Helping millions of people navigate the world of technology.

2 Best Ways to Disable Command Prompt and Windows PowerShell on Windows 11

Are you concerned about the security of your Windows PC? One way to protect your computer is to disable Windows PowerShell and Command Prompt, considered double-edged swords.

Although they help administrators and developers perform different tasks, malicious actors can also use them to compromise your data. To stop that from happening, you must turn off these command-line tools when not in use. We’ll show you how to disable Windows PowerShell and Command Prompt. So, let’s begin.

Why Should You Disable Command Prompt and Windows PowerShell

Disabling powerful command-line tools like Command Prompt and Windows PowerShell can be an effective method to enhance the security of your system and protect it from malicious threats. Here are some important reasons why you should disable Windows PowerShell and Command Prompt:

  • Malicious agents can use Command Prompt and PowerShell to launch malware attacks and run harmful scripts on your computer.
  • An inexperienced user may unintentionally run some commands in these command-line tools that can make your system unstable.
  • These tools can be used to gain administrative access to the system and lead to malware attacks.

How to Disable Windows Command Prompt

There are two methods to disable the Windows Command Prompt on your computer: one is through the Registry Editor, and the other is through the Local Group Policy Editor. Let’s check out both methods in detail:

1. Using the Registry Editor

The Registry Editor contains registries you can configure to change the functioning of your system. By accessing the Command Prompt registry within it, you can configure the settings to disable the Command Prompt. Here’s how to do that:

Note: Editing the Registry involves risk, as one wrong move can harm your computer. To prevent that from happening, you must back up the registry and create a restore point. Doing this ensures you can easily restore your data if something goes wrong.

Step 1: Press the Windows + R keyboard shortcut to open the Run tool.

Step 2: Type regedit in the search bar and press Enter. This will open the Registry Editor.

regedit command in the Run tool

Step 3: In the Registry Editor, head toward the following location:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows

Step 4: Right-click on the Windows key, hover the cursor on New and choose Key.

Windows Key in the Registry Editor

Step 5: Name the key System.

System key in the Registry Editor

Step 6: Right-click on the System key, hover the cursor on New and choose DWORD (32-bit) Value.

DWORD (32-bit) Value in the Registry Editor

Step 7: Name the value DisableCMD.

DisableCMD in the Registry Editor

Step 8: Double-click on the DisableCMD value, type 1 in the Value data, and click OK. This will disable Command Prompt.

Value data in the Registry Editor

To enable Command Prompt, type 0 in the Value data and save the changes.

Enable Command Prompt in the Registry Editor

2. Using the Local Group Policy Editor

The Local Group Policy Editor is another important Windows tool that lets you configure your computer policies. You can use this tool to stop Command Prompt access for non-admin users. Follow these steps to do that:

Local Group Policy Editor is exclusively available for Windows Professional, Education, and Enterprise editions. If you’re using Windows Home edition, you’ll get an error message stating, ‘Windows cannot find gpedit.msc’ when trying to access the Local Group Policy Editor. Luckily, you can troubleshoot this error easily. Check our guide to fixing the gpedit.msc missing error and accessing the Local Group Policy Editor on Windows Home edition.

Step 1: Open the Run tool, type gpedit.msc in the search bar, and click the OK button.

gpedit command in Run tool

Step 2: Head towards the following location in the Local Group Policy Editor:

User Configuration\ Administrative Templates\ System

Step 3: Double-click on the ‘Prevent access to command prompt’ policy in the right pane.

Prevent access to command prompt policy in LGPE

Step 4: Select the Enabled option. Then, click Apply and OK. This will disable Command Prompt.

Enabled option in LGPE

To enable Command Prompt, choose the Disabled or Not configured option. Then, click Apply and OK to save the changes.

Disabled Option in LGPE

How to Disable Windows PowerShell

Just like Command Prompt, there are two tools available to disable Windows PowerShell: one is the Local Security Policy, and the other is the Local Group Policy Editor. Continue reading to know how to use these tools to disable PowerShell.

1. Using Local Security Policy

The Local Security Policy is a built-in Windows tool that lets you make security changes to your computer. You can also use this tool to turn off Windows PowerShell. Here’s how:

Step 1: Open the Run tool, type secpol.msc in the search bar, and click OK.

secpol command in Run tool

Step 2: Right-click ‘Software Restrictions Policies’ in the left sidebar and then choose ‘New Software Restriction Policies’ from the context menu.

New Software Restriction Policies in Local Security Policy

Step 3: Right-click on Additional Rules and choose ‘New Hash Rule’.

New Hash Rule in Local Security Policy

Step 4: Click the Browse button.

Browse button in Local Security Policy

Step 5: Paste the following address in the address bar and press Enter:

%SystemRoot%\SysWOW64\WindowsPowerShell\v1.0
Address bar in Local Security Policy

Step 6: Select the PowerShell.exe file and then click the Open button.

Open button in Local Security Policy

Step 7: Click Apply and then OK to save the changes.

Apply button in Local Security Policy

2. Using the Local Group Policy Editor

The Local Group Policy Editor contains a Windows PowerShell policy that you configure to prevent the access of PowerShell to non admins. Follow these steps to configure this policy:

Step 1: Launch the Run tool, type gpedit.msc, and then click OK.

gpedit command in Run tool

Step 2: Navigate to the following location:

User Configuration\ Administrative Templates\ System

Step 3: Double-click on the ‘Don’t run specified Windows applications’ policy.

Don't run specified Windows applications policy in LGPE

Step 4: Choose the Enabled option and then click the Show button.

Show button in LGPE

Step 5: Type powershell.exe in the New shell and then click OK.

new shell in LGPE

Step 6: Click Apply and then OK to save the changes.

Ok button in LGPE

Safeguard Your Computer

If you share your computer with someone else, it’s important to disable Command Prompt and Windows PowerShell when not in use. You can disable these tools using the above methods. Let us know in the comments which of the above methods is the easiest.

Was this helpful?

Thanks for your feedback!

Last updated on 05 June, 2023

Leave a Reply

Your email address will not be published. Required fields are marked *

The article above may contain affiliate links which help support Guiding Tech. The content remains unbiased and authentic and will never affect our editorial integrity.