GPO – Block CMD to all users via Group Policy

Prevent CMD to all user except ADMIN Privileges:

1. Create new Group Policy that called ‘Prevent CMD to all User’
2. Configure the following things in policy:

 

 

If you want to allow spesific user or security group , go to delegation and add this user/group and check "deny" on “Apply Group Policy”