"Prevent access to the command prompt/Disable command prompt script processing" not honoured

"Prevent access to the command prompt/Disable command prompt script processing" Windows Group Policy settings should prevent users from opening a command prompt but allow batch files to run.  However, this setting is not honoured for ZCM Bundles.

This is fixed in version 11.2.1 - see KB 7010042 "ZENworks Configuration Management 11.2.1 - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7010042

Workaround:  Use an external script (Select from this device or Specify a file on a managed device).

Test scenario.

• Vanilla Windows7 SP1 PC + ZCM Agent 11.2
• Create c:\temp\thing.bat containing one line: xcopy c:\dir1 c:\dir2
• c:\dir1 contains some test files, c:\dir2 is empty
• thing.bat runs as expected
• Windows Group Policy
• Group Policy Editor -> User Configuration -> Administrative Templates -> System Prevent access to the command prompt:  Enabled
• Disable command prompt script processing: NO
• Apply Group Policy via ZCM
• Opening command prompt gives "disabled" message as expected
• Double-click c:\temp\thing.bat runs as expected (files copied)
  
  
• Bundle1 (works)
• Launch Run Script -> Specify File On Managed Device -> c:\temp\thing.bat
• Path to Script Engine:  cmd.exe
• Script Engine Parameters:  /c
• Advanced -> Working Directory c:\temp
• Bundle runs thing.bat as expected (files copied)
  
  
• Bundle2 (fails)
• Launch Run Script -> Define Your Own Script -> xcopy c:\dir1 c:\dir2
• Script file extension .bat
• Path to Script Engine:  cmd.exe
• Script Engine Parameters:  /c
• Advanced -> Working Directory c:\temp
• Bundle FAILS to run thing.bat as expected (files not copied)

Note when testing:  Internal commands will successfully execute but external commands will not.

e.g.  If the script is modified as follows

  mkdir c:\One
  xcopy c:\Dir1 c:\Dir2
  mkdir c:\Two

Then c:\One and c:\Two will be successfully created but the xcopy will fail.