Block Commands in Windows using Beyondtrust Privilege Management for windows

Hi Naveen.

A good sample is already added to the quickstart policy for ipconfig /renew which allows us to run a command that normally would require admin rights.
You can use the same principles to block certain command in the command prompt.
Just be sure to have your blocks above your allows in your App Rules, and or if multiple Workstyles apply.

Kind regards
Jens

No, Jens. I am referring to the internal commands and not the executing commands like ipconfig /renew. 

I am referring to format, fdisk, scan, del, mkdir 

We can control anything that runs as process. For some of these it would be a similar issues as for powershell commands, which can’t be controlled unless remote powershell is used, but they are command lets and not processes.

Fdisk is legacy, I don’t think it is even a command on Windows 10 or 11 anymore, but diskpart is an exe and can be controlled.

What about mkdir, del, rm there are still plenty of commands that are executed. can we have solution to block them using the EPM for windows as similar to PMUL where we control the CLI based commands.

That unfortunately would be a no.

Windows here relies on ACL and GPO’s for access to files and folders to limit the use of the use.
You have your protected location in the Windows OS which all would require admin rights to write to.
(Program files, Program Files (x86) and c:\Windows etc.) 

I would suggest raising a feature request. I could only find the one for powershell command https://beyondtrust-public.ideas.aha.io/ideas/T2EPM-I-1410

Then I think that both Format and Fdisk would require an elevated command prompt to run.

KR Jens