This blog will be about how to block access to the CMD, PowerShell, and registry tools within a few seconds!
1. Why you want to block PowerShell
There are many reasons for IT pros to allow administrative tools like PowerShell, but I am not one of them. Please take a look at my blog to learn about the “why” and the “how”
2. Block Access to Administrative Apps
Unfortunately, there is no simple GUI option to block the Command Prompt/Windows Powershell and Regedit in Intune. Guess what? That’s wrong.
You can make sure these apps can be denied. To do so, open the Education Education Intune portal instead of the normal Intune portal.
https://intuneeducation.portal.azure.com/
And click on: Groups –> All Devices (or create a custom group) –> Settings –>Windows Device Settings –> Apps –> Block Access to Administrative Apps
Guess what it does? When configuring the option to block administrative apps in the Intune portal, it creates a pre-build custom Applocker policy in your normal Intune Portal, nothing more!
Looking at the Applocker policy and the OMA-URI you will notice it uses the Applocker CSP
./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/IntuneEdu/EXE/Policy
Let’s open the XML config, you will notice it blocks the apps with a FilePublisherCondition and allows the all the other executables. The link to the XML config (converted it to txt)
https://call4cloud.nl/wp-content/uploads/2020/06/blockapps.txt
Testing it from a client. You will get an Applocker Notification, the application has been blocked. In this example I tried to launch the command prompt!
This is a nice Appocker policy to start with! If you want to expand it, you could take a look at this blog! This blog shows you how you could easily deploy an Applocker baseline policy to all your devices!
Conclusion:
It’s nice to see there is a nice GUI to implement a simple Applocker policy to block these Administrative Apps. Of course, it’s much better to create a complete Applocker policy to prevent ransomware infections and blocking other Exe files. It is a perfect solution to start with, and with a deep impact!