Command Shell Access

User access to the command shell (cmd.exe) can be controlled by both operating system settings and Reflection for Secure IT server settings. To configure server settings, use the Permissions pane.

Operating system security settings for command shell access vary with different Windows systems. For example, on many Windows 2003 Servers, default access to the command shell is restricted to administrators, members of TelnetClients group, and fully-authenticated users (that is, users who are logged on with a local password). With this configuration, users who authenticate using domain credentials won't have access to the command shell. Changes you can make to provide command shell access to these users include the following:

  • Edit the security settings for cmd.exe to allow access to your users (or groups).
  • Add your users (or groups) to the TelnetClients group.