Restrict Command Prompt, PowerShell, and Registry Editor for Windows users using HexnodeSolved

Participant
Discussion
1 day ago Jul 06, 2026

I’m trying to lock down a few Windows devices so standard users cannot open system tools like Command Prompt, PowerShell, or Registry Editor. Admin users should still be able to access them.

The users currently have more access than we want, and I’m looking for a way to apply these restrictions through Hexnode instead of manually changing settings on each device. Is this possible with a Windows policy?

Replies (1)

Marked SolutionPending Review
Hexnode Expert
1 day ago Jul 06, 2026
Marked SolutionPending Review

Hello @timo-liam ,

Yes, this can be configured for Windows devices using Custom Configurations in Hexnode UEM.

For restrictions such as blocking Command Prompt, PowerShell, or Registry Editor, Hexnode UEM can deploy Windows OMA-URI settings based on Microsoft Configuration Service Provider policies. These are OS-level restrictions, so the exact payload should be selected from Microsoft’s CSP documentation based on the Windows edition and version used in your environment.

General approach:

  1. In the Hexnode UEM portal, create or edit a Windows policy.
  2. Go to Deploy Custom Configuration.
  3. Add the required OMA-URI payloads for the Windows restriction you want to enforce.
  4. Use the relevant CSP path and value from Microsoft’s documentation.
  5. Associate the policy with the required Windows devices or users.

If the restriction should apply only to specific local user profiles, use user-targeted CSP paths where supported. This allows you to restrict standard users while leaving administrator accounts unaffected.

Regards,
Simon Scott
Hexnode UEM

Save