Local policy to prohibit MMCs

jibbajabbajibbajabba Member Posts: 4,317 ■■■■■■■■□□
I have disabled a MMC (diskmgmt.msc) through the local group policies which is working fine when opening the server manager for example. But it doesn't seem to stop people from starting the mmc from the command prompt using diskmgmt.msc, or adding the snap-in to another mmc ...

I must miss something stupid here ...
My own knowledge base made public: http://open902.com :p


  • undomielundomiel Member Posts: 2,818
    You can do this under user policy: Administrative Templates\Windows Components\Microsoft Management Console

    Enable Restrict users to the explicitly permitted list of snap-ins. If you don't add any snap-ins to the permitted list then the users will not be able to add any into mmc thusly rendering mmc useless to them. If you're still worried about the ability to run mmc you could always use software restrictions to disable access to it.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
Sign In or Register to comment.