Block Command Prompt

So... I just found out how dangerous it is to leave the computer alone with someone who knows few neat tricks with cmd, which easily destroys the windows password system.
Is there a way to set a password to restrict the access to cmd? I do not want to block cmd altogether however.
Is there a better way?
What other tricks should worry about?

 

Rename it to cmd1.exe and hide it from the menus. lol alternatively, dont let anyone else use the notebook physically

I know it isnt what you wanted but you can disable it through the user policys

Type "color fc" in the cmd prompt. omg h4x!

 

Make sure UAC is on, and make sure the admin password is set to something only you know.

Then change your user type from "admin" to "standard" (in the user accounts control panel). You'll have to create another admin account before it'll let you switch your main account to standard.

As an alternative, you can stay an admin user and configure UAC to always require a password when escalated privilege is needed. You can set that by running "secpol.msc" and under User Account Control, set the behavior for admin users from "prompt for consent" (click ok) to "prompt for credentials" (require a password).

I should mention that none of this will block cmd.exe... it'll just block anyone without the admin password from being able to use it to mess with the OS.

Of course, nothing can completely deter a really determined attacker who has physical access to the machine... but this should stop your average sort of casual mischief.

 

Thanks a million....
Wow... I never realize how useful UAC is.