Hi,
CMD can be used safely for users.
Users can only run commands with their permission.
If user run some command to change or write date on the clients without rights, they will encounter access denied error or there will be an elevation prompt for standard users.
Make sure the UAC was enabled and you can set policy: User Account Control: Behavior of the elevation prompt for standard users to the following settings:
You can restrict the permissions for users on the clients or resource.
Best Regards,