Hi, I have a toughie for you........ OS = NT4 SP4 How do I prevent the cmd.exe or command.com from loading under a non admin user (but still allow user logon scripts and dos apps running). Bear in mind by editing any shortcut on the desktop a user can change the target to read either cmd.exe or command.com and load a dos prompt. I have prevented the run option from the start bar as well as the windows+R key. I tried changing the permissions of the 2 files to no access for all but admin, but this of course prevents ANY dos boxes from opening, thus cutting off my right hand to fix my left. Anyone who has the answer to this will be WELL rewarded.

my question to you is why would you wanna do this? just set the machine up so that the user does not have adming rights thus keeping the machine safe from wandering untrained fingers....

Goto http://intelliscape.virtualave.net/ntlogon/ntlogon.exe Extract it to a folder (C:\NTLOGON is the default) and follow the instructions in README.TXT It will allow you to block the NT command interepeter and still run scripts. Good luck.

Reply To Evee.... In a normal environment I agree that the standard user policies and security setting would suffice. However, I look after the IT for the IT dept. of the Company. This includes all the UNIX programmers as well as some excellent security testers. We have to keep our Policies at a standard for all (due to being Govt. regulated). Some of these users are superb at beating the system, and do so on a regular basis. Response to Mike :- Very much appreciated, I will be setting up the Model Ofice testing of this product tnext week, if all goes well you will be notified... Thanks again :))