Powershell.
What i have done so far:
Due the lack of existing disabling GPO for explicit disabling running Powershell i try to disable it with the Applock -> executable rules
Here i disabled the Path %SYSTEM32%\WindowsPowerShell\* for Domain Users and Guests.
My Problem with this:
- Path -> You can Copy Powershell with cmdlets and execute it
- Hash -> Probably change of the Hash on Windows updates (bad: if Powershell.exe has an other Hash it can be run)
- Issuer -> Probably runtimepacker can wrap and change this easily
What are my options?
So, what should i do? Issuer Rules? Or are there some better Ways?
Btw. whitelist exe files is not the Way we can go here. Thats not realistic in so many cases.
Thanks in advance.