RTollison 0 Posted May 12, 2023 Have apps that use the createprocess and some that use shell obj to call OS related things. Now IT is/has to lock down security on server and is planning on removing access to all cmd.exe(not sure what ALL means but guessing they are going to remove it) and the powershell and all of its function from users. Does anyone know if removing access to cmd.exe will break createprocess or shellobj? irony is that i don't have rights the rename the cmd.exe to test on my own. Share this post Link to post
David Heffernan 2345 Posted May 13, 2023 It depends on what your external processes do. If you are trying to do something that will be locked down then I guess it will be affected. But calling CreateProcess per se doesn't requires cmd.exe. Unless that's the process that you are trying to create. Share this post Link to post
Fr0sT.Brutal 900 Posted May 15, 2023 On 5/12/2023 at 10:57 PM, RTollison said: irony is that i don't have rights the rename the cmd.exe to test on my own. Hint: you have the rights on your own home PC, why not try there? Share this post Link to post
DelphiUdIT 176 Posted May 15, 2023 (edited) On 5/12/2023 at 9:57 PM, RTollison said: irony is that i don't have rights the rename the cmd.exe to test on my own. If you want to test, make a VM and try there, you can remove the "cmd.exe" and doing all know things with "gpedit" about that. SO you can try multiple solutions without damage your working PC. Bye Edited May 15, 2023 by DelphiUdIT Share this post Link to post
RTollison 0 Posted May 15, 2023 (edited) work from home, so home pc is work pc. yes i do have a home pc (windows xp retired) and installing a VM would require corporate permissions to get an admin to install. it can wait until we have to deal with it then can do the testing to see what is blocked. who knows IT just might allow some things after all. Thanks Edited May 15, 2023 by RTollison Share this post Link to post
programmerdelphi2k 237 Posted May 15, 2023 (edited) @RTollison removing CMD.exe from the system I think would be a "delicate" thing to do, however, system administrators should know more than I do. In any case, you could just try "blocking its use", which could be reversed more easily: Using GPEdit.msc from the command line (irony or not) User Settings -> Administrative Templates -> System "Prevent access to the command prompt" = Enabled to revert I do it "Disabled" NOTE: Now, just run the tests on your applications and others that possibly use the CMD... however, there will be no guarantees that all applications work as they should, not even the operating system with stability! Edited May 15, 2023 by programmerdelphi2k Share this post Link to post
RTollison 0 Posted May 15, 2023 (edited) FYI i do not have permission to run GPEdit.msc We are already pretty tight on security. Now we are looking to do the same with our clients and hosting servers. All i was hoping for was that someone else had already done something similar and knew for sure that createprocess still worked and that may shellobj would work but maybe some odd issues or whatever. Edited May 15, 2023 by RTollison Share this post Link to post
programmerdelphi2k 237 Posted May 15, 2023 35 minutes ago, RTollison said: FYI i do not have permission to run GPEdit.msc As it was still "a future plan", I thought you could do the test on your terminal, or who knows on your test PC! good luck, if possible let know about it On 5/12/2023 at 4:57 PM, RTollison said: Now IT is/has to lock down security on server and is planning on removing access to all cmd.exe Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
